Show HN: Logira – eBPF runtime auditing for AI agent runs

Published: 1 day ago (March 1, 2026 at 06:25 PM EST)

1 min read

Source: Hacker News

Overview

I started using Claude Code (claude --dangerously-skip-permissions) and Codex (codex --yolo) and realized I had no reliable way to know what they actually did. The agent’s own output tells a story, but it’s the agent’s story.

Logira records exec, file, and network events at the OS level via eBPF, scoped per run. Events are saved locally in JSONL and SQLite. It ships with default detection rules for credential access, persistence changes, suspicious exec patterns, and more. It operates in observe‑only mode – it never blocks.

Features

eBPF‑based monitoring of exec, file, and network events, scoped per run.
Local storage of events in JSONL and SQLite formats.
Default detection rules for:
- Credential access
- Persistence changes
- Suspicious execution patterns
- …and more.
Observe‑only mode – never blocks any activity.

Repository

Logira on GitHub

Discussion

Hacker News comments (12 points)

Show HN: Logira – eBPF runtime auditing for AI agent runs

Overview

Features

Repository

Discussion

Related posts

Iran War Cost Tracker

Intel's make-or-break 18A process node debuts for data center with 288-core Xeon

Why payment fees matter more than you think

You are going to get priced out of the best AI coding tools