watchmyagents 0.1.0

package/scripts/inspect.js

@@ -0,0 +1,241 @@
+#!/usr/bin/env node
+// WatchMyAgents log inspector
+// Usage:
+//   node scripts/inspect.js [path]
+//
+// path can be:
+//   - a single .ndjson file
+//   - a directory (recursively scans for .ndjson)
+//   - omitted → defaults to ./watchmyagents-logs
+
+import { readFile, readdir, stat } from 'node:fs/promises';
+import { join, resolve } from 'node:path';
+import { TokenTracker } from '../src/tokens.js';
+
+const target = resolve(process.argv[2] || './watchmyagents-logs');
+
+async function collectFiles(p) {
+  const s = await stat(p).catch(() => null);
+  if (!s) return [];
+  if (s.isFile()) return p.endsWith('.ndjson') ? [p] : [];
+  const out = [];
+  for (const name of await readdir(p)) {
+    out.push(...(await collectFiles(join(p, name))));
+  }
+  return out;
+}
+
+function fmt(n) { return n.toLocaleString('en-US'); }
+function ms(n) { return n == null ? '—' : `${n.toLocaleString('en-US')} ms`; }
+function pct(num, den) { return den ? `${((num / den) * 100).toFixed(1)}%` : '—'; }
+function truncate(s, n) { s = String(s); return s.length > n ? s.slice(0, n - 1) + '…' : s; }
+
+function percentile(arr, p) {
+  if (arr.length === 0) return null;
+  const sorted = [...arr].sort((a, b) => a - b);
+  const idx = Math.min(sorted.length - 1, Math.floor((p / 100) * sorted.length));
+  return sorted[idx];
+}
+
+// Best-effort destination extraction from a tool_use input payload.
+// Returns a short identifier of *what* the tool acted on (URL, query, path…).
+function extractDestination(input) {
+  if (input == null) return null;
+  if (typeof input === 'string') return truncate(input, 60);
+  if (typeof input !== 'object') return null;
+  const url = input.url || input.uri || input.endpoint;
+  if (url) return truncate(url, 60);
+  if (input.query) return `"${truncate(input.query, 60)}"`;
+  if (input.path || input.file_path) return truncate(input.path || input.file_path, 60);
+  if (input.command) return `$ ${truncate(input.command, 60)}`;
+  // Fallback: stringify first key/value
+  const k = Object.keys(input)[0];
+  return k ? `${k}=${truncate(JSON.stringify(input[k]), 50)}` : null;
+}
+
+async function main() {
+  const files = await collectFiles(target);
+  if (files.length === 0) {
+    process.stderr.write(`No .ndjson files found under ${target}\n`); process.exit(1);
+  }
+
+  const tracker = new TokenTracker();
+  const entries = [];
+  const errors = [];
+  const sessionEnds = [];
+  const bySession = new Map();
+  const byStatus = { ok: 0, error: 0 };
+  const models = new Set();
+  let firstTs = null, lastTs = null;
+
+  for (const f of files) {
+    const raw = await readFile(f, 'utf8');
+    for (const line of raw.split('\n')) {
+      if (!line.trim()) continue;
+      let e; try { e = JSON.parse(line); } catch { continue; }
+      entries.push(e);
+      tracker.record(e);
+      byStatus[e.status] = (byStatus[e.status] || 0) + 1;
+      if (e.status === 'error') errors.push(e);
+      if (e.action_type === 'session_end') sessionEnds.push(e);
+      if (e.session_id) bySession.set(e.session_id, (bySession.get(e.session_id) || 0) + 1);
+      if (e.model) models.add(typeof e.model === 'object' ? (e.model.id || JSON.stringify(e.model)) : e.model);
+      if (!firstTs || e.timestamp < firstTs) firstTs = e.timestamp;
+      if (!lastTs || e.timestamp > lastTs) lastTs = e.timestamp;
+    }
+  }
+
+  const stats = tracker.stats();
+  const t = stats.total;
+  const durationMs = firstTs && lastTs ? new Date(lastTs) - new Date(firstTs) : 0;
+
+  const out = [];
+  out.push('━━━ WatchMyAgents log inspector ━━━');
+  out.push(`source           : ${target}`);
+  out.push(`files scanned    : ${files.length}`);
+  out.push(`entries          : ${fmt(entries.length)}`);
+  out.push(`sessions         : ${bySession.size} (session_end entries: ${sessionEnds.length})`);
+  out.push(`model            : ${models.size ? [...models].join(', ') : '—'}`);
+  out.push(`window           : ${firstTs || '—'} → ${lastTs || '—'}`);
+  out.push(`elapsed          : ${ms(durationMs)}`);
+  out.push(`status           : ok=${byStatus.ok || 0}  error=${byStatus.error || 0}`);
+  out.push('');
+  out.push('── Tokens ──');
+  out.push(`total            : ${fmt(t.sum)}  (in=${fmt(t.input)} out=${fmt(t.output)} cache_r=${fmt(t.cache_read)} cache_w=${fmt(t.cache_creation)})`);
+  out.push('');
+
+  const topRows = (obj, label, max = 10) => {
+    const rows = Object.entries(obj)
+      .sort((a, b) => b[1].sum - a[1].sum)
+      .slice(0, max);
+    if (rows.length === 0) return;
+    out.push(`── By ${label} ──`);
+    for (const [k, v] of rows) {
+      out.push(`  ${k.padEnd(40)} calls=${String(v.calls).padStart(4)}  tokens=${String(v.sum).padStart(8)}`);
+    }
+    out.push('');
+  };
+  topRows(stats.by_tool, 'tool');
+  topRows(stats.by_action, 'action_type');
+  // "By model" is redundant when only one model is in use — shown in the header.
+  if (Object.keys(stats.by_model).length > 1) topRows(stats.by_model, 'model');
+
+  if (errors.length) {
+    out.push(`── Errors (${errors.length}) ──`);
+    for (const e of errors.slice(0, 10)) {
+      out.push(`  [${e.timestamp}] ${e.tool_name || e.action_type}: ${e.error}`);
+    }
+    if (errors.length > 10) out.push(`  … and ${errors.length - 10} more`);
+    out.push('');
+  }
+
+  const slowest = entries
+    .filter(e => typeof e.duration_ms === 'number')
+    .sort((a, b) => b.duration_ms - a.duration_ms).slice(0, 5);
+  if (slowest.length) {
+    out.push('── Slowest actions ──');
+    for (const e of slowest) {
+      out.push(`  ${ms(e.duration_ms).padStart(12)}  ${e.action_type.padEnd(14)} ${e.tool_name || ''}`);
+    }
+    out.push('');
+  }
+
+  // ── Security Section 1: Top destinations (URLs / queries / paths) ──
+  // Reveals where the agent reached: data exfiltration targets, repeated
+  // queries (replay), unexpected hosts. Aggregated per (tool_name, destination).
+  const destCounts = new Map();
+  for (const e of entries) {
+    if (!e.tool_name || (e.action_type !== 'tool_use' && e.action_type !== 'mcp_tool_use' && e.action_type !== 'custom_tool_use')) continue;
+    const dest = extractDestination(e.input);
+    if (!dest) continue;
+    const key = `${e.tool_name}\t${dest}`;
+    destCounts.set(key, (destCounts.get(key) || 0) + 1);
+  }
+  if (destCounts.size) {
+    out.push('── Top destinations (tool inputs) ──');
+    const rows = [...destCounts.entries()].sort((a, b) => b[1] - a[1]).slice(0, 10);
+    for (const [k, n] of rows) {
+      const [tool, dest] = k.split('\t');
+      out.push(`  ${String(n).padStart(3)}×  ${tool.padEnd(16)} ${dest}`);
+    }
+    out.push('');
+  }
+
+  // ── Security Section 2: Action sequences (Markov transitions) ──
+  // Reveals attack patterns: e.g. "tool_use(web_fetch) → tool_use(bash)" or
+  // "context_compacted → message" (loss of safety context).
+  const sorted = [...entries].sort((a, b) => (a.timestamp || '').localeCompare(b.timestamp || ''));
+  const seqCounts = new Map();
+  for (let i = 0; i < sorted.length - 1; i++) {
+    const a = sorted[i], b = sorted[i + 1];
+    if (a.action_type === 'session_end' || b.action_type === 'session_end') continue;
+    if (a.session_id && b.session_id && a.session_id !== b.session_id) continue;
+    const key = `${a.action_type} → ${b.action_type}`;
+    seqCounts.set(key, (seqCounts.get(key) || 0) + 1);
+  }
+  if (seqCounts.size) {
+    out.push('── Action sequences (top transitions) ──');
+    const rows = [...seqCounts.entries()].sort((a, b) => b[1] - a[1]).slice(0, 10);
+    const totalSeq = [...seqCounts.values()].reduce((s, n) => s + n, 0);
+    for (const [k, n] of rows) {
+      out.push(`  ${String(n).padStart(3)}×  ${pct(n, totalSeq).padStart(5)}  ${k}`);
+    }
+    out.push('');
+  }
+
+  // ── Security Section 3: Tool error rate ──
+  // High error rate on a tool may signal exploit attempts (malformed inputs).
+  const toolStats = new Map();
+  for (const e of entries) {
+    if (!e.tool_name) continue;
+    const s = toolStats.get(e.tool_name) || { calls: 0, errors: 0, durations: [] };
+    s.calls++;
+    if (e.status === 'error') s.errors++;
+    if (typeof e.duration_ms === 'number') s.durations.push(e.duration_ms);
+    toolStats.set(e.tool_name, s);
+  }
+  const toolsWithErrors = [...toolStats.entries()].filter(([, s]) => s.errors > 0);
+  if (toolsWithErrors.length) {
+    out.push('── Tool error rate ──');
+    for (const [name, s] of toolsWithErrors.sort((a, b) => b[1].errors - a[1].errors)) {
+      out.push(`  ${name.padEnd(20)} ${s.errors}/${s.calls}  (${pct(s.errors, s.calls)})`);
+    }
+    out.push('');
+  }
+
+  // ── Security Section 4: Tool latency p50/p95 ──
+  // Outliers can hide exfiltration via timing channels or compromised MCPs.
+  const toolsWithLatency = [...toolStats.entries()].filter(([, s]) => s.durations.length > 0);
+  if (toolsWithLatency.length) {
+    out.push('── Tool latency ──');
+    for (const [name, s] of toolsWithLatency.sort((a, b) => percentile(b[1].durations, 95) - percentile(a[1].durations, 95))) {
+      const p50 = percentile(s.durations, 50);
+      const p95 = percentile(s.durations, 95);
+      const maxv = Math.max(...s.durations);
+      out.push(`  ${name.padEnd(20)} n=${String(s.durations.length).padStart(3)}  p50=${ms(p50).padStart(10)}  p95=${ms(p95).padStart(10)}  max=${ms(maxv).padStart(10)}`);
+    }
+    out.push('');
+  }
+
+  // ── Security Section 5: Rate metrics ──
+  // Helps detect abuse loops, runaway agents, or cost spikes.
+  if (durationMs > 0) {
+    const minutes = durationMs / 60000;
+    out.push('── Rate metrics ──');
+    out.push(`  tokens/min       : ${fmt(Math.round(t.sum / minutes))}`);
+    out.push(`  calls/min        : ${(entries.length / minutes).toFixed(2)}`);
+    out.push(`  llm_calls/min    : ${((stats.by_action.llm_call?.calls || 0) / minutes).toFixed(2)}`);
+    out.push('');
+  }
+
+  for (const se of sessionEnds) {
+    const st = se.session_tokens || {};
+    out.push(`── Session ${se.session_id.slice(0, 8)} (from session_end) ──`);
+    out.push(`  tokens : total=${fmt(st.total || 0)} in=${fmt(st.input || 0)} out=${fmt(st.output || 0)} cache_r=${fmt(st.cache_read || 0)} cache_w=${fmt(st.cache_creation || 0)}`);
+    out.push('');
+  }
+
+  process.stdout.write(out.join('\n') + '\n');
+}
+
+main().catch(e => { process.stderr.write(`error: ${e.stack || e.message}\n`); process.exit(1); });

package/src/adapters/claude.js

@@ -0,0 +1,46 @@
+import { WatchMyAgents } from '../collector.js';
+
+export function createClaudeMonitor(opts = {}) {
+  const wma = WatchMyAgents.current() || new WatchMyAgents({ ...opts, framework: 'claude' });
+
+  return {
+    wma,
+    wrap(client) {
+      const m = client?.messages;
+      if (!m?.create) return client;
+      const orig = m.create.bind(m);
+      m.create = async (params) => {
+        const start = Date.now();
+        let status = 'ok', error = null, res;
+        try { res = await orig(params); return res; }
+        catch (e) { status = 'error'; error = e?.message || String(e); throw e; }
+        finally {
+          const u = res?.usage || {};
+          const inT = u.input_tokens || 0;
+          const outT = u.output_tokens || 0;
+          const cr = u.cache_read_input_tokens || 0;
+          const cw = u.cache_creation_input_tokens || 0;
+          const toolUses = Array.isArray(res?.content)
+            ? res.content.filter(b => b?.type === 'tool_use').map(b => b.name) : [];
+          await wma.logAction({
+            framework: 'claude', action_type: 'llm_call',
+            tool_name: params?.model || 'messages.create',
+            model: params?.model || null,
+            duration_ms: Date.now() - start,
+            input_tokens: inT || null,
+            output_tokens: outT || null,
+            cache_read_tokens: cr || null,
+            cache_creation_tokens: cw || null,
+            tokens_used: (inT + outT + cr + cw) || null,
+            status, error,
+            input: { model: params?.model, message_count: params?.messages?.length, tool_count: params?.tools?.length || 0 },
+            output: { stop_reason: res?.stop_reason || null, tool_uses: toolUses },
+          });
+        }
+      };
+      return client;
+    },
+    logToolUse: (name, input, output, duration_ms) =>
+      wma.logAction({ framework: 'claude', action_type: 'tool_use', tool_name: name, duration_ms: duration_ms ?? null, status: 'ok', input, output }),
+  };
+}

package/src/adapters/generic.js

@@ -0,0 +1,21 @@
+import { WatchMyAgents } from '../collector.js';
+
+export async function watch(toolName, params, fn, meta = {}) {
+  const wma = WatchMyAgents.getOrCreate();
+  return wma.watch(toolName, params, fn, { framework: 'generic', ...meta });
+}
+
+export function createGenericMonitor(opts = {}) {
+  const wma = WatchMyAgents.current() || new WatchMyAgents(opts);
+  return {
+    watch: (toolName, params, fn, meta) => wma.watch(toolName, params, fn, { framework: 'generic', ...meta }),
+    wrap(obj, methodNames) {
+      const names = methodNames || Object.keys(obj).filter(k => typeof obj[k] === 'function');
+      const wrapped = {};
+      for (const name of names) {
+        wrapped[name] = (...args) => wma.watch(name, args, () => obj[name](...args), { framework: 'generic' });
+      }
+      return { ...obj, ...wrapped };
+    },
+  };
+}

package/src/adapters/langchain.js

@@ -0,0 +1,42 @@
+import { WatchMyAgents } from '../collector.js';
+
+export function createLangChainHandler(opts = {}) {
+  const wma = WatchMyAgents.current() || new WatchMyAgents({ ...opts, framework: 'langchain' });
+  const starts = new Map();
+  const begin = id => starts.set(id, Date.now());
+  const elapsed = id => { const t = starts.get(id); starts.delete(id); return t ? Date.now() - t : null; };
+
+  return {
+    name: 'WatchMyAgentsHandler',
+    handleLLMStart: async (_l, _p, runId) => begin(runId),
+    handleLLMEnd: async (out, runId) => {
+      const u = out?.llmOutput?.tokenUsage || {};
+      const inT = u.promptTokens || 0, outT = u.completionTokens || 0;
+      return wma.logAction({
+        framework: 'langchain', action_type: 'llm_call', tool_name: 'llm',
+        model: out?.llmOutput?.modelName || null,
+        duration_ms: elapsed(runId),
+        input_tokens: inT || null, output_tokens: outT || null,
+        tokens_used: (inT + outT) || null, status: 'ok',
+      });
+    },
+    handleLLMError: async (err, runId) => wma.logAction({
+      framework: 'langchain', action_type: 'llm_call', tool_name: 'llm',
+      duration_ms: elapsed(runId), status: 'error', error: err?.message || String(err),
+    }),
+    handleToolStart: async (_t, _i, runId) => begin(runId),
+    handleToolEnd: async (_o, runId) => wma.logAction({
+      framework: 'langchain', action_type: 'tool_call', tool_name: 'tool',
+      duration_ms: elapsed(runId), status: 'ok',
+    }),
+    handleToolError: async (err, runId) => wma.logAction({
+      framework: 'langchain', action_type: 'tool_call', tool_name: 'tool',
+      duration_ms: elapsed(runId), status: 'error', error: err?.message || String(err),
+    }),
+    handleChainStart: async (_c, _i, runId) => begin(runId),
+    handleChainEnd: async (_o, runId) => wma.logAction({
+      framework: 'langchain', action_type: 'chain', tool_name: 'chain',
+      duration_ms: elapsed(runId), status: 'ok',
+    }),
+  };
+}

package/src/adapters/openai.js

@@ -0,0 +1,47 @@
+import { WatchMyAgents } from '../collector.js';
+
+export function createOpenAIMonitor(opts = {}) {
+  const wma = WatchMyAgents.current() || new WatchMyAgents({ ...opts, framework: 'openai' });
+
+  function wrapMethod(obj, method, action_type) {
+    if (!obj || typeof obj[method] !== 'function') return;
+    const orig = obj[method].bind(obj);
+    obj[method] = async (params) => {
+      const start = Date.now();
+      let status = 'ok', error = null, res;
+      try { res = await orig(params); return res; }
+      catch (e) { status = 'error'; error = e?.message || String(e); throw e; }
+      finally {
+        const u = res?.usage || {};
+        const inT = u.prompt_tokens || u.input_tokens || 0;
+        const outT = u.completion_tokens || u.output_tokens || 0;
+        const cr = u.prompt_tokens_details?.cached_tokens || 0;
+        await wma.logAction({
+          framework: 'openai', action_type,
+          tool_name: params?.model || params?.assistant_id || method,
+          model: params?.model || null,
+          duration_ms: Date.now() - start,
+          input_tokens: inT || null,
+          output_tokens: outT || null,
+          cache_read_tokens: cr || null,
+          tokens_used: (inT + outT) || null,
+          status, error,
+          input: { model: params?.model, assistant_id: params?.assistant_id },
+          output: { id: res?.id, status: res?.status },
+        });
+      }
+    };
+  }
+
+  return {
+    wma,
+    wrap(client) {
+      wrapMethod(client?.chat?.completions, 'create', 'llm_call');
+      wrapMethod(client?.completions, 'create', 'llm_call');
+      wrapMethod(client?.beta?.threads?.runs, 'create', 'assistant_run');
+      wrapMethod(client?.beta?.threads?.runs, 'createAndPoll', 'assistant_run');
+      wrapMethod(client?.responses, 'create', 'llm_call');
+      return client;
+    },
+  };
+}

package/src/anonymizer.js

@@ -0,0 +1,48 @@
+import { createHash } from 'node:crypto';
+
+const PII_PATTERNS = [
+  [/\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}\b/g, '[EMAIL]'],
+  [/Bearer\s+[A-Za-z0-9\-_\.=]+/gi, '[TOKEN]'],
+  [/eyJ[A-Za-z0-9_\-]+\.[A-Za-z0-9_\-]+\.[A-Za-z0-9_\-]+/g, '[TOKEN]'],
+  [/\b(sk|pk|rk)-[A-Za-z0-9_\-]{16,}\b/g, '[API_KEY]'],
+  [/\bwma_[A-Za-z0-9_\-]{8,}\b/g, '[API_KEY]'],
+  [/\b(?:\d[ -]*?){13,19}\b/g, '[CARD]'],
+  [/\b\+?\d{1,3}[\s.-]?\(?\d{2,4}\)?[\s.-]?\d{3,4}[\s.-]?\d{3,4}\b/g, '[PHONE]'],
+  [/https?:\/\/[^\s"'<>]+/gi, '[URL]'],
+  [/\b(?:\d{1,3}\.){3}\d{1,3}\b/g, '[IP]'],
+  [/\b(?:[a-f0-9]{1,4}:){7}[a-f0-9]{1,4}\b/gi, '[IP]'],
+];
+
+const HASH_FIELDS = new Set(['user_id', 'session_id', 'agent_id']);
+
+export function scrubString(str) {
+  if (typeof str !== 'string') return str;
+  let out = str;
+  for (const [re, tag] of PII_PATTERNS) out = out.replace(re, tag);
+  return out;
+}
+
+export function hashId(value) {
+  if (value == null) return value;
+  return 'h_' + createHash('sha256').update(String(value)).digest('hex').slice(0, 24);
+}
+
+export function anonymize(obj) {
+  if (obj == null) return obj;
+  if (typeof obj === 'string') return scrubString(obj);
+  if (typeof obj !== 'object') return obj;
+  if (Array.isArray(obj)) return obj.map(anonymize);
+  const out = {};
+  for (const [k, v] of Object.entries(obj)) {
+    if (HASH_FIELDS.has(k) && (typeof v === 'string' || typeof v === 'number')) {
+      out[k] = hashId(v);
+    } else if (typeof v === 'string') {
+      out[k] = scrubString(v);
+    } else if (typeof v === 'object') {
+      out[k] = anonymize(v);
+    } else {
+      out[k] = v;
+    }
+  }
+  return out;
+}

package/src/collector.js

@@ -0,0 +1,113 @@
+import { randomUUID } from 'node:crypto';
+import { Logger } from './logger.js';
+import { Exporter } from './exporter.js';
+import { TokenTracker, estimateCost } from './tokens.js';
+
+let _instance = null;
+
+export class WatchMyAgents {
+  constructor(opts = {}) {
+    this.apiKey = opts.apiKey || process.env.WMA_API_KEY || null;
+    this.agentId = opts.agentId || 'default-agent';
+    this.logDir = opts.logDir || process.env.WMA_LOG_DIR || './watchmyagents-logs';
+    this.exportUrl = opts.exportUrl || process.env.WMA_EXPORT_URL || null;
+    this.silent = opts.silent !== false;
+    this.sessionId = opts.sessionId || randomUUID();
+    this.framework = opts.framework || 'generic';
+    this.tokenPricing = opts.tokenPricing || null;
+    this.tracker = new TokenTracker();
+    this.logger = new Logger({ logDir: this.logDir, agentId: this.agentId, sessionId: this.sessionId, silent: this.silent });
+    this.exporter = new Exporter({
+      apiKey: this.apiKey, exportUrl: this.exportUrl, agentId: this.agentId,
+      batchInterval: opts.batchInterval ?? 30000, silent: this.silent,
+    });
+    this.exporter.start();
+    _instance = this;
+  }
+
+  static current() { return _instance; }
+  static getOrCreate(opts) { return _instance || new WatchMyAgents(opts); }
+
+  summarize(v) {
+    if (v == null) return null;
+    const t = typeof v;
+    if (t === 'string') return { type: 'string', length: v.length };
+    if (t === 'number' || t === 'boolean') return { type: t };
+    if (Array.isArray(v)) return { type: 'array', length: v.length };
+    if (t === 'object') return { type: 'object', keys: Object.keys(v).length };
+    return { type: t };
+  }
+
+  _enrichTokens(entry) {
+    const i = entry.input_tokens, o = entry.output_tokens;
+    const cr = entry.cache_read_tokens || 0, cw = entry.cache_creation_tokens || 0;
+    if (entry.tokens_used == null && (i != null || o != null)) {
+      entry.tokens_used = (i || 0) + (o || 0) + cr + cw;
+    }
+    if (entry.cost_usd == null && entry.model) {
+      entry.cost_usd = estimateCost(entry.model, {
+        input_tokens: i, output_tokens: o,
+        cache_read_tokens: cr, cache_creation_tokens: cw,
+      }, this.tokenPricing);
+    }
+    return entry;
+  }
+
+  async watch(toolName, params, fn, meta = {}) {
+    const start = Date.now();
+    const id = randomUUID();
+    let status = 'ok', error = null, result;
+    try { result = await fn(); return result; }
+    catch (e) { status = 'error'; error = e?.message || String(e); throw e; }
+    finally {
+      const entry = await this.logger.write(this._enrichTokens({
+        id, framework: meta.framework || this.framework,
+        action_type: meta.action_type || 'tool_call',
+        tool_name: toolName, duration_ms: Date.now() - start,
+        model: meta.model ?? null,
+        tokens_used: meta.tokens_used ?? null,
+        input_tokens: meta.input_tokens ?? null,
+        output_tokens: meta.output_tokens ?? null,
+        cache_read_tokens: meta.cache_read_tokens ?? null,
+        cache_creation_tokens: meta.cache_creation_tokens ?? null,
+        status, error, input: params, output: this.summarize(result),
+      }));
+      this.tracker.record(entry);
+      this.exporter.enqueue(this.logger.toExportRecord(entry));
+    }
+  }
+
+  async logAction(entry) {
+    const written = await this.logger.write(this._enrichTokens({ ...entry }));
+    this.tracker.record(written);
+    this.exporter.enqueue(this.logger.toExportRecord(written));
+    return written;
+  }
+
+  tokenStats() { return this.tracker.stats(); }
+
+  async flush() { await this.exporter.flush(); }
+
+  async shutdown() {
+    const stats = this.tracker.stats().total;
+    const entry = await this.logger.write({
+      action_type: 'session_end',
+      tool_name: null,
+      framework: this.framework,
+      status: 'ok',
+      session_tokens: {
+        input: stats.input,
+        output: stats.output,
+        cache_read: stats.cache_read,
+        cache_creation: stats.cache_creation,
+        total: stats.sum,
+      },
+      session_cost_usd: stats.cost_usd,
+    });
+    this.exporter.enqueue(this.logger.toExportRecord(entry));
+    this.exporter.stop();
+    await this.exporter.flush();
+  }
+  get logPath() { return this.logger._pathForToday(); }
+  get actionCount() { return this.logger.count; }
+}

package/src/exporter.js

@@ -0,0 +1,71 @@
+import { request } from 'node:https';
+import { URL } from 'node:url';
+import { createCipheriv, randomBytes, scryptSync } from 'node:crypto';
+import { anonymize } from './anonymizer.js';
+
+const SALT = Buffer.from('watchmyagents.v1.salt', 'utf8');
+
+export class Exporter {
+  constructor({ apiKey, exportUrl, agentId, batchInterval = 30000, silent = true }) {
+    this.apiKey = apiKey;
+    this.exportUrl = exportUrl;
+    this.agentId = agentId;
+    this.silent = silent;
+    this.queue = [];
+    this.enabled = !!(apiKey && exportUrl);
+    this.key = this.enabled ? scryptSync(apiKey, SALT, 32) : null;
+    this.timer = null;
+    this.batchInterval = batchInterval;
+  }
+
+  start() {
+    if (this.timer || !this.enabled) return;
+    this.timer = setInterval(() => this.flush().catch(() => {}), this.batchInterval);
+    if (this.timer.unref) this.timer.unref();
+  }
+  stop() { if (this.timer) { clearInterval(this.timer); this.timer = null; } }
+  enqueue(record) { if (this.enabled) this.queue.push(anonymize(record)); }
+
+  _encrypt(payload) {
+    const iv = randomBytes(16);
+    const c = createCipheriv('aes-256-gcm', this.key, iv);
+    const data = Buffer.concat([c.update(payload, 'utf8'), c.final()]);
+    return { iv: iv.toString('base64'), tag: c.getAuthTag().toString('base64'), data: data.toString('base64') };
+  }
+
+  async flush() {
+    if (!this.exportUrl || !this.apiKey || this.queue.length === 0) return;
+    const batch = this.queue.splice(0, this.queue.length);
+    const body = JSON.stringify({ agent_id: this.agentId, count: batch.length, records: batch });
+    const payload = JSON.stringify({ v: 1, agent_id: this.agentId, ...this._encrypt(body) });
+    for (let attempt = 1; attempt <= 3; attempt++) {
+      try { await this._post(payload); return; }
+      catch (e) {
+        if (attempt === 3) {
+          this.queue.unshift(...batch);
+          if (!this.silent) process.stderr.write(`[wma] export failed: ${e.message}\n`);
+          return;
+        }
+        await new Promise(r => setTimeout(r, 1000 * 2 ** attempt));
+      }
+    }
+  }
+
+  _post(payload) {
+    return new Promise((resolve, reject) => {
+      let u; try { u = new URL(this.exportUrl); } catch (e) { return reject(e); }
+      if (u.protocol !== 'https:') return reject(new Error('HTTPS only'));
+      const req = request({
+        host: u.hostname, port: u.port || 443, path: u.pathname + u.search,
+        method: 'POST', rejectUnauthorized: true,
+        headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(payload), 'X-WMA-Key': this.apiKey },
+      }, res => {
+        res.resume();
+        if (res.statusCode >= 200 && res.statusCode < 300) resolve();
+        else reject(new Error(`HTTP ${res.statusCode}`));
+      });
+      req.on('error', reject);
+      req.write(payload); req.end();
+    });
+  }
+}

package/src/index.cjs

@@ -0,0 +1,36 @@
+'use strict';
+
+// CommonJS entrypoint — re-exports the ESM build via dynamic import.
+// All consumers receive the same singleton-backed API.
+
+const esmPromise = import('./index.js');
+
+function bind(name) {
+  return async function (...args) {
+    const mod = await esmPromise;
+    return mod[name](...args);
+  };
+}
+
+class WatchMyAgentsLazy {
+  constructor(opts) {
+    this._ready = esmPromise.then(mod => new mod.WatchMyAgents(opts));
+  }
+  async watch(...args) { return (await this._ready).watch(...args); }
+  async logAction(...args) { return (await this._ready).logAction(...args); }
+  async flush() { return (await this._ready).flush(); }
+  async shutdown() { return (await this._ready).shutdown(); }
+  get instance() { return this._ready; }
+}
+
+module.exports = WatchMyAgentsLazy;
+module.exports.default = WatchMyAgentsLazy;
+module.exports.WatchMyAgents = WatchMyAgentsLazy;
+module.exports.watch = bind('watch');
+module.exports.createGenericMonitor = bind('createGenericMonitor');
+module.exports.createClaudeMonitor = bind('createClaudeMonitor');
+module.exports.createOpenAIMonitor = bind('createOpenAIMonitor');
+module.exports.createLangChainHandler = bind('createLangChainHandler');
+module.exports.anonymize = bind('anonymize');
+module.exports.scrubString = bind('scrubString');
+module.exports.hashId = bind('hashId');