eunomia.dev
EN

AgentSight: Zero-Instrumentation LLM Agent Observability with eBPF

![License: MIT](https://opensource.org/licenses/MIT) ![Build Status](https://github.com/eunomia-bpf/agentsight)

License: MIT Build Status

AgentSight is a observability tool designed specifically for monitoring LLM agent behavior through SSL/TLS traffic interception and process monitoring. Unlike traditional application-level instrumentation, AgentSight observes at the system boundary using eBPF technology, providing tamper-resistant insights into AI agent interactions with minimal performance overhead.

✨ Zero Instrumentation Required - No code changes, no new dependencies, no SDKs. Works with any AI framework or application out of the box.

Quick Start

wget https://github.com/eunomia-bpf/agentsight/releases/download/v0.1.1/agentsight && chmod +x agentsight
# Record agent behavior from claude
sudo ./agentsight record -c "claude"
# Record agent behavior from gemini-cli (comm is "node")
sudo ./agentsight record -c "node"
# For Python AI tools
sudo ./agentsight record -c "python"
# Record claude or gemini activity with NVM Node.js, if bundle OpenSSL statically
sudo ./agentsight record --binary-path /usr/bin/node -c node

Visit http://127.0.0.1:8080 to view the recorded data.

AgentSight Demo - Process Tree Visualization

Real-time process tree visualization showing AI agent interactions and file operations

AgentSight Demo - Timeline Visualization

Real-time timeline visualization showing AI agent interactions and system calls

Visit http://127.0.0.1:8080 to view the captured data in real-time.

🚀 Why AgentSight?

Traditional Observability vs. System-Level Monitoring

ChallengeApplication-Level ToolsAgentSight Solution
Framework Adoption❌ New SDK/proxy for each framework✅ Drop-in daemon, no code changes
Closed-Source Tools❌ Limited visibility into operations✅ Complete visibility into prompts & behaviors
Dynamic Agent Behavior❌ Logs can be silenced or manipulated✅ Kernel-level hooks, tamper-resistant
Encrypted Traffic❌ Only sees wrapper outputs✅ Captures real unencrypted requests/responses
System Interactions❌ Misses subprocess executions✅ Tracks all process behaviors & file operations
Multi-Agent Systems❌ Isolated per-process tracing✅ Global correlation and analysis

AgentSight captures critical interactions that application-level tools miss:

  • Subprocess executions that bypass instrumentation
  • Raw encrypted payloads before agent processing
  • File operations and system resource access
  • Cross-agent communications and coordination

🏗️ Architecture

┌─────────────────────────────────────────────────┐
│              AI Agent Runtime                   │
│   ┌─────────────────────────────────────────┐   │
│   │    Application-Level Observability      │   │
│   │  (LangSmith, Helicone, Langfuse, etc.)  │   │
│   │         🔴 Tamper Vulnerable             │   │
│   └─────────────────────────────────────────┘   │
│                     ↕ (Can be bypassed)         │
├─────────────────────────────────────────────────┤ ← System Boundary
│  🟢 AgentSight eBPF Monitoring (Tamper-proof)   │
│  ┌─────────────────┐  ┌─────────────────────┐   │
│  │   SSL Traffic   │  │    Process Events   │   │
│  │   Monitoring    │  │    Monitoring       │   │
│  └─────────────────┘  └─────────────────────┘   │
└─────────────────────────────────────────────────┘

┌─────────────────────────────────────────────────┐
│         Rust Streaming Analysis Framework       │
│  ┌─────────────┐  ┌──────────────┐  ┌────────┐  │
│  │   Runners   │  │  Analyzers   │  │ Output │  │
│  │ (Collectors)│  │ (Processors) │  │        │  │
│  └─────────────┘  └──────────────┘  └────────┘  │
└─────────────────────────────────────────────────┘

┌─────────────────────────────────────────────────┐
│           Frontend Visualization                │
│     Timeline • Process Tree • Event Logs       │
└─────────────────────────────────────────────────┘

Core Components

  1. eBPF Data Collection (Kernel Space)

    • SSL Monitor: Intercepts SSL/TLS read/write operations via uprobe hooks
    • Process Monitor: Tracks process lifecycle and file operations via tracepoints
    • <3% Performance Overhead: Operates below application layer with minimal impact

  2. Rust Streaming Framework (User Space)

    • Runners: Execute eBPF programs and stream JSON events (SSL, Process, Agent, Combined)
    • Analyzers: Pluggable processors for HTTP parsing, chunk merging, filtering, logging
    • Event System: Standardized event format with rich metadata and JSON payloads

  3. Frontend Visualization (React/TypeScript)

    • Timeline View: Interactive event timeline with zoom and filtering
    • Process Tree: Hierarchical process visualization with lifecycle tracking
    • Log View: Raw event inspection with syntax highlighting
    • Real-time Updates: Live data streaming and analysis

Data Flow Pipeline

eBPF Programs → JSON Events → Runners → Analyzer Chain → Frontend/Storage/Output

Usage

Prerequisites

  • Linux kernel: 4.1+ with eBPF support (5.0+ recommended)
  • Root privileges: Required for eBPF program loading
  • Rust toolchain: 1.88.0+ (for building collector)
  • Node.js: 18+ (for frontend development)
  • Build tools: clang, llvm, libelf-dev

📄 License

MIT License - see LICENSE for details.

继续阅读

返回索引

eBPF × AI/LLMs:系统可观测性与人工智能的融合

人工智能与eBPF的融合正在快速引领系统软件的新方向,彻底改变了复杂应用程序的构建和管理方式。随着大语言模型(LLMs)从单纯的应用程序演变为软件开发生命周期中的活跃AI代理,它们越来越多地用于生成、优化和验证低级系统代码,包括内核扩展。同时,这些复杂的AI工作负载和代理在执行时需要全新的运行时环境,以实现高效、安全、可靠的运行。这正是eBPF的优势所在,它提供了安全且高性能的内核编程机制,为现代系统提供所需的高质量监控数据。

上一篇 / 上一页

eBPF × AI/LLMs:系统可观测性与人工智能的融合

人工智能与eBPF的融合正在快速引领系统软件的新方向,彻底改变了复杂应用程序的构建和管理方式。随着大语言模型(LLMs)从单纯的应用程序演变为软件开发生命周期中的活跃AI代理,它们越来越多地用于生成、优化和验证低级系统代码,包括内核扩展。同时,这些复杂的AI工作负载和代理在执行时需要全新的运行时环境,以实现高效、安全、可靠的运行。这正是eBPF的优势所在,它提供了安全且高性能的内核编程机制,为现代系统提供所需的高质量监控数据。

下一篇 / 下一页

MCPtrace:使用bpftrace进行AI驱动的内核调试

通过bpftrace MCP服务器,使AI助手能够使用自然语言调试Linux内核问题。无需eBPF专业知识。

最后更新
2025年10月1日
首次发布
2025年9月25日
贡献者
yunwei37
编辑此页分享到 X分享到 Facebook参与讨论RSS 订阅

这个页面有帮助吗?