Agent Monitor overview
See what coding agents like Cursor and Claude Code are doing. The Agent Monitor captures every file read, command execution, and MCP tool call before it happens—so you can detect risky behavior and block dangerous actions in real time.
What it captures
| Event type | Examples |
|---|---|
| File reads | Source code, .env files, SSH keys, config files |
| Commands | Bash execution, package installs, git operations |
| MCP tool calls | Database queries, API calls, file operations |
| Prompts | What users are asking agents to do |
What you can do with it
See activity in real time — The live activity feed shows every action across your organization as it happens. Filter by user, tool type, or time range.
Create rules — Block specific patterns (like kubectl get secrets), flag sensitive file access, or get Slack notifications when something looks risky. See Rules.
Audit later — Every action is logged with user identity, timestamp, and full context. Export for compliance or SIEM integration.
How it works
Agent Monitor uses lightweight hook scripts that run locally on developer machines. When an agent tries to take an action, the hook sends it to MintMCP for logging and policy evaluation. If a rule blocks the action, the agent sees an error instead of the result.
The hooks are:
- Non-blocking for allowed actions (sub-millisecond overhead)
- Local-first — no cloud dependency for normal operation
- Configurable — choose which actions to monitor