AgentSight 是 AI Skill Hub 本期精选AI工具之一。综合评分 7.8 分,整体质量较高。我们推荐使用将其纳入你的 AI 工具库,帮助提升工作效率。
📚 深度解析
**为什么要使用开源工具而非商业 SaaS?**
对于个人开发者和有隐私需求的用户,本地部署的开源工具意味着数据不离本机,不受第三方服务商的数据政策约束。同时,开源工具通常没有使用次数限制和月度费用,一次安装即可长期使用,对于高频使用场景的总拥有成本(TCO)远低于订阅制商业工具。
**安装与环境准备**
AgentSight 依赖 C 运行环境。建议通过 pyenv(Python)或 nvm(Node.js)管理 C 版本,避免全局环境污染。对于新手用户,推荐先创建虚拟环境(python -m venv venv && source venv/bin/activate),再安装依赖,这样即使出现问题也可以随时删除虚拟环境重新开始,不影响系统稳定性。
**社区与维护**
GitHub Issue 和 Discussion 是获取帮助的最快渠道。在提问前建议先检查 Closed Issues(已关闭的问题),大多数常见问题都已有解答。遇到 Bug 时,提供 pip list 的输出、完整错误堆栈和最小可复现示例,能显著提高开发者响应速度。AI Skill Hub 将持续追踪 AgentSight 的版本更新,及时通知重要功能变化。
📋 工具概览
基于eBPF技术的开源AI工作流追踪系统,提供零侵入式的系统级AI Agent监测能力。支持LLM应用的可观测性分析,帮助开发者深入理解AI Agent运行行为,适合AI应用开发者和系统运维人员。
AgentSight 是一款基于 C 开发的开源工具,专注于 AI追踪、eBPF、可观测性 等核心功能。作为 GitHub 开源项目,它拥有活跃的社区支持和持续的版本迭代,代码完全透明可审计,支持本地部署以保护数据隐私。无论是个人使用还是集成到企业工作流,都能提供稳定可靠的解决方案。
📖 中文文档
基于eBPF技术的开源AI工作流追踪系统,提供零侵入式的系统级AI Agent监测能力。支持LLM应用的可观测性分析,帮助开发者深入理解AI Agent运行行为,适合AI应用开发者和系统运维人员。
AgentSight 是一款基于 C 开发的开源工具,专注于 AI追踪、eBPF、可观测性 等核心功能。作为 GitHub 开源项目,它拥有活跃的社区支持和持续的版本迭代,代码完全透明可审计,支持本地部署以保护数据隐私。无论是个人使用还是集成到企业工作流,都能提供稳定可靠的解决方案。
- 开源免费,支持本地部署,数据完全自主可控
- 活跃的 GitHub 开源社区,持续迭代更新
- 提供详细文档和使用示例,新手友好
- 支持自定义配置,灵活适配不同使用环境
- 可作为基础组件集成进现有技术栈或进行二次开发
- 本地部署运行,保护数据隐私,满足合规要求
- 自定义集成到现有系统,扩展技术栈能力
- 作为开源基础组件进行商业化二次开发
# 克隆仓库 git clone https://github.com/eunomia-bpf/agentsight cd agentsight # 查看安装说明 cat README.md # 按 README 完成环境依赖安装后即可使用
- 访问 GitHub 仓库页面
- 按照 README 文档完成依赖安装
- 根据系统环境完成初始化配置
- 参考官方示例或文档开始使用
- 遇到问题可在 GitHub Issues 中查找解答
# 查看帮助 agentsight --help # 基本运行 agentsight [options] <input> # 详细使用说明请查阅文档 # https://github.com/eunomia-bpf/agentsight
# agentsight 配置说明 # 查看配置选项 agentsight --config-example > config.yml # 常见配置项 # output_dir: ./output # log_level: info # workers: 4 # 环境变量(覆盖配置文件) export AGENTSIGHT_CONFIG="/path/to/config.yml"
AgentSight: System-wide AI agent tracing and monitoring with eBPF
English | 中文
Your local first perf/top/strace/nsight-like tool for AI agents. See what agents actually do to your machine, and connect those actions back to the prompts, model calls, and tool decisions that triggered them.
Run agentsight around Claude Code, Codex, Gemini CLI, OpenCode, OpenClaw, or any command. AgentSight records a local trace of:
- processes and child processes, shell commands, cwd, argv, exit status, and duration
- files created, written, truncated, renamed, or deleted
- network destinations contacted
- prompts, responses, tool intent, and LLM/model/token
No SDK, no proxy, no vendor integration. AgentSight observes with eBPF and TLS traffic tracing, so it works even when the agent is a closed-source CLI. ✨ Zero Instrumentation Required
Prerequisites
- Linux kernel: 4.1+ with eBPF support (5.0+ recommended)
- sudo access: eBPF probes are auto-elevated; your agent stays unprivileged
For source builds, see docs/build.md.
Installation
Cargo or Release Binary
For local use, install with cargo install agentsight or download the latest release binary, then start with sudo agentsight top. Use the examples below when you want to record a specific command or inspect saved sessions.
Docker
Docker is useful for container, CI, or isolated Linux environments, but it still needs privileged host access for eBPF. See docs/docker.md.
Build from Source
Build requirements and source build commands live in docs/build.md.
Pin the binary explicitly if auto-discovery picks the wrong Node install
sudo ./agentsight record -c node --binary-path ~/.nvm/versions/node/v20.0.0/bin/node
> **Behind an HTTP/HTTPS proxy?** Traffic is still TLS-encrypted inside the
> Node process (the proxy only tunnels it), so AgentSight captures it the same
> way — at the `SSL_read`/`SSL_write` calls before encryption.
#### Monitoring Agents in Docker Containers (OpenClaw, etc.)
For an agent running inside a Docker container, pass the container to
`--binary-path` with the `docker://` scheme. AgentSight resolves the container's
process tree and attaches sslsniff to the right binary automatically:
Build debug versions with AddressSanitizer
make -C bpf debug ```
Quick Start
```bash cargo install agentsight
Usage
Usage Examples
Zero-Config: record
record is the simplest way to trace an agent. Put the command you want to run after record --; AgentSight handles everything else:
```bash
Web Interface
During a session, visit http://127.0.0.1:7395 for live traffic, process trees, and metrics: - Timeline View: http://127.0.0.1:7395/timeline - Process Tree: http://127.0.0.1:7395/tree - Raw Logs: http://127.0.0.1:7395/logs
Process tree visualization for agent subprocesses and file activity
Timeline visualization for LLM, process, file, and network events
Metrics visualization for memory and CPU usage
Try the live demo to explore a real recorded Claude Code session in the browser.
Gemini CLI runs on Node — record finds the right binary and traces it
sudo ./agentsight record -- gemini
With `record`, AgentSight now auto-discovers the Node binary from `-c node`
(it detects that Node embeds OpenSSL and attaches to the binary instead of a
system library), so this just works without `--binary-path`:
Monitor Gemini CLI or other Node.js AI tools — binary auto-discovered
sudo ./agentsight record -c node
Combined SSL and process monitoring with web interface
sudo ./agentsight debug trace --ssl true --process true --server true
Traditional Observability vs. System-Level Monitoring
Application-level tools such as LangSmith, Langfuse, and Phoenix are great for traces, prompts, tokens, evals, and latency when you own the application code. Gateway/proxy tools such as Helicone are useful when you can route provider traffic through a managed endpoint.
AgentSight focuses on the layer those tools often miss: what the agent actually does at the system boundary. It observes existing binaries and CLI agents without SDKs or proxies, then correlates LLM traffic with process execution, file access, and system activity.
| **Challenge** | **Application-Level Tools** | **AgentSight Solution** |
|---|---|---|
| **Framework Adoption** | ❌ SDK, callback, or gateway integration per app | ✅ Drop-in system tracer, no code changes |
| **Closed-Source CLIs** | ❌ Limited to what the tool exposes or logs | ✅ Observes existing binaries and CLI agents from outside |
| **Agent-Controlled Logs** | ❌ Logs can be incomplete, disabled, or modified | ✅ Kernel-level events independent of app logging |
| **TLS LLM Traffic** | ❌ Visible when routed through SDKs/proxies | ✅ Captures plaintext at SSL/TLS calls without a proxy |
| **System Actions** | ❌ Often misses subprocesses and local file activity | ✅ Tracks process execution, file access, and resource use |
| **Cross-Boundary Behavior** | ❌ Traces usually stop at framework/process boundaries | ✅ Correlates LLM traffic with process and file events |
AgentSight captures critical interactions that application-level tools miss:
- Subprocess executions that bypass instrumentation
- Plaintext LLM payloads at SSL/TLS call boundaries
- File operations and system resource access
- Cross-boundary behavior across LLM, process, and file events
❓ Frequently Asked Questions
Q: What permissions does AgentSight need? A: eBPF probes need root privileges, so AgentSight may prompt for sudo. With record -- <command> or stat -- <command>, the monitored agent still runs as your normal user; only the probes are elevated.
Q: What's the performance impact? A: Our evaluation reports less than 3% CPU overhead for typical traced agent workloads.
Q: Where does captured data go? A: record and stat -- <command> store sessions locally in SQLite by default. Use agentsight stat, agentsight top, agentsight report, agentsight list, agentsight db audit --json, and agentsight db token to inspect prior runs. Captured data can include prompts, responses, paths, headers, and network targets, so treat logs and DBs as sensitive.
Q: Why doesn't AgentSight capture traffic from Claude Code, Node.js, or Gemini CLI? A: These applications statically link their SSL library (BoringSSL for Claude/Bun, OpenSSL for all Node.js — both NVM and system installs) into their own binary instead of using system libssl.so, so there's nothing for sslsniff to hook by default. AgentSight handles this for you: record -- <command> always discovers the binary, and record -c node now auto-discovers the Node binary too. For Claude attach mode, pass --binary-path. See the "Zero-Config: record" and "Monitoring Node.js AI Tools" sections.
Q: What should I check if tracing fails? A: Verify you are on Linux with eBPF support, have sudo or CAP_BPF/CAP_SYS_ADMIN, and are using record -- <command> or the correct --binary-path for statically linked agents.
创新的eBPF追踪方案,解决AI应用可观测性难题。技术深度高,社区活跃度中等,适合专业开发者。
⚡ 核心功能
- 开源免费,支持本地部署,数据完全自主可控
- 活跃的 GitHub 开源社区,持续迭代更新
- 提供详细文档和使用示例,新手友好
- 支持自定义配置,灵活适配不同使用环境
- 可作为基础组件集成进现有技术栈或进行二次开发
👥 适合人群
🎯 使用场景
- 本地部署运行,保护数据隐私,满足合规要求
- 自定义集成到现有系统,扩展技术栈能力
- 作为开源基础组件进行商业化二次开发
⚖️ 优点与不足
- +MIT 协议,可免费商用
- +完全开源免费,无授权费用
- +本地部署,数据完全自主可控
- +开发者社区支持,遇问题可查可问
- −安装和初始配置可能需要一定技术基础
- −功能完整性通常不如成熟商业产品
- −技术支持主要依赖开源社区,响应速度不稳定
AI Skill Hub 为第三方内容聚合平台,本页面信息基于公开数据整理,不对工具功能和质量作任何法律背书。
建议在沙箱或测试环境中充分验证后,再部署至生产环境,并做好必要的安全评估。
✅ MIT 协议 — 最宽松的开源协议之一,可自由商用、修改、分发,仅需保留版权声明。
🔗 相关工具推荐
❓ 常见问题 FAQ
经综合评估,AgentSight 在AI工具赛道中表现稳健,质量良好。如果你已有明确的使用需求,可以直接上手体验;如果还在评估阶段,建议对比同类工具后再做决策。
| 原始名称 | agentsight |
| Topics | AI追踪eBPF可观测性工作流LLM监测 |
| GitHub | https://github.com/eunomia-bpf/agentsight |
| License | MIT |
| 语言 | C |
收录时间:2026-06-03 · 更新时间:2026-06-03 · License:MIT · AI Skill Hub 不对第三方内容的准确性作法律背书。