ProofAgent Harness 0.8: Coding-Agent Observability Arrives
ProofAgent Harness 0.8: Watch the Coding Agents You Use, Live
ProofAgent Harness 0.8 is out, and it doubles what the harness covers. Until now it evaluated the agents you build: multi-turn adversarial red teaming and artifact grading against a multi-agent jury. This release adds a second plane, observability and risk screening for the coding agents you use, Claude Code, Cursor, and any tool that touches your repo, through two new commands: proof watch and proof session. Same open-source harness, same evidence format, one governance gate. The new one-line identity: pytest + observability infrastructure for AI agents.
TL;DR.pip install -U proofagent-harnessgets you 0.8.0. New:proof watchattaches to a live Claude Code or Cursor session and screens every action for risk at zero token cost, plus a harness-synthesized intent trajectory of what the agent did;proof sessiondoes the same over a finished session. Built on the Human-on-the-Bridge (HOB) paradigm: observe-only, never blocks the agent. One heads-up for upgraders:--intervalis now measured in seconds (it was minutes).
One Harness, Two Planes
The mental model for 0.8 is simple. Evaluation answers "is the agent I am about to ship safe and ready?" for the agents you build. Observability answers "what is the agent in my repo actually doing?" for the coding agents you use. Both run on the same open-source harness and emit the same evidence, so a watched Claude Code session lands in the governance dashboard with the same machinery as a red-team evaluation. Evaluation was already here; observability is what 0.8 adds.
proof watch — Live Coding-Agent Observability
Point it at the coding agent working in your repository and it screens the session as it happens. Claude Code and Cursor are detected natively; anything else (Codex, Copilot, Aider, Windsurf) is captured through the workspace git diff. Two cadences, both in seconds: --screen-every runs the risk screening at 0 tokens, and --interval runs the harness synthesis and the dashboard sync.
pip install -U proofagent-harness
proof watch --agent "my-claude" \
--screen-every 30 \ # risk screening cadence, seconds (0 tokens)
--interval 300 \ # harness synthesis cadence, seconds
--escalate-on high \ # severity that triggers the deep assessment
--llm gpt-4.1-mini # harness LLM for the synthesis
- Intelligent risk screening, at zero token cost. Every event, prompts, file writes, shell commands, network calls, is screened continuously, and each finding carries its evidence.
- A single live run. The growing session is upserted to the dashboard under a stable session key, so the trajectory and risk fill in near real time instead of creating a new run every scan.
- Observe-only. The harness watches and assesses; it never blocks, edits, or steers the coding agent.
- Redaction first. Key-shaped tokens become
…and emails become<email>before anything leaves the process. - CI-friendly.
--oncetakes a single snapshot and exits; Ctrl-C flushes a final snapshot.
proof session — Assess a Finished Session
Not every session is watched live. proof session replays a completed Claude Code transcript, or the workspace git diff of any tool with --from-git, through the same risk screen and intent trajectory, and adds an access map: every file read and written, command run, and host contacted. It is now idempotent, re-running updates the same dashboard run instead of duplicating it.
proof session --tool auto --narrate
proof session --from-git --scope "src/**" --deny "**/.env,**/secrets/**"
What proof watch Screens For
| Risk flagged | What it catches |
|---|---|
| Leaked secrets | API keys, tokens, and credentials written into code or run in a command. |
| PII exposure | Real emails, SSNs, or card numbers the agent handles or pastes. |
| Dangerous commands | Destructive shell, reverse shells, and pipe-to-shell installs. |
| Unexpected network egress | Calls to hosts outside your allowlist. |
| Out-of-scope writes | Changes to paths outside --scope or inside --deny. |
| Insecure code | Injection-prone patterns, disabled TLS, and weak crypto. |
The Intent Trajectory
Screening finds the risks; the harness synthesis makes the session legible. One harness LLM pass reads the whole session and labels each turn with a canonical intent in standardized language, what the agent did, and the risks along the way, so a hundred raw events become a handful of readable steps. It is signal-driven by default (it deepens the analysis when something new happens) and --analyze-every-interval forces it every interval. Two numbers summarize a session honestly: peak risk (worst-case severity, so one leaked key reads 9.0/10) and clean rate (how much of the session carried no finding).
Also in 0.8
| Change | What it means |
|---|---|
Breaking: --interval is now seconds | Was minutes. It now matches --screen-every. Update any script that passed --interval assuming minutes. |
Preflight checks on proof watch | Verifies the tool connection, probes the harness LLM, and prints the upload target before the loop, so a bad key or model surfaces up front instead of degrading silently. |
| Honest token accounting | Eval tokens accumulate across scans, the narrated flag is true only when the LLM actually spent tokens, and a failed synthesis surfaces an error instead of quietly showing prompt-like intents. |
| Hardened redaction | Secrets and emails are masked in every uploaded free-text field: prompts, intents, event messages and targets, and access-map commands. Findings now carry the event timestamp so the dashboard attributes them to the right turn. |
| Repositioned docs | The README is rebuilt around the two planes. The ProofAgent Governance platform is documented as a separate commercial product; --upload is the single, optional integration point. |
| Fixed | The deep-assessment (--assess) token spend is no longer overwritten by the cumulative narration total; offline intent labels strip conversational preamble; repo hygiene for the OSS release (stray artifacts removed, local editor state ignored). |
Upgrade
# from PyPI
pip install -U proofagent-harness
proof version # → proofagent-harness 0.8.0
# start watching a live coding session (streams to your terminal)
proof watch --agent "my-claude" --no-upload
To stream a watched session to the governance dashboard as a live run, register your coding agent on the ProofAgent Governance platform, generate an API key under Settings → API Keys, export it as PROOFAGENT_API_KEY, and drop the --no-upload flag. Everything runs locally by default; the harness is LLM agnostic, so bring your own model.
Links
- Install: PyPI · GitHub.
- Docs: Coding-agent observability · full documentation.
- Deep dive: Coding Agent Observability: watching Claude Code and Cursor live.
- Paradigm: Bousetouane, Human-on-the-Bridge: Scalable Evaluation for AI Agents (2026).
