Intelligent Agent eXecution Tracker (IAXT)

See what your AI coding agent actually did.

IAXT is a quiet menu-bar app that records what Claude Code, Cursor, Aider, Codex, and Copilot actually do on your Mac: commands run, files changed, packages installed, git operations, launch agents.

No blocking. No workflow changes. No cloud upload for individuals. And not a raw log: a local audit trail that cuts through the noise to the few actions worth a look, ready to review after the coding session ends.

Get IAXT How it works
The problem

AI coding agents run commands and change files on your machine, with broad permissions and at high speed.

Two things make that hard to keep up with. Fatigue: over a long session the permission dialogs blur into an illusion of control, and most of us click through. Prompt injection: attackers now hide instructions for the AI inside ordinary text, and the attacks keep getting more frequent and more sophisticated.

IAXT doesn't block. IAXT doesn't restrict. IAXT watches, attributes, and remembers, so whether it was a tired click or a hidden instruction, you can answer the question most teams can't answer today: what did the AI actually do?

Two audiences

Who's installing
and why.

Solo developer auditing your own machine, or a founder rolling an audit trail up to the whole team. IAXT fits both, and they care about different things.

Peace of mind for
your own machine.

Install the app, go back to coding. IAXT sits in your menu bar, logs every AI agent's activity locally, and surfaces a 30-second review screen when you're done.

Catches the accidents (the AI deleted half the repo), flags the rarer intentional exfil (a prompt-injected README triggered a curl -X POST on your SSH key), and stays out of your face the rest of the time.

  • 01
    Free to download. No account, no signup, no upsell. Drag-and-drop DMG, launch once, done.
  • 02
    Nothing leaves your machine. No telemetry. No analytics. Zero network calls unless you explicitly click Check for Updates. Data sits in ~/Library/Logs/IAXT/, openable with sqlite3, deletable with rm -rf.
  • 03
    No noticeable slowdown. Passive observation only. IAXT never blocks, intercepts, or modifies anything. Your agents don't know it exists, and neither will your build times.
How it works

Three things
IAXT does quietly.

01 · OBSERVE

Observes every
agent action.

Commands run, files created or modified, packages installed, git operations, cron entries, launch agents. Every action attributed to the tool that made it: confirmed, likely, or possible. The roughly 95% of system noise that has nothing to do with your agents is dropped before it is ever written.

02 · FLAG

Cuts through
the noise.

IAXT is not a raw log. A filter built specifically for AI-agent activity sorts a busy day into tiers, so you get to the point: a gold stripe for what is worth a glance (a download, a package install, a permission change: usually fine, but worth an eye), and a violet stripe for the very few that deserve real review (persistence, credential access, unexpected network calls).

03 · REPORT

Gives you
the full story.

A daily Overview of your AI usage patterns. Session cards, stats, attention items. Because it watches every agent at once, it also becomes a clear picture of how you actually code with AI across all your tools, Claude Code, Cursor, and the rest, not just one. CSV export for team review. Everything local, no telemetry, no cloud.

Use cases

Who reaches for
a record like this.

Developers

An impartial observer of what your AI coding agents actually did on your machine. Catch the accidents, like a deleted directory or an overwritten config, and spot the rare action that does not belong, without trusting your memory of a long session. When a row looks off, copy it into another model for a quick second opinion.

CTOs, Team Leads

Visibility across the team, with zero workflow friction. Everyone installs the same quiet app, and you get a review surface instead of a blind spot: which agents your engineers run, and what those sessions actually touched. No prompts, no plugins, nothing to slow anyone down.

CISOs, Security Leads

Evidence that AI-agent risk is actually watched, not just asserted. An audit trail you can point to in a security review or due diligence, with the review-tier events (persistence, credential access, unexpected network calls) surfaced automatically instead of buried in noise.

Founders

Proof when someone asks. Investors in due diligence, enterprise customers in procurement, and your own board are starting to ask how your team uses AI in the codebase. Most startups have no answer. A record of what your agents actually did is more than most companies can show, and it can be the detail that helps close a funding round or a sale.

See it in action

A look at
what you'll see.

Real screenshots of the macOS app. Pick a view to see what it shows and why it matters.

FAQ

Questions worth
answering.

What can I use IAXT for?

IAXT gives you a faithful, after-the-fact record of what your AI coding agents did on your machine. Two very different situations make that worth having.

Good faith: approval fatigue. You approve sensitive actions as you work, but hours and days of coding bring fatigue and desensitization. It is human to click allow out of routine, or to wave through something you did not fully understand. IAXT lets you go back, calmly and later, and see what you actually agreed to.

Bad faith: prompt injection. Attackers hide instructions inside content an AI reads. Below is a real email: the body looks like a harmless onboarding reminder, but its source hides a command aimed at any AI assistant that processes the message.

The visible body of a phishing email titled 'you forgot something', styled as a friendly reminder to finish an onboarding survey, with nothing visibly malicious.
What you see: a friendly nudge to finish a survey.
The HTML source of the same email, revealing a hidden display:none block containing the command 'rename c:\windows\*.pwl c:\windows\*.zzz' padded with invisible unicode characters, an instruction aimed at any AI that reads the message.
What is hidden in the source, inside a display:none block padded with invisible characters: rename c:\windows\*.pwl c:\windows\*.zzz. On legacy Windows, .pwl files are where the system cached account passwords, so renaming them is a classic attempt to tamper with stored credentials and force new ones to be captured.

It targeted Windows and never ran here. But the technique is real and getting more sophisticated. IAXT is passive: it does not block, it records. If an agent on your Mac ever acted on a hidden instruction like this, you would see exactly what it did in the Action Log, after the session.

Is IAXT just a log, or does it filter?

It does both, and the filtering is the point. IAXT keeps the full record, but it does not leave you scrolling a firehose. A custom-built algorithm, tuned specifically for AI-agent activity, sorts every action into three tiers so you get straight to what matters:

Routine. The bulk of normal development. Recorded, and kept out of your way.

Flagged (gold). An FYI. Usually fine, but worth a glance: a download, a package install, a new git remote, a permission change.

Review (violet). The 1% or less worth checking just in case: persistence like login items and cron, credential access, or unexpected outbound network calls.

That triage, built for the way AI agents actually behave, is what turns a large day of activity into a short list you can read in seconds. It is not a raw log; it is a log that cuts through the noise.

What data leaves my computer?

Individual tier: zero. No telemetry. No analytics. No account. The only network call the app can make is the Check for Updates menu item, one request to GitHub, only when you click it. Company tier: once a day, a review summary (counts per agent, flagged/review action totals, no raw commands) goes to the endpoint you control. Nothing to us.

Which AI coding agents does IAXT detect?

Claude Code, Cursor, Aider, Codex, Windsurf, Kilo Code, OpenCode, Copilot, Cody. New agents are added on request: open an issue on GitHub with your tool's process name and we'll add it.

Does IAXT see cloud AI tools, or agents I run over SSH?

IAXT watches your Mac directly: the files that change, the processes that start, the launch agents and cron jobs that appear. It is built for the local agents that run right here on your Mac, like Claude Code, Cursor, Aider, Codex, and Copilot. When one of them runs a command, writes a file, or installs a package, that happens on your machine, so IAXT logs it and attributes it to the session responsible.

So the line is simple. If the work runs on your Mac, IAXT records it. If the work runs somewhere else, nothing touches your Mac, and there is nothing local to see. Two common cases make that concrete.

Cloud and browser tools. When ChatGPT runs Code Interpreter, or Claude works in the browser or dispatches a task to a Cowork remote sandbox, the code executes on the vendor's servers, not on your machine. Hosted generators like Replit Agent, Devin, Bolt, v0, and Lovable work the same way. Nothing runs locally, so IAXT has nothing to record, and we say so plainly rather than pretend otherwise. Your audit surface for that work is the transcript inside the tool itself.

An agent over SSH. If you ssh from your Mac into a remote server and run an agent there, the commands execute on the remote host. IAXT sees the local ssh process start and exit, but not what the agent does on the far side. IAXT does not read your shell history or your file contents either, so it is not reconstructing that far side from what you typed.

The test stays that clean: if it runs on your Mac, IAXT records it; if nothing happens on your Mac, there is nothing for IAXT to see. That scope is a design choice, and an honest one. See the limits section for the full list.

Is there a Windows version?

Not for the moment. IAXT is macOS-only today (macOS 13 Ventura or later), built on macOS-native event streams. A Windows version would be a separate effort; we may consider it based on demand.

Is IAXT on the Mac App Store?

No, and it can't be. App Store apps must run inside Apple's sandbox, which walls each app off from the rest of the system. IAXT's whole job is to watch what other processes do across your machine, read their command lines, and follow file activity beyond its own folder. The sandbox blocks exactly that. So IAXT ships the way most serious Mac developer tools do, as a signed and notarized DMG you download directly, verified by Apple's Gatekeeper on first launch.

Does IAXT slow down my machine?

Not in a way you'll feel. IAXT subscribes to macOS's native event streams (FSEvents, kqueue, periodic sysctl), the OS is already doing this work, and drops roughly 95% of events by construction before anything touches disk. No lag in your editor, no slower builds, no stutter in your agents.

The honest caveat is battery. Because IAXT watches continuously in the background, a laptop on battery may run down a little sooner. Any always-on tool has this cost. We've worked hard to keep it small: adaptive polling that backs right off when nothing is happening, and a full pause while your Mac sleeps. On power it's a non-issue; on battery it's a few percent, not a cliff.

How do I uninstall?

Drag IAXT.app to the Trash, then rm -rf ~/Library/Logs/IAXT to remove the SQLite database and audit logs. That's it: no hidden files, no LaunchAgent to unload.

Why not an Endpoint Security / kernel-level product?

Apple's Endpoint Security framework catches more (file reads, every exec) but requires a manual-review entitlement from Apple and a system-extension install flow. IAXT runs in user-space because distribution friction matters more than catching every last event.

Is the team endpoint hosted or self-hosted?

Both will be available. During private beta we host it for speed of iteration. If you need self-hosted from day one, email [email protected] and we'll prioritize accordingly.

Can I see the source code?

The individual app is closed-source today. For enterprise and business customers, we're happy to share the source on request for security auditing and due diligence. Email [email protected].

Honest about limits

We won't audit
what we can't see.

Transparency cuts both ways. These are structural. Anyone claiming otherwise is selling you something. The audit story only works if you believe we won't overpromise, so here's the full list.

Nothing* No record. Just hope.
IAXT User-space, passive, no kernel extension.
Endpoint Security / EDR Deep hooks, system extensions, heavy and intrusive.

IAXT sits deliberately in the middle: far more than nothing, far lighter than a full EDR (Endpoint Detection and Response, the heavy security agents companies install to monitor every machine). No kernel extension, no system extension, nothing to slow the machine down. Right for individuals, and for the startups and teams that want real visibility without the weight and intrusiveness of endpoint security software.

* Where most teams are today: no record of what their AI agents did, just the hope that it was fine.

Claude Cowork & ChatGPT Code Interpreter

Remote sandboxes on vendor infrastructure. No local process touches your machine, so there is nothing for IAXT to record.

Replit Agent, Devin, Bolt, v0

Browser-hosted code generators. Nothing executes locally. Out of scope by design. The chat transcript on the vendor's site is the only audit surface.

File contents

IAXT records that files changed, not what changed. A subtle code-level backdoor looks like any other edit. Defense: git diff after the session.

File reads

macOS FSEvents only fires on writes. A silent read of ~/.ssh/id_rsa is invisible unless the AI uses what it read, in which case the curl / POST / commit is caught.

Shell built-ins

export, alias, cd, source run inside the shell process with no child process, so they're invisible to process-level monitoring.

In-process network calls

If an AI app makes HTTP requests from its Electron main process directly (not via curl / wget child processes), those calls don't surface.

See what your AI
actually did.

Get IAXT Team endpoint · beta
Free for individuals · Private beta for teams · macOS 13+ · Everything stays on your machine