vigilo

vigilo is a local MCP server that runs over stdio and records every tool call an AI agent makes. It does not expose a network port; it writes activity to a local ledger and provides a real-time dashboard and command surface to explore the recorded sessions. After installation, you run vigilo in MCP mode and either let it auto-detect the agent (Claude Code or Cursor) or configure agents manually. Use vigilo view to inspect a ledger grouped by session, vigilo stats to see aggregate metrics, and vigilo dashboard to visualize live activity in a web UI. The tool logs include the tool name, arguments, results, timing, risk, and optional git context, with encryption-at-rest for saved event data. The dashboard can be launched locally on port 7847 by default or on a custom port with vigilo dashboard --port <port>.

Prerequisites:

• Rust toolchain (Rustup and Cargo) installed, or use the official installation script.
• A Unix-like environment (macOS/Linux) or Windows with appropriate tooling.

Install via the official script (recommended):

curl -fsSL https://raw.githubusercontent.com/Idan3011/vigilo/main/install.sh | bash

Install from source (builds the binary with Cargo):

# clone the repo
git clone https://github.com/Idan3011/vigilo.git
cd vigilo

# build the binary
cargo install --path .

Initial setup (interactive):

vigilo setup

This configures MCP servers, hooks, and optionally generates an encryption key and saves settings to ~/.vigilo/config.

Running the MCP server (default mode reads stdio):

vigilo

Optional: run the dashboard (default port 7847):

vigilo dashboard

If you prefer manual setup, see docs/manual-setup.md for UUID/config examples and environment variable details.

Tips and notes:

• Vigilo runs entirely locally and does not exfiltrate data over the network. The only exception is vigilo cursor-usage, which makes opt-in HTTPS requests to cursor.com to fetch token usage.
• Encryption at rest is enabled by default; a key is generated on first run and stored at ~/.vigilo/encryption.key. You can override it by setting VIGILO_ENCRYPTION_KEY.
• The ledger is stored at ~/.vigilo/events.jsonl and is encrypted; metadata remains Plaintext for searchability.
• If you start the dashboard and the port is in use, Vigilo will prompt for a random available port.
• The MCP server interface is designed for stdio-based agents; there is no listening network socket by default. This aligns with MCP’s philosophy of local, private tool-use logging.
• For manual configuration, consult docs/configuration.md and docs/commands.md to tailor environment variables, logging, and key management.