watchmyagents 0.5.0 → 0.8.0

package/README.md

@@ -25,7 +25,7 @@ You'll need:
 ```bash
 export ANTHROPIC_API_KEY="sk-ant-..."
 
-wma-fetch --agent-id agent_01XaN... --since 1h
+wma-fetch --agent-id agent_01ABC... --since 1h
 wma-inspect
 ```
 
@@ -107,6 +107,7 @@ Each entry carries: `id`, `agent_id`, `framework`, `timestamp`, `action_type`, `
 ```bash
 wma-fetch --agent-id <agent_id> [--session-id <sess_id>] [--since 1h]
          [--log-dir ./watchmyagents-logs] [--dump-raw]
+         [--watch [--interval 5m] [--upload]]
 ```
 
 | Flag | Effect |
@@ -116,6 +117,9 @@ wma-fetch --agent-id <agent_id> [--session-id <sess_id>] [--since 1h]
 | `--session-id sesn_xxx` | Limit to a single session |
 | `--log-dir ./logs` | Where to write NDJSON (default `./watchmyagents-logs`) |
 | `--dump-raw` | Also save raw API events alongside (forensic / debugging) |
+| `--watch` | **Continuous daemon** — loop forever, incrementally capturing NEW events (deduped by stable event id) until `Ctrl+C` |
+| `--interval 5m` | Poll interval in watch mode (default `5m`; accepts `30s`/`1h`/…) |
+| `--upload` | In watch mode, anonymize each new window and ship signals to Fortress (needs `WMA_API_KEY` + `WMA_FORTRESS_BASE_URL` + `WMA_SIGNALS_SALT`). Raw stays local. |
 | `--api-key sk-ant-…` | Override the `ANTHROPIC_API_KEY` env var. **Discouraged** — visible in shell history & process list. Prefer the env var. |
 
 Logs land in `./watchmyagents-logs/<agent_id>/<date>.ndjson` (file mode `0600`, dir `0700`).
@@ -141,7 +145,7 @@ export WMA_API_KEY="wma_..."                    # from Fortress dashboard → Se
 export WMA_FORTRESS_URL="https://<your-project>.supabase.co/functions/v1/ingest-signals"
 export WMA_SIGNALS_SALT="..."                   # same salt as wma-anonymize
 
-wma-upload-fortress --agent-id agent_01XaN... [--display-name "My agent"]
+wma-upload-fortress --agent-id agent_01ABC... [--display-name "My agent"]
 # → POSTs the anonymized payload. Server returns signal_id + agent_id.
 
 # Inspect what WOULD be posted, without uploading:
@@ -163,20 +167,58 @@ wma-inspect [path]
 
 Outputs sections aligned with security audit needs: tokens summary, by-tool / by-action-type breakdowns, top tool destinations (URLs / queries), action-sequence transitions, tool error rates, p50/p95/max latency per tool, rate metrics.
 
-## Automating (cron)
+## Automating — continuous monitoring
 
-For continuous monitoring, run `wma-fetch` on a cron:
+### `wma-service` — install as an always-on service (recommended)
+
+The turnkey way: install Watch (and optionally Shield) as an OS-native service
+that starts at login, restarts on crash, and runs with **no terminal**.
+
+```bash
+export ANTHROPIC_API_KEY="sk-ant-..."
+export WMA_API_KEY="wma_..."
+export WMA_FORTRESS_BASE_URL="https://<project>.supabase.co/functions/v1"
+export WMA_SIGNALS_SALT="..."                                 # stable per-customer salt
+
+wma-service install --agent-id agent_01ABC... --interval 5m [--with-shield]
+wma-service status
+wma-service uninstall [--with-shield]
+```
+
+- macOS → **launchd** LaunchAgent · Linux → **systemd** user unit.
+- Secrets are snapshotted to `~/.watchmyagents/env` (**chmod 600**) and loaded at
+  runtime — **never** written into the plist/unit.
+- `--with-shield` also runs `wma-shield --policies-source fortress` always-on for
+  live enforcement.
+- Raw logs stay local (`~/.watchmyagents/logs`); only anonymized signals upload.
+
+After this, the full Watch→Guardian→Shield loop runs hands-off.
+
+### `wma-fetch --watch` — the daemon directly
+
+If you'd rather run the loop in a terminal you control (the service wraps this):
+
+```bash
+wma-fetch --agent-id agent_01ABC... --watch --upload --interval 5m
+```
+
+It loops until `Ctrl+C`, dedupes by the stable Anthropic event id (no duplicate
+log lines across cycles), and is restart-safe (it preloads already-captured
+event ids on startup). The raw NDJSON never leaves your machine; only the
+anonymized signals are uploaded.
+
+### cron alternative (one-shot)
+
+If you'd rather not run a daemon, schedule one-shot fetches:
 
 ```cron
 # Every 15 minutes
-*/15 * * * * cd /path/to/project && wma-fetch --agent-id agent_01XaN... --since 20m
+*/15 * * * * cd /path/to/project && wma-fetch --agent-id agent_01ABC... --since 20m
 ```
 
-Or for daily reports:
-
 ```cron
 # Once per night, fetch the full last 24h
-5 0 * * * cd /path/to/project && wma-fetch --agent-id agent_01XaN... --since 25h
+5 0 * * * cd /path/to/project && wma-fetch --agent-id agent_01ABC... --since 25h
 ```
 
 ## Data sovereignty model
@@ -205,15 +247,30 @@ Report vulnerabilities via [SECURITY.md](./SECURITY.md).
 
 ## Shield — real-time policy enforcement
 
-`wma-shield` (shipped in v0.2.0) is the real-time enforcement companion to Watch. It streams agent events live, evaluates them against a local JSON policy file, and blocks tool calls that violate the policy via `user.tool_confirmation` (when the agent has `permission_policy: always_ask` configured) or `user.interrupt` (zero-setup fallback).
+`wma-shield` is the real-time enforcement companion to Watch. It streams agent events live, evaluates them against a policy ruleset, and blocks tool calls that violate the policy via `user.tool_confirmation` (when the agent has `permission_policy: always_ask` configured) or `user.interrupt` (zero-setup fallback).
+
+### Two policy sources (v0.6.0+)
 
+**Local JSON** (standalone — no cloud dependency):
 ```bash
-# Agent-wide mode — attaches to ALL active sessions of the agent automatically.
-# Run under a process supervisor (systemd, pm2, docker) for production.
 wma-shield --agent-id agent_xxx --policy ./policies.json
 ```
 
-Shield auto-detects the best enforcement mode at startup:
+**Fortress cloud** (policies managed in the dashboard, auto-refreshed every 5 min):
+```bash
+export ANTHROPIC_API_KEY="sk-ant-..."
+export WMA_API_KEY="wma_..."
+export WMA_FORTRESS_BASE_URL="https://<project>.supabase.co/functions/v1"
+export WMA_SIGNALS_SALT="..."          # same salt as wma-upload-fortress (for cross-table IoC correlation)
+
+wma-shield --agent-id agent_xxx --policies-source fortress
+```
+
+In Fortress mode, Shield also POSTs each enforcement decision back to Fortress (`/functions/v1/ingest-decisions`), so the dashboard's live timeline + Loop Visualizer light up in real time.
+
+### Enforcement mode auto-detection
+
+Shield auto-detects the best mode at startup:
 - **tool_confirmation** (precise, pre-execution blocking) when at least one tool has `permission_policy: always_ask`
 - **interrupt** (degraded, post-execution termination) otherwise
 
@@ -232,7 +289,8 @@ Decisions are logged to the same NDJSON stream as Watch (`action_type: shield_de
 - ✅ Anonymized telemetry to WMA Fortress cloud (`wma-upload-fortress` in v0.5.0)
 - ✅ Guardian AI (cloud) — automatic policy suggestions from observed behavior
 - ✅ Fortress (cloud) — dashboard + human-in-the-loop validation queue
-- 🚧 Shield policy puller from Fortress (replace local JSON with cloud-synced policies)
+- ✅ Shield policy puller from Fortress (`wma-shield --policies-source fortress` in v0.6.0)
+- ✅ Shield decisions push to Fortress (live timeline + Loop Visualizer)
 - 🚧 Encrypted upload to customer's own cloud (S3/GCS/Azure with `age` public-key encryption)
 
 ## License

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "watchmyagents",
-  "version": "0.5.0",
-  "description": "Security observability + real-time policy enforcement for AI agents. Local-first NDJSON capture, Shield CLI that blocks policy violations live, anonymizer producing signals-only payloads, and an upload command that ships anonymized telemetry to WatchMyAgents Fortress (the cloud control plane).",
+  "version": "0.8.0",
+  "description": "Security observability + real-time policy enforcement for AI agents. Local-first NDJSON capture with a continuous Watch daemon that auto-uploads anonymized signals, Shield CLI that blocks policy violations live (with policies pulled from Fortress cloud), anonymizer producing signals-only payloads, bidirectional sync with WatchMyAgents Fortress, and one-command install as an always-on launchd/systemd service — closing the recursive Watch→Guardian→Shield security loop.",
   "type": "module",
   "files": [
     "src/",
@@ -10,6 +10,7 @@
     "scripts/shield.js",
     "scripts/anonymize.js",
     "scripts/upload-fortress.js",
+    "scripts/service.js",
     "README.md",
     "SECURITY.md",
     "LICENSE"
@@ -19,14 +20,16 @@
     "wma-fetch": "scripts/fetch-anthropic.js",
     "wma-shield": "scripts/shield.js",
     "wma-anonymize": "scripts/anonymize.js",
-    "wma-upload-fortress": "scripts/upload-fortress.js"
+    "wma-upload-fortress": "scripts/upload-fortress.js",
+    "wma-service": "scripts/service.js"
   },
   "scripts": {
     "inspect": "node scripts/inspect.js",
     "fetch": "node scripts/fetch-anthropic.js",
     "shield": "node scripts/shield.js",
     "anonymize": "node scripts/anonymize.js",
-    "upload-fortress": "node scripts/upload-fortress.js"
+    "upload-fortress": "node scripts/upload-fortress.js",
+    "service": "node scripts/service.js"
   },
   "engines": {
     "node": ">=18.0.0"

package/scripts/anonymize.js

@@ -16,7 +16,9 @@
 
 import { readdir, stat, writeFile } from 'node:fs/promises';
 import { resolve, join } from 'node:path';
-import { SignalsAggregator, anonymizeFile } from '../src/anonymizer.js';
+import { SignalsAggregator } from '../src/anonymizer.js';
+import { createReadStream } from 'node:fs';
+import { createInterface } from 'node:readline';
 
 function parseArgs(argv) {
   const out = {};
@@ -84,30 +86,18 @@ and save it in .env.local.`);
     die(`error: no .ndjson files found at ${target}`);
   }
 
-  // Aggregate across all files into one big payload (typical: one fetch run)
+  // Aggregate across all files into one signals payload, single pass.
   const agg = new SignalsAggregator({ salt });
   for (const f of files) {
-    const partial = await anonymizeFile(f, { salt });
-    // Merge counts (a bit clunky — for the MVP we just re-iterate via agg)
-    // Simpler: aggregate over the files using the same agg instance.
-    // Re-implement here cleanly:
-    void partial;
-  }
-  // Re-do cleanly with a single aggregator across files:
-  const oneAgg = new SignalsAggregator({ salt });
-  for (const f of files) {
-    const { createReadStream } = await import('node:fs');
-    const { createInterface } = await import('node:readline');
-    const stream = createReadStream(f, { encoding: 'utf8' });
-    const rl = createInterface({ input: stream, crlfDelay: Infinity });
+    const rl = createInterface({ input: createReadStream(f, { encoding: 'utf8' }), crlfDelay: Infinity });
     for await (const line of rl) {
       if (!line.trim()) continue;
       let e; try { e = JSON.parse(line); } catch { continue; }
-      oneAgg.add(e);
+      agg.add(e);
     }
   }
 
-  const signals = oneAgg.finalize();
+  const signals = agg.finalize();
 
   const json = JSON.stringify(signals, null, 2);
   if (args.out) {

package/scripts/fetch-anthropic.js

@@ -1,17 +1,35 @@
 #!/usr/bin/env node
-// wma-fetch — pull session events from Anthropic Managed Agents and
-// write them as WatchMyAgents NDJSON, ready for `wma-inspect`.
+// wma-fetch — pull session events from Anthropic Managed Agents and write them
+// as WatchMyAgents NDJSON, ready for `wma-inspect`.
 //
-// Usage:
-//   wma-fetch --agent-id agent_xxx [--session-id sess_xxx] [--since 1h]
-//             [--log-dir ./watchmyagents-logs] [--dump-raw]
+// Two modes:
 //
-// API key is read from --api-key or env ANTHROPIC_API_KEY.
+//   ONE-SHOT (default):
+//     wma-fetch --agent-id agent_xxx [--session-id sess_xxx] [--since 1h]
+//               [--log-dir ./watchmyagents-logs] [--dump-raw]
+//
+//   CONTINUOUS / DAEMON:
+//     wma-fetch --agent-id agent_xxx --watch [--interval 5m] [--upload]
+//     Loops until SIGINT. Each cycle incrementally fetches NEW events (deduped
+//     by the stable Anthropic event id), appends them to the NDJSON, and — with
+//     --upload — anonymizes the new window and ships signals to Fortress. This
+//     automates the Watch leg of the WGS loop so Guardian gets fresh data with
+//     no manual step. The raw NDJSON always stays local (Modèle C).
+//
+// API key from --api-key or env ANTHROPIC_API_KEY.
+// --upload also needs: WMA_API_KEY, WMA_FORTRESS_BASE_URL, WMA_SIGNALS_SALT.
 
-import { mkdir, appendFile } from 'node:fs/promises';
+import { mkdir, appendFile, readdir } from 'node:fs/promises';
+import { createReadStream } from 'node:fs';
+import { createInterface } from 'node:readline';
 import { join, resolve } from 'node:path';
+import { request as httpsRequest } from 'node:https';
+import { URL } from 'node:url';
 import { Logger } from '../src/logger.js';
 import { TokenTracker } from '../src/tokens.js';
+import { SignalsAggregator } from '../src/anonymizer.js';
+import { resolveFortressBase, fortressEndpoint } from '../src/fortress/url.js';
+import { isValidAgentId, isValidSessionId, assertSafePathSegment } from '../src/validate.js';
 import {
   getAgent, listSessions, fetchSessionEntries, fetchRawEvents,
 } from '../src/sources/anthropic-managed.js';
@@ -30,71 +48,126 @@ function parseArgs(argv) {
   return out;
 }
 
-function parseSince(s) {
-  if (!s || s === true) return null;
+function parseDurationMs(s, fallback) {
+  if (!s || s === true) return fallback;
   const m = String(s).match(/^(\d+)\s*([smhd])$/);
   if (m) {
     const n = parseInt(m[1], 10);
-    const mult = { s: 1000, m: 60_000, h: 3_600_000, d: 86_400_000 }[m[2]];
-    return new Date(Date.now() - n * mult);
+    return n * { s: 1000, m: 60_000, h: 3_600_000, d: 86_400_000 }[m[2]];
   }
+  throw new Error(`invalid duration: ${s} (use e.g. 30s, 5m, 1h, 2d)`);
+}
+
+function parseSince(s) {
+  if (!s || s === true) return null;
+  const m = String(s).match(/^(\d+)\s*([smhd])$/);
+  if (m) return new Date(Date.now() - parseDurationMs(s));
   const d = new Date(s);
   if (isNaN(d)) throw new Error(`invalid --since value: ${s}`);
   return d;
 }
 
 function die(msg, code = 1) { process.stderr.write(`${msg}\n`); process.exit(code); }
+function info(msg) { process.stdout.write(`[wma-fetch] ${msg}\n`); }
+function warn(msg) { process.stderr.write(`[wma-fetch] ⚠️  ${msg}\n`); }
 
-async function main() {
-  const args = parseArgs(process.argv.slice(2));
-  const apiKey = args['api-key'] || process.env.ANTHROPIC_API_KEY;
-  const agentId = args['agent-id'];
-  const sessionId = args['session-id'];
-  const since = args.since ? parseSince(args.since) : null;
-  const logDir = resolve(args['log-dir'] || './watchmyagents-logs');
-  const dumpRaw = !!args['dump-raw'];
+function resolveModel(agent) {
+  const raw = agent.model || agent.config?.model || null;
+  return (raw && typeof raw === 'object') ? (raw.id || null) : raw;
+}
 
-  if (!apiKey) die('error: --api-key or ANTHROPIC_API_KEY required');
-  if (!agentId) die('error: --agent-id required (e.g. agent_01XaNB4M88ZvcW8FoQ5GC14A)');
+// HTTPS POST helper for the --upload signals push (mirrors wma-upload-fortress).
+function postJson(url, headers, body) {
+  return new Promise((resolveReq, rejectReq) => {
+    const u = new URL(url);
+    if (u.protocol !== 'https:') return rejectReq(new Error(`refusing non-https URL: ${url}`));
+    const data = Buffer.from(body);
+    const req = httpsRequest({
+      method: 'POST', hostname: u.hostname, port: u.port || 443,
+      path: u.pathname + (u.search || ''),
+      headers: { ...headers, 'content-type': 'application/json', 'content-length': data.length },
+      rejectUnauthorized: true,
+    }, (res) => {
+      const chunks = [];
+      res.on('data', (c) => chunks.push(c));
+      res.on('end', () => {
+        const raw = Buffer.concat(chunks).toString('utf8');
+        let parsed = null; try { parsed = JSON.parse(raw); } catch { /* keep raw */ }
+        resolveReq({ status: res.statusCode || 0, body: parsed ?? raw });
+      });
+    });
+    req.on('error', rejectReq);
+    req.write(data); req.end();
+  });
+}
 
-  // Security: --api-key on the command line ends up in shell history and is
-  // visible to other processes via /proc/<pid>/cmdline. Strongly prefer the
-  // ANTHROPIC_API_KEY environment variable.
-  if (args['api-key']) {
-    process.stderr.write(
-      '[wma-fetch] warning: --api-key on the command line is visible in shell history and\n' +
-      '            in the process list. Prefer: export ANTHROPIC_API_KEY=...\n'
-    );
+// Anonymize a batch of just-written entries and ship them as one signals row.
+async function uploadSignals(uploadCtx, agentId, displayName, entries) {
+  const agg = new SignalsAggregator({ salt: uploadCtx.salt });
+  for (const e of entries) agg.add(e);
+  const sig = agg.finalize();
+  if (!sig.window_start || !sig.window_end) return null; // nothing datable to ship
+  const body = JSON.stringify({
+    anthropic_agent_id: agentId,
+    display_name: displayName,
+    window_start: sig.window_start,
+    window_end: sig.window_end,
+    payload: sig.payload,
+  });
+  const { status, body: resp } = await postJson(
+    uploadCtx.url, { authorization: `Bearer ${uploadCtx.apiKey}` }, body,
+  );
+  if (status < 200 || status >= 300) {
+    throw new Error(`ingest-signals HTTP ${status}: ${typeof resp === 'string' ? resp.slice(0, 200) : JSON.stringify(resp)}`);
+  }
+  return resp;
+}
+
+// Preload already-written entry ids so a restarted daemon doesn't re-append
+// events captured in a previous run (dedup by the stable Anthropic event id).
+async function preloadSeenIds(logDir, agentId) {
+  const seen = new Set();
+  const dir = join(logDir, agentId);
+  let names;
+  try { names = await readdir(dir); } catch { return seen; }
+  for (const name of names) {
+    if (!name.endsWith('.ndjson') || name.startsWith('raw-')) continue;
+    await new Promise((res) => {
+      const rl = createInterface({ input: createReadStream(join(dir, name), { encoding: 'utf8' }), crlfDelay: Infinity });
+      rl.on('line', (line) => {
+        if (!line.trim()) return;
+        try { const e = JSON.parse(line); if (e.id) seen.add(e.id); } catch { /* skip */ }
+      });
+      rl.on('close', res);
+      rl.on('error', res);
+    });
   }
+  return seen;
+}
 
-  process.stdout.write(`[wma-fetch] resolving agent ${agentId}…\n`);
-  const agent = await getAgent(apiKey, agentId).catch(e => die(`failed to GET agent: ${e.message}`));
-  const rawModel = agent.model || agent.config?.model || null;
-  // API may return model as { id, speed } object or as a plain string.
-  const model = (rawModel && typeof rawModel === 'object') ? (rawModel.id || null) : rawModel;
-  process.stdout.write(`[wma-fetch] model: ${model || '(unknown)'}\n`);
+const sleep = (ms, signal) => new Promise((res) => {
+  const t = setTimeout(res, ms);
+  if (signal) signal.addEventListener('abort', () => { clearTimeout(t); res(); }, { once: true });
+});
 
+// ── ONE-SHOT ──────────────────────────────────────────────────────────────
+async function fetchOneShot({ apiKey, agentId, model, logDir, since, sessionId, dumpRaw }) {
   let sessions;
   if (sessionId) {
     sessions = [{ id: sessionId, created_at: new Date().toISOString() }];
   } else {
-    process.stdout.write(`[wma-fetch] listing sessions${since ? ` since ${since.toISOString()}` : ''}…\n`);
-    sessions = await listSessions(apiKey, { agentId, since })
-      .catch(e => die(`failed to list sessions: ${e.message}`));
-  }
-
-  if (sessions.length === 0) {
-    process.stdout.write('[wma-fetch] no sessions to fetch\n');
-    return;
+    info(`listing sessions${since ? ` since ${since.toISOString()}` : ''}…`);
+    sessions = await listSessions(apiKey, { agentId, since }).catch((e) => die(`failed to list sessions: ${e.message}`));
   }
-  process.stdout.write(`[wma-fetch] ${sessions.length} session(s) to fetch\n`);
+  if (sessions.length === 0) { info('no sessions to fetch'); return; }
+  info(`${sessions.length} session(s) to fetch`);
 
   let totalEntries = 0;
   for (const s of sessions) {
     const sid = s.id;
     process.stdout.write(`\n[wma-fetch] session ${sid}\n`);
-
     if (dumpRaw) {
+      assertSafePathSegment(sid, 'session-id'); // defense-in-depth: sid → file path
       const rawPath = join(logDir, agentId, `raw-${sid}.jsonl`);
       await mkdir(join(logDir, agentId), { recursive: true, mode: 0o700 });
       for await (const ev of fetchRawEvents(apiKey, sid)) {
@@ -102,39 +175,147 @@ async function main() {
       }
       process.stdout.write(`  raw events  → ${rawPath}\n`);
     }
-
     const logger = new Logger({ logDir, agentId, sessionId: sid, silent: true });
     const tracker = new TokenTracker();
-
     let count = 0;
     for await (const entry of fetchSessionEntries({ apiKey, agentId, sessionId: sid, model })) {
       const written = await logger.write(entry);
       tracker.record(written);
       count++;
     }
-
     const stats = tracker.stats().total;
-    const sessionEnd = await logger.write({
-      action_type: 'session_end',
-      framework: 'anthropic-managed',
-      status: 'ok',
-      model,
-      session_tokens: {
-        input: stats.input, output: stats.output,
-        cache_read: stats.cache_read, cache_creation: stats.cache_creation,
-        total: stats.sum,
-      },
+    await logger.write({
+      action_type: 'session_end', framework: 'anthropic-managed', status: 'ok', model,
+      session_tokens: { input: stats.input, output: stats.output, cache_read: stats.cache_read, cache_creation: stats.cache_creation, total: stats.sum },
       session_cost_usd: stats.cost_usd || null,
     });
-
     process.stdout.write(`  entries     : ${count} (+1 session_end)\n`);
     process.stdout.write(`  tokens      : in=${stats.input} out=${stats.output} cache_r=${stats.cache_read} cache_w=${stats.cache_creation}\n`);
     process.stdout.write(`  written to  : ${logger._pathForToday()}\n`);
     totalEntries += count + 1;
   }
-
   process.stdout.write(`\n[wma-fetch] done — ${totalEntries} total entries across ${sessions.length} session(s)\n`);
   process.stdout.write(`[wma-fetch] inspect with: npx wma-inspect ${logDir}\n`);
 }
 
-main().catch(e => { process.stderr.write(`error: ${e.stack || e.message}\n`); process.exit(1); });
+// ── CONTINUOUS / DAEMON ─────────────────────────────────────────────────────
+async function runWatch({ apiKey, agentId, model, displayName, logDir, intervalMs, uploadCtx }) {
+  const seenIds = await preloadSeenIds(logDir, agentId);
+  const loggers = new Map();     // sessionId → Logger (persists sequence across cycles)
+  const ended = new Set();       // sessions we've already closed with session_end
+
+  const ac = new AbortController();
+  const shutdown = () => { info('shutting down…'); ac.abort(); };
+  process.on('SIGINT', shutdown);
+  process.on('SIGTERM', shutdown);
+
+  info(`watch mode — interval ${Math.round(intervalMs / 1000)}s, upload ${uploadCtx ? 'ON' : 'OFF'}, ${seenIds.size} known events preloaded`);
+
+  while (!ac.signal.aborted) {
+    const since = new Date(Date.now() - 24 * 3600 * 1000);
+    let sessions = [];
+    try { sessions = await listSessions(apiKey, { agentId, since }); }
+    catch (e) { warn(`listSessions failed: ${e.message}`); }
+
+    let cycleNew = 0;
+    for (const s of sessions) {
+      if (!s.id || ended.has(s.id)) continue;
+      let logger = loggers.get(s.id);
+      if (!logger) { logger = new Logger({ logDir, agentId, sessionId: s.id, silent: true }); loggers.set(s.id, logger); }
+
+      const fresh = [];
+      let sawTerminated = false;
+      try {
+        for await (const entry of fetchSessionEntries({ apiKey, agentId, sessionId: s.id, model })) {
+          if (entry.id && seenIds.has(entry.id)) continue;
+          if (entry.id) seenIds.add(entry.id);
+          const written = await logger.write(entry);
+          fresh.push(written);
+          if (entry.action_type === 'state_transition'
+              && entry.output?.scope === 'session'
+              && entry.output?.state === 'terminated') sawTerminated = true;
+        }
+      } catch (e) { warn(`session ${s.id}: fetch failed: ${e.message}`); continue; }
+
+      if (fresh.length === 0) continue;
+      cycleNew += fresh.length;
+      info(`session ${s.id.slice(0, 16)}…: +${fresh.length} new event(s)`);
+
+      if (uploadCtx) {
+        try {
+          const resp = await uploadSignals(uploadCtx, agentId, displayName, fresh);
+          if (resp?.signal_id) info(`  ↑ signals uploaded (signal_id ${resp.signal_id})`);
+        } catch (e) { warn(`  signals upload failed: ${e.message}`); }
+      }
+
+      if (sawTerminated) {
+        const tracker = new TokenTracker();
+        for (const e of fresh) tracker.record(e);
+        const stats = tracker.stats().total;
+        await logger.write({
+          action_type: 'session_end', framework: 'anthropic-managed', status: 'ok', model,
+          session_tokens: { input: stats.input, output: stats.output, cache_read: stats.cache_read, cache_creation: stats.cache_creation, total: stats.sum },
+          session_cost_usd: stats.cost_usd || null,
+        });
+        ended.add(s.id);
+        info(`session ${s.id.slice(0, 16)}… terminated — closed`);
+      }
+    }
+
+    if (cycleNew === 0) info('cycle: no new events');
+    await sleep(intervalMs, ac.signal);
+  }
+  info('stopped.');
+}
+
+async function main() {
+  const args = parseArgs(process.argv.slice(2));
+  const apiKey = args['api-key'] || process.env.ANTHROPIC_API_KEY;
+  const agentId = args['agent-id'];
+  const logDir = resolve(args['log-dir'] || './watchmyagents-logs');
+  const watch = !!args.watch;
+  const upload = !!args.upload;
+
+  if (!apiKey) die('error: --api-key or ANTHROPIC_API_KEY required');
+  if (!agentId) die('error: --agent-id required (e.g. agent_01ABC...)');
+  if (!isValidAgentId(agentId)) {
+    die(`error: --agent-id has invalid format (expected "agent_" + alphanumeric, got "${agentId}")`);
+  }
+  const sessionIdArg = args['session-id'];
+  if (sessionIdArg && !isValidSessionId(sessionIdArg)) {
+    die(`error: --session-id has invalid format (expected "sesn_" + alphanumeric, got "${sessionIdArg}")`);
+  }
+  if (args['api-key']) {
+    warn('--api-key on the command line is visible in shell history and the process list. Prefer: export ANTHROPIC_API_KEY=...');
+  }
+  if (upload && !watch) die('error: --upload requires --watch (continuous mode). For one-shot upload use wma-upload-fortress.');
+
+  // Resolve upload config up-front (so a misconfig fails before the loop starts).
+  let uploadCtx = null;
+  if (upload) {
+    const wmaKey = process.env.WMA_API_KEY;
+    const salt = process.env.WMA_SIGNALS_SALT;
+    const base = resolveFortressBase({});
+    if (!wmaKey) die('error: --upload needs WMA_API_KEY env (from Fortress dashboard → Settings → API Keys)');
+    if (!base) die('error: --upload needs WMA_FORTRESS_BASE_URL env (https://<project>.supabase.co/functions/v1)');
+    if (!salt) die('error: --upload needs WMA_SIGNALS_SALT env (stable per-customer hex secret)');
+    if (salt.length < 16) die('error: WMA_SIGNALS_SALT too short (need ≥16 hex chars)');
+    uploadCtx = { apiKey: wmaKey, salt, url: fortressEndpoint(base, 'ingest-signals') };
+  }
+
+  info(`resolving agent ${agentId}…`);
+  const agent = await getAgent(apiKey, agentId).catch((e) => die(`failed to GET agent: ${e.message}`));
+  const model = resolveModel(agent);
+  const displayName = agent.name || agentId;
+  info(`model: ${model || '(unknown)'}`);
+
+  if (watch) {
+    const intervalMs = parseDurationMs(args.interval, 5 * 60_000);
+    await runWatch({ apiKey, agentId, model, displayName, logDir, intervalMs, uploadCtx });
+  } else {
+    const since = args.since ? parseSince(args.since) : null;
+    await fetchOneShot({ apiKey, agentId, model, logDir, since, sessionId: args['session-id'], dumpRaw: !!args['dump-raw'] });
+  }
+}
+
+main().catch((e) => { process.stderr.write(`error: ${e.stack || e.message}\n`); process.exit(1); });