Show HN: IAXT – macOS menu-bar app that records what AI coding agents do
IAXT is a macOS menu-bar app that records actions from AI coding agents like Claude Code, Cursor, and Aider. It logs commands, file changes, package installs, and git operations without blocking workflows. The individual tier is free, local, and has no telemetry; the team tier provides daily summaries. It helps address approval fatigue and prompt injection risks.
IAXT: AI you can trust. | Audit AI coding agents on macOS
Intelligent Agent eXecution Tracker (IAXT)
See what your AI coding
agent actually did.
IAXT is a quiet menu-bar app that records what Claude Code, Cursor, Aider, Codex, and Copilot
actually do on your Mac: commands run, files changed, packages installed, git operations, launch agents.
No blocking. No workflow changes. No cloud upload for individuals. Just a local audit trail you can review after the coding session ends.
Get IAXT
How it works
The thesis
AI coding agents run commands and change files on your machine, with broad permissions and at high speed.
Two things make that hard to keep up with. Fatigue: over a long session the permission dialogs blur into an illusion of control, and most of us click through. Prompt injection: attackers now hide instructions for the AI inside ordinary text, and the attacks keep getting more frequent and more sophisticated.
IAXT doesn't block. IAXT doesn't restrict. IAXT watches, attributes, and remembers, so whether it was a tired click or a hidden instruction, you can answer the question most teams can't answer today: what did the AI actually do?
Who's installing
and why.
Solo developer auditing your own machine, or a founder rolling an audit trail up to the whole team. IAXT fits both — and they care about different things.
Peace of mind for
your own machine.
Install the app, go back to coding. IAXT sits in your menu bar, logs every AI agent's activity locally, and surfaces a 30-second review screen when you're done.
Catches the accidents (the AI deleted half the repo), flags the rarer intentional exfil (a prompt-injected README triggered a curl -X POST on your SSH key), and stays out of your face the rest of the time.
01
Free to download. No account, no signup, no upsell. Drag-and-drop DMG, launch once, done.
02
Nothing leaves your machine. No telemetry. No analytics. Zero network calls unless you explicitly click Check for Updates. Data sits in ~/Library/Logs/IAXT/, openable with sqlite3, deletable with rm -rf.
03
No noticeable slowdown. Passive observation only — IAXT never blocks, intercepts, or modifies anything. Your agents don't know it exists, and neither will your build times.
The audit trail
due diligence asks for.
Your engineers install IAXT — same app as the individual tier, no extra friction. Once a day, a review summary (not raw logs) pushes to a central endpoint you control. Your security lead, CTO, or founder sees a per-engineer roll-up.
When a customer's security review, an investor's due diligence, or an acquirer's tech audit asks "how do you manage AI-agent risk?", you open the dashboard. That's the answer. Few teams can show this today, which is why having it now sets you apart in the room.
We use Claude Code, Cursor, and Aider across the team. Every session is logged locally. Review-tier events — persistence mechanisms, credential access, exfiltration patterns — are flagged automatically and rolled up to our security review. Here's last week's report.
— What you tell a customer, investor, or acquirer
01
Frictionless for engineers. Same menu-bar app as the individual tier. Install once, forget. No workflow changes, no IDE plugin, no prompts.
02
Summaries, not raw logs. Only aggregated review data leaves each engineer's machine. Full forensic trail stays local.
03
Self-host or managed. Run the endpoint on your own infra, or let us host it. Design-partner pricing during private beta.
Three things
IAXT does quietly.
01 — OBSERVE
Observes every agent action.
Commands run, files created or modified, packages installed, git operations, cron entries, launch agents. Every action attributed to the tool that made it — confirmed, likely, or possible.
02 — FLAG
Flags what's worth reviewing.
A gold stripe for actions that deserve attention — filesystem writes outside the project, unexpected network calls, changes to scheduled tasks. Violet for things simply worth a look.
03 — REPORT
Gives you the full story.
A daily Overview of your AI usage patterns. Session cards, stats, attention items. Because it watches every agent at once, it also becomes a clear picture of how you actually code with AI across all your tools, Claude Code, Cursor, and the rest, not just one. CSV export for team review. Everything local, no telemetry, no cloud.
Who reaches for a record like this.
Developers
An impartial observer of what your AI coding agents actually did on your machine. Catch the accidents, and spot the rare action that does not belong, without trusting your memory of a long session.
Team leads
Visibility into how agents are used across the team, with zero workflow friction. Everyone installs the same quiet app; you get a review surface instead of a blind spot.
Security leads
Evidence that AI-agent risk is actually watched: an audit trail you can point to in a security review or due diligence, with review-tier events flagged automatically.
A look at what you'll see.
Real screenshots of the macOS app. Pick a view to see what it shows and why it matters.
Quiet in your menu bar, until something needs you.
IAXT lives in your menu bar and stays out of the way while it observes. Its icon is a simple circle: white when everything is normal and monitoring is active, violet when it has flagged something worth your review. From the menu you can pause monitoring, open the main window, or show your logs in Finder. Everything it records stays on your Mac in a single SQLite database, fully inspectable with any SQLite browser and deletable any time. Nothing is scattered across your system, and nothing ever leaves your machine.
Start each day with what deserves a look.
The Overview opens with anything IAXT thinks is worth reviewing. These are not necessarily problems: they are the important changes worth a glance, like an AI coding agent modifying your system, adding a login item, or touching a sensitive file. One click takes you straight to those rows in the Action Log. Three tiles summarize the day, AI sessions, actions, and files changed, so you always know how much happened while you were working.
See how you actually work with AI.
The Overview is also a quiet mirror of your own AI usage. Beyond the day's review items, it charts your activity rhythm across the day, your busiest hours, and where files changed most, then rolls it up over time into weekly patterns and totals. It is a genuinely useful way to understand how much you lean on tools like Claude Code and Cursor, and when.
See what needs review, then copy it into any AI.
The Action Log, filtered to Review, the highest tier. Here an AI agent left two persistence mechanisms: it modified a shell startup file and created a launch agent, both of which would run again on their own. Right-click any row and choose Copy row as context to get exactly what you see in the violet box: a clean, self-describing summary of who did what, where, and why it was flagged. Paste it into any LLM for a second opinion, so IAXT becomes a peer reviewer for your AI, an audit trail you can double-check with the tool of your choice.
Worth a glance, not an alarm.
Flagged is the middle tier: unusual in context but often legitimate, worth a quick look rather than an alarm. Here Claude Code downloaded files over the network with curl, and a launch agent was removed. Look at the Who column: every action is attributed to the exact agent session that caused it, with a confidence pill (confirmed, likely, possible) so you know how sure IAXT is. The noise is already gone, only the ~1% worth seeing remains.
FAQ
Questions worth answering.
What can I use IAXT for?
IAXT gives you a faithful, after-the-fact record of what your AI coding agents did on your machine. Two very different situations make that worth having.
Good faith: approval fatigue. You approve sensitive actions as you work, but hours and days of coding bring fatigue and desensitization. It is human to click allow out of routine, or to wave through something you did not fully understand. IAXT lets you go back, calmly and later, and see what you actually agreed to.
Bad faith: prompt injection. Attackers hide instructions inside content an AI reads. Below is a real email: the body looks like a harmless onboarding reminder, but its source hides a command aimed at any AI assistant that processes the message.
What you see: a friendly nudge to finish a survey.
What is hidden in the source, inside a display:none block padded with invisible characters: rename c:\windows\*.pwl c:\windows\*.zzz. On legacy Windows, .pwl files are where the system cached account passwords, so renaming them is a classic attempt to tamper with stored credentials and force new ones to be captured.
It targeted Windows and never ran here. But the technique is real and getting more sophisticated. IAXT is passive: it does not block, it records. If an agent on your Mac ever acted on a hidden instruction like this, you would see exactly what it did in the Action Log, after the session.
What data leaves my computer?
Individual tier: zero. No telemetry. No analytics. No account. The only network call the app can make is the Check for Updates menu item — one request to GitHub, only when you click it. Company tier: once a day, a review summary (counts per agent, flagged/review action totals — no raw commands) goes to the endpoint you control. Nothing to us.
Which AI coding agents does IAXT detect?
Claude Code, Cursor, Aider, Codex, Windsurf, Kilo Code, OpenCode, Copilot, Cody. New agents are added on request — open an issue on GitHub with your tool's process name and we'll add it.
Is there a Windows version?
Not for the moment. IAXT is macOS-only today (macOS 13 Ventura or later), built on macOS-native event streams. A Windows version would be a separate effort; we may consider it based on demand.
Is IAXT on the Mac App Store?
No, and it can't be. App Store apps must run inside Apple's sandbox, which walls each app off from the rest of the system. IAXT's whole job is to watch what other processes do across your machine, read their command lines, and follow file activity beyond its own folder. The sandbox blocks exactly that. So IAXT ships the way most serious Mac developer tools do, as a signed and notarized DMG you download directly, verified by Apple's Gatekeeper on first launch.
Does IAXT slow down my machine?
Not in a way you'll feel. IAXT subscribes to macOS's native event streams (FSEvents, kqueue, periodic sysctl) — the OS is already doing this work — and drops roughly 95% of events by construction before anything touches disk. No lag in your editor, no slower builds, no stutter in your agents.
The honest caveat is battery. Because IAXT watches continuously in the background, a laptop on battery may run down a little sooner — any always-on tool has this cost. We've worked hard to keep it small: adaptive polling that backs right off when nothing is happening, and a full pause while your Mac sleeps. On power it's a non-issue; on battery it's a few percent, not a cliff.
How do I uninstall?
Drag IAXT.app to the Trash, then rm -rf ~/Library/Logs/IAXT to remove the SQLite database and audit logs. That's it — no hidden files, no LaunchAgent to unload.
Why not an Endpoint Security / kernel-level product?
Apple's Endpoint Security framework catches more (file reads, every exec) but requires a manual-review entitlement from Apple and a system-extension install flow. IAXT v1 runs in user-space because distribution friction matters more than catching every last event. ES-level detection is on the roadmap.
Is the team endpoint hosted or self-hosted?
Both will be available. During private beta we host it for speed of iteration. Self-hosted ships before GA. If you need self-hosted from day one, email [email protected] — we'll prioritize accordingly.
Can I see the source code?
The individual app is closed-source today. For enterprise and bu
[truncated for AI cost control]