AgentGuard 0.3.0 — macOS menu bar app, Telegram rollback, and more

Oz Gomez — Thu, 21 May 2026 19:55:58 +0000

Quick update on AgentGuard since my last post.
A few days ago I shared a tool I built because I kept finding that Claude Code was modifying files I didn't expect while I was away from the machine. Today I pushed 0.3.0 with some meaningful additions.
What's new:
A macOS menu bar app. Click the shield icon and you get a popup showing daemon status, which directories are being watched, and the last 5 file events. Start/stop the daemon from there too.
Telegram approve/deny buttons. When a sensitive file changes (.env, keys, CI configs, agent memory files), you get a Telegram message with ✅ Keep and ↩️ Rollback buttons. Works while you're away from the machine — the whole reason I built this.
macOS system notifications for HIGH and CRITICAL events.
Agent memory files now monitored — CLAUDE.md, .cursorrules, .hermes/, aider configs. These are persistent instructions that survive between sessions and could be poisoned.
A daily report command: agentguard daemon report --days=7
npm install -g agentguard-dev
agentguard init
for the menu bar app:
cd $(npm root -g)/agentguard-dev/tray && npm install
agentguard tray

Still honest about limitations: file watcher is the primary defense — real-time command interception doesn't work reliably with Codex (Rust binary) or Copilot CLI (TUI). Claude Code is the best-supported agent.
Nobody has really tested this except me. If you use Claude Code or any CLI agent and want to try it, I'd genuinely appreciate feedback — brutal honesty welcome.
GitHub: github.com/Osva2023/AgentGuard

leave question or help in comments if prefers. thanks

I built a file watcher for AI coding agents — would love brutal feedback

Oz Gomez — Mon, 18 May 2026 19:43:46 +0000

I've been using Claude Code for the past few months — heavily. And a lot of the time, I'm running it remotely. I'll kick off a session from my phone via Telegram, leave it working on a project, and come back later to see what it did.
That's when I started noticing something uncomfortable.
The agent would modify files I didn't expect. Overwrite a .env. Delete something it considered "unused". Touch config files while doing something else entirely. When I was sitting at the machine, I'd catch it. When I wasn't — I'd find out later, sometimes much later.
So I built something to watch what it does while I'm away.
AgentGuard is a CLI wrapper and background daemon that monitors your filesystem while AI coding agents work. It detects changes to sensitive files (.env, keys, CI configs, package.json), logs everything to an audit trail, and can send you a Telegram message with rollback buttons if something looks wrong — even when you're not at the machine.
npm install -g agentguard-dev
agentguard init
agentguard claude # wraps Claude Code
Or run it as a permanent background daemon:
agentguard daemon install # starts on login via launchd
agentguard daemon status
What it actually does:

Watches configured directories permanently, even when you're away
Detects mass deletes, env overwrites, CI config changes, credential files
Sends Telegram alerts with ✅ Keep / ↩️ Rollback buttons you can tap from your phone
Writes a full audit log so you can see what the agent touched during a session

Honest limitations:

Real-time command interception doesn't work reliably — Codex is a Rust binary that bypasses our hooks, Copilot CLI has a TUI that interferes. The file watcher is the primary defense.
Tested mainly with Claude Code on macOS. Other agents and Linux need more testing.
Nobody has really used this except me.

That last point is why I'm posting this.
I have a few years of experience in testing and developer support, so I know enough to build something that works — but I built this primarily because I needed it, and Claude Code helped me write most of it, which is a bit meta. The code works, the tests pass, and it's been running as a daemon on my machine for a week watching two real projects.
But I have no idea if it's useful to anyone else, if the UX makes sense, or if I'm solving the wrong problem entirely.
GitHub: github.com/Osva2023/AgentGuard
If you use Claude Code, Codex, or aider — I'd genuinely appreciate you taking a look. Even just "this is pointless because X" would be valuable right now.
leave questions, suggestions, etc, in the comments, thanks DEVs

Forem: Oz Gomez

AgentGuard 0.3.0 — macOS menu bar app, Telegram rollback, and more

I built a file watcher for AI coding agents — would love brutal feedback