watchmyagents 0.9.0 → 0.9.1

package/README.md

@@ -121,6 +121,8 @@ wma-fetch (--agent-id <agent_id> | --all-agents) [--session-id <sess_id>] [--sin
 | `--watch` | **Continuous daemon** — loop forever, incrementally capturing NEW events (deduped by stable event id) until `Ctrl+C` |
 | `--interval 5m` | Poll interval in watch mode (default `5m`; accepts `30s`/`1h`/…) |
 | `--upload` | In watch mode, anonymize each new window and ship signals to Fortress (needs `WMA_API_KEY` + `WMA_FORTRESS_BASE_URL` + `WMA_SIGNALS_SALT`). Raw stays local. |
+| `--discovery-since 7d` | Window for discovering NEW sessions (default `7d`). Sessions already being tracked are re-fetched regardless of age, so long-running ones never drop out. |
+| `--send-agent-names` | Opt-in: send the human agent name as the Fortress `display_name`. Default sends the agent id only (the name may contain client/project info). |
 | `--api-key sk-ant-…` | Override the `ANTHROPIC_API_KEY` env var. **Discouraged** — visible in shell history & process list. Prefer the env var. |
 
 Logs land in `./watchmyagents-logs/<agent_id>/<date>.ndjson` (file mode `0600`, dir `0700`).
@@ -153,7 +155,7 @@ wma-upload-fortress --agent-id agent_01ABC... [--display-name "My agent"]
 wma-upload-fortress --agent-id agent_xxx --dry-run
 ```
 
-**What is sent:** counts, latencies, salted IoC hashes, sequences — same as `wma-anonymize` output.
+**What is sent:** the anonymized signals payload (counts, latencies, salted IoC hashes, sequences — same as `wma-anonymize` output) **plus two routing identifiers**: your `anthropic_agent_id` and a `display_name`. The agent id is required so Fortress can associate signals with the right agent; `display_name` defaults to the agent id and only carries the human-readable agent name if you opt in (`wma-fetch --watch --upload --send-agent-names`).
 **What is NOT sent:** raw prompts, raw URLs/commands/queries, raw agent responses, raw error messages. All payload content stays on your machine.
 
 The endpoint auto-registers the agent on the first upload if it doesn't exist in Fortress yet — no manual onboarding needed for new agents.
@@ -245,9 +247,9 @@ WatchMyAgents is built so that **your prompts and outputs never have to leave yo
 |---|---|
 | **Your machine** (`./watchmyagents-logs/`) | Full NDJSON with all prompts, tool inputs, agent outputs. `chmod 600` on every file. |
 | **Anthropic API** | Where the agent runs. WMA pulls events via the public REST API only. |
-| **WMA infrastructure** | **Nothing today.** Future opt-in telemetry will ship only anonymized metadata (counts, timings, hashes) — never raw payloads. |
+| **WMA Fortress** (opt-in, only with `--upload` / `wma-upload-fortress` / `wma-shield --policies-source fortress`) | The **anonymized signals** payload (counts, timings, salted hashes, sequences) + two routing identifiers: your `anthropic_agent_id` and a `display_name` (defaults to the agent id; the human agent name only with `--send-agent-names`). Shield enforcement **decisions** (hashed session/event/input fingerprints — never raw values). **Never** raw prompts, URLs, commands, or outputs. |
 
-This is the "local-first" guarantee. It is the product, not a marketing claim.
+This is the "local-first" guarantee: **raw payloads never leave your machine.** Cloud upload is opt-in and carries only anonymized metadata + the agent id/name needed to route it.
 
 ## Security
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "watchmyagents",
-  "version": "0.9.0",
+  "version": "0.9.1",
   "description": "Security observability + real-time policy enforcement for AI agents. Local-first NDJSON capture with a continuous Watch daemon that auto-uploads anonymized signals, Shield CLI that blocks policy violations live (with policies pulled from Fortress cloud), anonymizer producing signals-only payloads, bidirectional sync with WatchMyAgents Fortress, and one-command install as an always-on launchd/systemd service — closing the recursive Watch→Guardian→Shield security loop.",
   "type": "module",
   "files": [

package/scripts/fetch-anthropic.js

@@ -202,76 +202,95 @@ async function fetchOneShot({ apiKey, agentId, model, logDir, since, sessionId,
 }
 
 // ── CONTINUOUS / DAEMON (single agent or whole fleet) ───────────────────────
-// `agents` = [{ agentId, model, displayName }]. One process watches them all.
-async function runWatch({ apiKey, agents, logDir, intervalMs, uploadCtx }) {
+// resolveAgents() returns the current fleet [{agentId, model, displayName}] each
+// cycle — in fleet mode it RE-DISCOVERS so agents created after startup get picked
+// up. `windowMs` bounds discovery of NEW sessions, but sessions we're ALREADY
+// tracking are re-fetched regardless of age, so a long-running (>window) session
+// never drops out of capture. `sendNames`: include the human agent name in the
+// Fortress display_name (opt-in); default sends the agent id only (Modèle C).
+async function runWatch({ apiKey, resolveAgents, fleet, logDir, intervalMs, windowMs, uploadCtx, sendNames }) {
+  let agents = await resolveAgents();
   const seenIds = new Set();     // stable Anthropic event ids already captured
   for (const ag of agents) {
     for (const id of await preloadSeenIds(logDir, ag.agentId)) seenIds.add(id);
   }
   const loggers = new Map();     // sessionId → Logger (session ids are globally unique)
-  const ended = new Set();       // sessions we've already closed with session_end
+  const ended = new Set();       // terminated sessions (skip)
+  const sessionAgent = new Map();// sessionId → { agentId, model, displayName }
 
   const ac = new AbortController();
   const shutdown = () => { info('shutting down…'); ac.abort(); };
   process.on('SIGINT', shutdown);
   process.on('SIGTERM', shutdown);
 
-  const fleet = agents.length > 1;
-  info(`watch mode — ${agents.length} agent(s), interval ${Math.round(intervalMs / 1000)}s, upload ${uploadCtx ? 'ON' : 'OFF'}, ${seenIds.size} known events preloaded`);
+  info(`watch mode — ${agents.length} agent(s)${fleet ? ' (fleet, re-discovered each cycle)' : ''}, interval ${Math.round(intervalMs / 1000)}s, discovery window ${Math.round(windowMs / 3600000)}h, upload ${uploadCtx ? 'ON' : 'OFF'}, ${seenIds.size} known events preloaded`);
 
   while (!ac.signal.aborted) {
-    const since = new Date(Date.now() - 24 * 3600 * 1000);
-    let cycleNew = 0;
+    if (fleet) { const next = await resolveAgents(); if (next.length) agents = next; }
+    const since = new Date(Date.now() - windowMs);
 
+    // (1) Discover sessions in the window; register the owning agent for each.
     for (const ag of agents) {
       if (ac.signal.aborted) break;
       const tag = fleet ? `[${ag.displayName}] ` : '';
       let sessions = [];
       try { sessions = await listSessions(apiKey, { agentId: ag.agentId, since }); }
       catch (e) { warn(`${tag}listSessions failed: ${e.message}`); continue; }
-
       for (const s of sessions) {
-        if (!s.id || ended.has(s.id)) continue;
-        let logger = loggers.get(s.id);
-        if (!logger) { logger = new Logger({ logDir, agentId: ag.agentId, sessionId: s.id, silent: true }); loggers.set(s.id, logger); }
-
-        const fresh = [];
-        let sawTerminated = false;
-        try {
-          for await (const entry of fetchSessionEntries({ apiKey, agentId: ag.agentId, sessionId: s.id, model: ag.model })) {
-            if (entry.id && seenIds.has(entry.id)) continue;
-            if (entry.id) seenIds.add(entry.id);
-            const written = await logger.write(entry);
-            fresh.push(written);
-            if (entry.action_type === 'state_transition'
-                && entry.output?.scope === 'session'
-                && entry.output?.state === 'terminated') sawTerminated = true;
-          }
-        } catch (e) { warn(`${tag}session ${s.id.slice(0, 16)}…: fetch failed: ${e.message}`); continue; }
+        if (s.id && !ended.has(s.id) && !sessionAgent.has(s.id)) {
+          sessionAgent.set(s.id, { agentId: ag.agentId, model: ag.model, displayName: ag.displayName });
+        }
+      }
+    }
 
-        if (fresh.length === 0) continue;
-        cycleNew += fresh.length;
-        info(`${tag}session ${s.id.slice(0, 16)}…: +${fresh.length} new event(s)`);
+    // (2) Capture every tracked, not-yet-ended session — REGARDLESS of age. This
+    // is what stops a long-running session created before the window from silently
+    // dropping out of monitoring (and, paired with Shield, out of enforcement).
+    let cycleNew = 0;
+    for (const [sid, ag] of sessionAgent) {
+      if (ac.signal.aborted) break;
+      if (ended.has(sid)) continue;
+      const tag = fleet ? `[${ag.displayName}] ` : '';
+      let logger = loggers.get(sid);
+      if (!logger) { logger = new Logger({ logDir, agentId: ag.agentId, sessionId: sid, silent: true }); loggers.set(sid, logger); }
 
-        if (uploadCtx) {
-          try {
-            const resp = await uploadSignals(uploadCtx, ag.agentId, ag.displayName, fresh);
-            if (resp?.signal_id) info(`  ↑ signals uploaded (signal_id ${resp.signal_id})`);
-          } catch (e) { warn(`  signals upload failed: ${e.message}`); }
+      const fresh = [];
+      let sawTerminated = false;
+      try {
+        for await (const entry of fetchSessionEntries({ apiKey, agentId: ag.agentId, sessionId: sid, model: ag.model })) {
+          if (entry.id && seenIds.has(entry.id)) continue;
+          if (entry.id) seenIds.add(entry.id);
+          const written = await logger.write(entry);
+          fresh.push(written);
+          if (entry.action_type === 'state_transition'
+              && entry.output?.scope === 'session'
+              && entry.output?.state === 'terminated') sawTerminated = true;
         }
+      } catch (e) { warn(`${tag}session ${sid.slice(0, 16)}…: fetch failed: ${e.message}`); continue; }
 
-        if (sawTerminated) {
-          const tracker = new TokenTracker();
-          for (const e of fresh) tracker.record(e);
-          const stats = tracker.stats().total;
-          await logger.write({
-            action_type: 'session_end', framework: 'anthropic-managed', status: 'ok', model: ag.model,
-            session_tokens: { input: stats.input, output: stats.output, cache_read: stats.cache_read, cache_creation: stats.cache_creation, total: stats.sum },
-            session_cost_usd: stats.cost_usd || null,
-          });
-          ended.add(s.id);
-          info(`${tag}session ${s.id.slice(0, 16)}… terminated — closed`);
-        }
+      if (fresh.length === 0) continue;
+      cycleNew += fresh.length;
+      info(`${tag}session ${sid.slice(0, 16)}…: +${fresh.length} new event(s)`);
+
+      if (uploadCtx) {
+        try {
+          const resp = await uploadSignals(uploadCtx, ag.agentId, sendNames ? ag.displayName : ag.agentId, fresh);
+          if (resp?.signal_id) info(`  ↑ signals uploaded (signal_id ${resp.signal_id})`);
+        } catch (e) { warn(`  signals upload failed: ${e.message}`); }
+      }
+
+      if (sawTerminated) {
+        const tracker = new TokenTracker();
+        for (const e of fresh) tracker.record(e);
+        const stats = tracker.stats().total;
+        await logger.write({
+          action_type: 'session_end', framework: 'anthropic-managed', status: 'ok', model: ag.model,
+          session_tokens: { input: stats.input, output: stats.output, cache_read: stats.cache_read, cache_creation: stats.cache_creation, total: stats.sum },
+          session_cost_usd: stats.cost_usd || null,
+        });
+        ended.add(sid);
+        sessionAgent.delete(sid);   // bound memory: terminated sessions aren't re-fetched
+        info(`${tag}session ${sid.slice(0, 16)}… terminated — closed`);
       }
     }
 
@@ -318,30 +337,49 @@ async function main() {
     uploadCtx = { apiKey: wmaKey, salt, url: fortressEndpoint(base, 'ingest-signals') };
   }
 
-  // Resolve the agent list: the whole fleet (--all-agents) or a single agent.
-  let agents;
-  if (allAgents) {
-    info('discovering agents (fleet mode)…');
-    const all = await listAgents(apiKey).catch((e) => die(`failed to list agents: ${e.message}`));
-    agents = all
-      .filter((a) => a.id && isValidAgentId(a.id))
-      .map((a) => ({ agentId: a.id, model: resolveModel(a), displayName: cleanLabel(a.name || a.id) }));
-    if (agents.length === 0) die('error: no agents found under this API key');
-    info(`fleet: ${agents.length} agent(s) — ${agents.map((a) => a.displayName).join(', ')}`);
-  } else {
-    info(`resolving agent ${agentId}…`);
-    const agent = await getAgent(apiKey, agentId).catch((e) => die(`failed to GET agent: ${e.message}`));
-    agents = [{ agentId, model: resolveModel(agent), displayName: cleanLabel(agent.name || agentId) }];
-    info(`model: ${agents[0].model || '(unknown)'}`);
-  }
-
   if (watch) {
     const intervalMs = parseDurationMs(args.interval, 5 * 60_000);
-    await runWatch({ apiKey, agents, logDir, intervalMs, uploadCtx });
+    // Discovery window for NEW sessions (default 7d, configurable). Sessions we
+    // already track are re-fetched regardless of age, so long-lived ones don't drop.
+    const windowMs = parseDurationMs(args['discovery-since'], 7 * 24 * 3600_000);
+    const sendNames = !!args['send-agent-names'];
+
+    let resolveAgents;
+    if (allAgents) {
+      // Re-discover the fleet each cycle: agents created after startup get picked
+      // up, gone ones drop off. Keep the last good list if a discovery call fails.
+      let lastFleet = [];
+      resolveAgents = async () => {
+        const all = await listAgents(apiKey).catch((e) => { warn(`fleet re-discovery failed (keeping last): ${e.message}`); return null; });
+        if (!all) return lastFleet;
+        const next = all
+          .filter((a) => a.id && isValidAgentId(a.id))
+          .map((a) => ({ agentId: a.id, model: resolveModel(a), displayName: cleanLabel(a.name || a.id) }));
+        const prev = new Set(lastFleet.map((a) => a.agentId));
+        const cur = new Set(next.map((a) => a.agentId));
+        for (const a of next) if (!prev.has(a.agentId)) info(`fleet: + ${a.displayName}`);
+        for (const a of lastFleet) if (!cur.has(a.agentId)) info(`fleet: − ${a.displayName} (gone)`);
+        lastFleet = next;
+        return next;
+      };
+      info('discovering agents (fleet mode)…');
+      const first = await resolveAgents();
+      if (first.length === 0) die('error: no agents found under this API key');
+      info(`fleet: ${first.length} agent(s) — ${first.map((a) => a.displayName).join(', ')}`);
+    } else {
+      info(`resolving agent ${agentId}…`);
+      const agent = await getAgent(apiKey, agentId).catch((e) => die(`failed to GET agent: ${e.message}`));
+      const single = [{ agentId, model: resolveModel(agent), displayName: cleanLabel(agent.name || agentId) }];
+      info(`model: ${single[0].model || '(unknown)'}`);
+      resolveAgents = async () => single;
+    }
+
+    await runWatch({ apiKey, resolveAgents, fleet: allAgents, logDir, intervalMs, windowMs, uploadCtx, sendNames });
   } else {
+    info(`resolving agent ${agentId}…`);
+    const agent = await getAgent(apiKey, agentId).catch((e) => die(`failed to GET agent: ${e.message}`));
     const since = args.since ? parseSince(args.since) : null;
-    const a = agents[0];
-    await fetchOneShot({ apiKey, agentId: a.agentId, model: a.model, logDir, since, sessionId: args['session-id'], dumpRaw: !!args['dump-raw'] });
+    await fetchOneShot({ apiKey, agentId, model: resolveModel(agent), logDir, since, sessionId: args['session-id'], dumpRaw: !!args['dump-raw'] });
   }
 }
 

package/scripts/shield.js

@@ -57,6 +57,14 @@ function info(msg) { process.stdout.write(`[shield] ${msg}\n`); }
 function warn(msg) { process.stderr.write(`[shield] ⚠️  ${msg}\n`); }
 function sinfo(sid, msg) { process.stdout.write(`[shield/${sid.slice(0, 12)}] ${msg}\n`); }
 function swarn(sid, msg) { process.stderr.write(`[shield/${sid.slice(0, 12)}] ⚠️  ${msg}\n`); }
+const sleep = (ms, signal) => new Promise((res) => {
+  const t = setTimeout(res, ms);
+  if (signal) signal.addEventListener('abort', () => { clearTimeout(t); res(); }, { once: true });
+});
+function parseWindowMs(v, fallback) {
+  const m = v && String(v).match(/^(\d+)\s*([smhd])$/);
+  return m ? parseInt(m[1], 10) * { s: 1000, m: 60_000, h: 3_600_000, d: 86_400_000 }[m[2]] : fallback;
+}
 
 const CACHEABLE_TOOL_TYPES = new Set([
   'agent.tool_use', 'agent.mcp_tool_use', 'agent.custom_tool_use',
@@ -319,6 +327,10 @@ async function runSessionWorker({ sessionId, ctx }) {
 // ────────────────────────────────────────────────────────────────────────
 async function runAgentWide(ctx) {
   const { apiKey, agentId, signal } = ctx;
+  // Discovery window for sessions we haven't attached yet (default 7d). Already-
+  // attached workers stream until the session terminates regardless of age, so a
+  // long-running session never loses enforcement once attached.
+  const discoveryWindowMs = ctx.discoveryWindowMs || 7 * 24 * 3600_000;
   const workers = new Map();      // sessionId → AbortController (active workers)
   const cooldown = new Map();     // sessionId → unix-ms timestamp when re-attach is allowed
 
@@ -332,9 +344,7 @@ async function runAgentWide(ctx) {
   async function discoverAndAttach() {
     let sessions;
     try {
-      // Look at sessions from the last 24h (anything older that's still idle
-      // is probably stale; the user can extend the window if needed).
-      const since = new Date(Date.now() - 24 * 3600_000);
+      const since = new Date(Date.now() - discoveryWindowMs);
       sessions = await listSessions(apiKey, { agentId, since });
     } catch (e) {
       warn(`listSessions failed: ${e.message}`);
@@ -424,6 +434,7 @@ async function main() {
   });
   const logDir = resolve(args['log-dir'] || './watchmyagents-logs');
   const allAgents = !!args['all-agents'];
+  const discoveryWindowMs = parseWindowMs(args['discovery-since'], 7 * 24 * 3600_000);
 
   if (!apiKey) die('error: --api-key or ANTHROPIC_API_KEY required');
   if (!allAgents && !agentId) die('error: --agent-id required (or --all-agents for fleet mode)');
@@ -530,22 +541,47 @@ async function main() {
     return {
       apiKey, agentId: aid,
       get ruleset() { return fortressPolicies ? fortressPolicies.current() : ruleset; },
-      mode, decisions, pushDecisionToFortress, signalsSalt, signal: ac.signal,
+      mode, decisions, pushDecisionToFortress, signalsSalt, signal: ac.signal, discoveryWindowMs,
     };
   }
 
-  // Phase 1: arm every agent. Fail LOUD if none armed (otherwise the process would
-  // exit silently and — under launchd/systemd — restart-loop without a clear cause).
-  const ctxs = (await Promise.all(agentIds.map(setupAgent))).filter(Boolean);
-  if (ctxs.length === 0) {
-    die(`error: no agents could be armed (${agentIds.length} discovered; all policy fetches failed). Check WMA_API_KEY / WMA_FORTRESS_BASE_URL.`);
+  if (!fleet) {
+    // Single agent: arm + run (blocks until SIGINT/SIGTERM). die() on failure
+    // already fires inside setupAgent for the non-fleet path.
+    const ctx = await setupAgent(agentIds[0]);
+    await (singleSessionId ? runSessionWorker({ sessionId: singleSessionId, ctx }) : runAgentWide(ctx));
+    return;
   }
-  if (fleet) info(`armed ${ctxs.length}/${agentIds.length} agent(s); watching.`);
 
-  // Phase 2: run each agent's loop (blocks until SIGINT/SIGTERM).
-  await Promise.all(ctxs.map((ctx) => (
-    singleSessionId ? runSessionWorker({ sessionId: singleSessionId, ctx }) : runAgentWide(ctx)
-  )));
+  // Fleet: arm all discovered agents, then RECONCILE periodically so an agent
+  // created after startup gets armed + protected without a restart. A per-agent
+  // arm failure is skipped and retried on the next reconcile.
+  const armed = new Set();
+  const running = [];
+  const armNew = async (ids) => {
+    for (const aid of ids) {
+      if (armed.has(aid)) continue;
+      const ctx = await setupAgent(aid);
+      if (!ctx) continue;                 // skipped (policy fetch failed) → retry next reconcile
+      armed.add(aid);
+      running.push(runAgentWide(ctx));    // fire; blocks on the shared signal until shutdown
+      info(`fleet: armed ${aid.slice(0, 16)}…`);
+    }
+  };
+  await armNew(agentIds);
+  if (armed.size === 0) {
+    die(`error: no agents could be armed (${agentIds.length} discovered; all policy fetches failed). Check WMA_API_KEY / WMA_FORTRESS_BASE_URL.`);
+  }
+  info(`fleet: ${armed.size}/${agentIds.length} agent(s) armed; reconciling every 60s for new agents.`);
+  while (!ac.signal.aborted) {
+    await sleep(60_000, ac.signal);
+    if (ac.signal.aborted) break;
+    let all;
+    try { all = await listAgents(apiKey); }
+    catch (e) { warn(`fleet reconcile failed (keeping current): ${e.message}`); continue; }
+    await armNew(all.map((a) => a.id).filter((id) => id && isValidAgentId(id)));
+  }
+  await Promise.all(running);
 }
 
 main().catch(e => {