← All posts
Releases

ProofAgent Harness 0.8: Coding-Agent Observability Arrives

ProofAgent Team · Jul 13, 2026 · 5 min read
Dashboard showing live coding agent observability and risk screening features in Harness 0.8 release

ProofAgent Harness 0.8: Watch the Coding Agents You Use, Live

ProofAgent Harness 0.8 is out, and it doubles what the harness covers. Until now it evaluated the agents you build: multi-turn adversarial red teaming and artifact grading against a multi-agent jury. This release adds a second plane, observability and risk screening for the coding agents you use, Claude Code, Cursor, and any tool that touches your repo, through two new commands: proof watch and proof session. Same open-source harness, same evidence format, one governance gate. The new one-line identity: pytest + observability infrastructure for AI agents.

TL;DR. pip install -U proofagent-harness gets you 0.8.0. New: proof watch attaches to a live Claude Code or Cursor session and screens every action for risk at zero token cost, plus a harness-synthesized intent trajectory of what the agent did; proof session does the same over a finished session. Built on the Human-on-the-Bridge (HOB) paradigm: observe-only, never blocks the agent. One heads-up for upgraders: --interval is now measured in seconds (it was minutes).

One Harness, Two Planes

The mental model for 0.8 is simple. Evaluation answers "is the agent I am about to ship safe and ready?" for the agents you build. Observability answers "what is the agent in my repo actually doing?" for the coding agents you use. Both run on the same open-source harness and emit the same evidence, so a watched Claude Code session lands in the governance dashboard with the same machinery as a red-team evaluation. Evaluation was already here; observability is what 0.8 adds.

proof watch — Live Coding-Agent Observability

Point it at the coding agent working in your repository and it screens the session as it happens. Claude Code and Cursor are detected natively; anything else (Codex, Copilot, Aider, Windsurf) is captured through the workspace git diff. Two cadences, both in seconds: --screen-every runs the risk screening at 0 tokens, and --interval runs the harness synthesis and the dashboard sync.

pip install -U proofagent-harness

proof watch --agent "my-claude" \
    --screen-every 30 \      # risk screening cadence, seconds (0 tokens)
    --interval 300 \         # harness synthesis cadence, seconds
    --escalate-on high \     # severity that triggers the deep assessment
    --llm gpt-4.1-mini       # harness LLM for the synthesis
  • Intelligent risk screening, at zero token cost. Every event, prompts, file writes, shell commands, network calls, is screened continuously, and each finding carries its evidence.
  • A single live run. The growing session is upserted to the dashboard under a stable session key, so the trajectory and risk fill in near real time instead of creating a new run every scan.
  • Observe-only. The harness watches and assesses; it never blocks, edits, or steers the coding agent.
  • Redaction first. Key-shaped tokens become and emails become <email> before anything leaves the process.
  • CI-friendly. --once takes a single snapshot and exits; Ctrl-C flushes a final snapshot.

proof session — Assess a Finished Session

Not every session is watched live. proof session replays a completed Claude Code transcript, or the workspace git diff of any tool with --from-git, through the same risk screen and intent trajectory, and adds an access map: every file read and written, command run, and host contacted. It is now idempotent, re-running updates the same dashboard run instead of duplicating it.

proof session --tool auto --narrate
proof session --from-git --scope "src/**" --deny "**/.env,**/secrets/**"

What proof watch Screens For

Risk flaggedWhat it catches
Leaked secretsAPI keys, tokens, and credentials written into code or run in a command.
PII exposureReal emails, SSNs, or card numbers the agent handles or pastes.
Dangerous commandsDestructive shell, reverse shells, and pipe-to-shell installs.
Unexpected network egressCalls to hosts outside your allowlist.
Out-of-scope writesChanges to paths outside --scope or inside --deny.
Insecure codeInjection-prone patterns, disabled TLS, and weak crypto.

The Intent Trajectory

Screening finds the risks; the harness synthesis makes the session legible. One harness LLM pass reads the whole session and labels each turn with a canonical intent in standardized language, what the agent did, and the risks along the way, so a hundred raw events become a handful of readable steps. It is signal-driven by default (it deepens the analysis when something new happens) and --analyze-every-interval forces it every interval. Two numbers summarize a session honestly: peak risk (worst-case severity, so one leaked key reads 9.0/10) and clean rate (how much of the session carried no finding).

Also in 0.8

ChangeWhat it means
Breaking: --interval is now secondsWas minutes. It now matches --screen-every. Update any script that passed --interval assuming minutes.
Preflight checks on proof watchVerifies the tool connection, probes the harness LLM, and prints the upload target before the loop, so a bad key or model surfaces up front instead of degrading silently.
Honest token accountingEval tokens accumulate across scans, the narrated flag is true only when the LLM actually spent tokens, and a failed synthesis surfaces an error instead of quietly showing prompt-like intents.
Hardened redactionSecrets and emails are masked in every uploaded free-text field: prompts, intents, event messages and targets, and access-map commands. Findings now carry the event timestamp so the dashboard attributes them to the right turn.
Repositioned docsThe README is rebuilt around the two planes. The ProofAgent Governance platform is documented as a separate commercial product; --upload is the single, optional integration point.
FixedThe deep-assessment (--assess) token spend is no longer overwritten by the cumulative narration total; offline intent labels strip conversational preamble; repo hygiene for the OSS release (stray artifacts removed, local editor state ignored).

Upgrade

# from PyPI
pip install -U proofagent-harness
proof version                     # → proofagent-harness 0.8.0

# start watching a live coding session (streams to your terminal)
proof watch --agent "my-claude" --no-upload

To stream a watched session to the governance dashboard as a live run, register your coding agent on the ProofAgent Governance platform, generate an API key under Settings → API Keys, export it as PROOFAGENT_API_KEY, and drop the --no-upload flag. Everything runs locally by default; the harness is LLM agnostic, so bring your own model.

Links

#agent-observability#risk-screening#ai-governance#ai-engineer#security-team#devops#claude-code#cursor#pytest#llm#multi-agent#red-teaming#artifact-grading#ai-evaluation#llm-safety
See all posts →