AgentSight (built on eunomia-bpf) is an eBPF-based observability tool that monitors AI agent activities and correlates agent intent with system actions using TLS interception and a secondary LLM for analysis. While it provides valuable insights into agent behavior, AgentSight is monitor-only — it cannot block unauthorized access. Guardian Shell provides both monitoring and kernel-level enforcement, with per-agent policies and interactive approval workflows.
Feature Comparison
| Feature | Guardian Shell | AgentSight |
|---|---|---|
| Cgroup-based agent isolation | Guardian Launcher (default) | ✕ |
| eBPF-based monitoring | ✓ | ✓ |
| Kernel-level enforcement | LSM BPF hooks | ✕ |
| Per-agent policies | ✓ | ✕ |
| Interactive approval workflow | ✓ | ✕ |
| TLS interception | ✕ | ✓ |
| LLM intent analysis | ✕ | ✓ |
| Web dashboard | ✓ | ✕ |
| Alerting (Slack, email, webhooks) | ✓ | ✕ |
| Prometheus metrics | ✓ | ✕ |
| Standalone (no K8s) | ✓ | ✓ |
| Language | Rust | C |
| CPU overhead | < 3% | Moderate |
Why Choose Guardian Shell
- ✓Cgroup-based agent isolation — launch each agent via Guardian Launcher into its own cgroup with unspoofable kernel identity
- ✓Monitors AND enforces — blocks unauthorized access at the kernel level, not just logs it
- ✓Per-agent security policies with resource limits (memory, CPU, PIDs) — different rules for different AI agents
- ✓Interactive approval workflows — humans approve sensitive access in real time
- ✓Written in memory-safe Rust (AgentSight uses C)
- ✓Simpler TOML configuration — no complex YAML or CRDs
- ✓Built-in web dashboard with real-time event streaming
The Verdict
AgentSight provides unique value by correlating agent intent with system actions through TLS interception and LLM analysis — something Guardian Shell doesn't do. However, AgentSight cannot prevent unauthorized access; it only observes. Guardian Shell fills the critical gap by combining monitoring with kernel-level enforcement, per-agent policies, and interactive approvals. For teams that need to actually control what agents can do, not just watch what they did, Guardian Shell is the stronger choice. Ideally, both tools complement each other.