Agent Inspector

Agent Inspector is a VS Code-compatible extension for monitoring AI coding agent context, visible files, estimated token usage, and trust signals from inside your editor.

Demo

What It Does

Agent Inspector gives you a local dashboard for understanding what an AI coding session can see, how much context it may be using, and where trust or privacy risks may exist.

Because VS Code APIs do not expose private token counters from other AI extensions, Agent Inspector combines local signals:

• agent-like terminal detection,
• manually started agent sessions,
• open editor context estimation,
• configurable context window limits,
• optional usage files from tools that write token logs,
• local agent and model metadata when available,
• a dashboard webview inside the editor and activity bar.

Agent Inspector also includes the AI Trust Layer feature set:

• installed extension permission and data-flow risk scanning,
• domain allowlist/denylist policy for cloud AI calls,
• redaction rules that scrub likely secrets before outbound requests,
• Safe Agent mode with plan, diff, apply, and verify steps,
• scope locks so AI edits can only touch selected paths,
• one-click roll back of the last AI-applied edit,
• project folder and file security scans with configurable exclusions,
• optional Ollama-based local LLM explanations of scan results and logs,
• custom regex security rules with import/export commands,
• a Trust Layer activity-bar sidebar, status summary, and security dashboard.

Supported Agent Signals

The dashboard includes profiles for coding-agent sessions and agent modes:

• Claude Code
• Codex
• Gemini CLI
• GitHub Copilot Agent
• Cursor Agent
• Aider
• Antigravity agents
• GPT-OSS-backed local agents
• OpenClaw/OpenCode-style local agents

Each card explains its detection signal, estimated tokens consumed, tokens left, and assumed context capacity.

Each card also shows:

• context estimate tokens,
• manually recorded message tokens,
• model-level rows when a model name is found or configured,
• per-model folder and open-file visibility telemetry, including which editor files are visible to the context estimate,
• optional credit estimates,
• context window size,
• reset time,
• privacy and permission status.

Getting Started

1. Install Agent Inspector in VS Code or an Open VSX-compatible editor.
2. Run Agent Inspector: Show Token Dashboard from the command palette.
3. Open files or start an agent terminal session to populate context estimates.
4. Use Agent Inspector: Record Message Tokens when you want to manually add exact message-token counts.
5. Add agentInspector.usageFiles if your agent writes usage data to a local JSON, JSONL, or text log.

The main dashboard also opens from the Agent Inspector activity-bar sidebar. It has separate tabs for Usage, Privacy Telemetry, and Trust Layer security controls.

By default, Agent Inspector only shows agents detected in the current IDE through installed extensions, matching terminals, manual sessions, or usage logs. Detected agents can show an estimated usage state when provider-specific telemetry is not available but open editor context exists.

When a real usage log or manually recorded message tokens are available, those exact message tokens are used for total consumed. Open-editor context is then shown separately only when it is being used as an estimate, so the same tokens are not shown twice.

Limitations

• Token totals are estimates unless they come from a supported usage log or manually recorded message.
• Agent Inspector does not read private provider telemetry from Claude, Codex, Gemini, Copilot, Cursor, or other AI extensions.
• Open-editor context estimates are approximate and depend on the files currently visible to VS Code.
• Project scans, local usage-log discovery, process probing, and Safe Agent edits require a trusted local workspace.
• Virtual workspaces are not supported because the extension depends on local filesystem, terminal, and process access.

Commands

• Agent Inspector: Show Token Dashboard
• Agent Inspector: Refresh Token Usage
• Agent Inspector: Start Agent Session
• Agent Inspector: Stop Agent Session
• Agent Inspector: Record Message Tokens
• Agent Inspector: Reset Token Counters
• Agent Inspector: Analyse Local Verdict
• Agent Inspector: Open Security Dashboard
• Agent Inspector: Analyze Installed Extensions
• Agent Inspector: Run Safe Agent Edit
• Agent Inspector: Roll Back Last AI Edit
• Agent Inspector: Configure Scope Locks
• Agent Inspector: Scan Project Folder
• Agent Inspector: Scan Project File
• Agent Inspector: Configure Local LLM
• Agent Inspector: Explain Results with Local LLM
• Agent Inspector: Configure Project Scan Exclusions
• Agent Inspector: Manage Custom Security Rules
• Agent Inspector: Export Custom Security Rules
• Agent Inspector: Export Default Custom Security Rules
• Agent Inspector: Import Custom Security Rules
• Agent Inspector: Open Outbound Data Log
• Agent Inspector: View Current Applied Custom Rules
• Agent Inspector: Show Custom Rule Format Guide

Privacy

Agent Inspector does not send background telemetry to external services and does not read private telemetry from Claude, Codex, Gemini, Copilot, Cursor, or other provider extensions. It uses VS Code workspace access, open text documents when enabled, terminal names, local usage files you configure, and any message token numbers you manually enter.

Message history is kept in memory for the current extension session. Disable agentInspector.trackMessageHistory if you only want live context estimates.

Set agentInspector.showUninstalledAgents to true if you want to see all known agent profiles, including agents not detected in the current IDE.

Set agentInspector.showWorkspaceEstimateForInstalledAgents to false if you only want exact terminal, manual message, or usage-log sources to contribute tokens.

Set agentInspector.autoRefreshSeconds to control timer-based refresh. The default is 5 seconds.

Set agentInspector.openDashboardOnStartup to true if you want the dashboard to open automatically when the extension activates.

The Trust Layer features store scan summaries, scope locks, rollback snapshots, and outbound-message audit entries in VS Code extension state. They do not add external background telemetry. Cloud requests only happen through the explicit Safe Agent flow and are governed by aiTrustLayer.* policy settings.

Local LLM explanations use your configured Ollama server and model. The Usage, Privacy telemetry, and Trust Layer tabs include a local verdict panel when a model is selected. The prompt is built from the latest usage/privacy telemetry or Trust Layer findings, with configured redaction patterns applied before the local request is sent.

Agent Inspector Settings

• agentInspector.defaultContextWindow
• agentInspector.charactersPerToken
• agentInspector.agentTerminalKeywords
• agentInspector.includeOpenDocuments
• agentInspector.showUninstalledAgents
• agentInspector.showWorkspaceEstimateForInstalledAgents
• agentInspector.openDashboardOnStartup
• agentInspector.autoRefreshSeconds
• agentInspector.autoDiscoverAntigravityLogs
• agentInspector.autoDiscoverCodexSessions
• agentInspector.autoDiscoverAntigravityStatusApi
• agentInspector.antigravityStatusApiPath
• agentInspector.antigravityModels
• agentInspector.trackMessageHistory
• agentInspector.creditsPerThousandTokens
• agentInspector.usageFiles

Trust Layer Settings

• aiTrustLayer.domainAllowlist
• aiTrustLayer.domainDenylist
• aiTrustLayer.redactionPatterns
• aiTrustLayer.privacyMode
• aiTrustLayer.defaultModelProvider
• aiTrustLayer.cloudEndpoint
• aiTrustLayer.ollamaEndpoint
• aiTrustLayer.ollamaModel
• aiTrustLayer.ollamaTimeoutSeconds
• aiTrustLayer.maxScanFilesPerExtension
• aiTrustLayer.maxProjectScanFiles
• aiTrustLayer.projectScanExclusions
• aiTrustLayer.customSecurityRules

Usage Files

If your editor or agent writes token usage to a local file, add it to agentInspector.usageFiles:

{
  "agentInspector.usageFiles": [
    {
      "agentId": "codex",
      "filePath": "${home}/path/to/codex-usage.jsonl",
      "format": "auto"
    }
  ]
}

Supported agent ids are claude, codex, gemini, gpt-oss, copilot, cursor, aider, and antigravity.

Local agent detection also includes OpenClaw/OpenCode-style local coding agents when matching terminals or extensions are available.

Supported formats:

• JSON with fields like total_tokens, prompt_tokens, completion_tokens, credits, or nested usage.
• JSONL with one message/request per line.
• Text summaries containing phrases like total tokens: 1234 or tokens used: 1234.
• Key-value logs containing fields like inputTokens=123, outputTokens=456, and totalTokens=579.

On macOS, agentInspector.autoDiscoverAntigravityLogs tries to read local Antigravity Codex logs under ~/Library/Application Support/Antigravity/logs/**/openai.chatgpt/Codex.log.

The dashboard separately reports whether a matching extension is installed in the current editor extension host. Extension presence confirms that the extension exists; exact token counts still require provider logs, usage files, or manually recorded message entries.

Antigravity Models

Google describes Antigravity as an agentic development platform and agent-first IDE, not as a single agent. Agent Inspector therefore treats Antigravity as a host surface and shows the agents or model rows detected inside that surface.

Antigravity can expose multiple model choices under the same IDE surface. Agent Inspector therefore shows model-level rows under detected providers.

Exact token rows appear when logs include a model name, for example model=gpt-5.4-mini inputTokens=... outputTokens=... totalTokens=....

Known Antigravity model rows can be configured with agentInspector.antigravityModels. The defaults include Gemini 3.1, Gemini 3 Flash, Claude Sonnet, Claude Opus, and GPT-OSS. These rows are shown when the Antigravity host extension is detected, even if there is no separate Claude, Gemini, or GPT-OSS extension installed. If a model appears with 0 tokens, the model is known or configured, but no exact token telemetry was found in accessible local logs.

The source engine recursively scans JSON/JSONL usage metadata and key-value logs for common token fields such as usageMetadata, promptTokenCount, candidatesTokenCount, totalTokenCount, inputTokens, outputTokens, and totalTokens. Each provider card includes source diagnostics so you can see whether exact token telemetry was found, a model is only available/configured, or no metadata source was detected.

Per-query/message rows show model name, input tokens, output tokens, total tokens, and credits when exact metadata is available. Antigravity request logs that do not expose token counts are still shown as query rows with tokens not exposed, so request activity is visible without pretending exact token usage exists.

Development

Requirements:

• Node.js
• npm
• VS Code 1.92.0 or newer

npm install
npm run compile

Press F5 in VS Code to launch an Extension Development Host.

Packaging

npm run prepublish:check
npm run package
npm run package:ovsx

Before public release, set VSCE_PAT and OVSX_PAT, then run npm run prepublish:check to verify that the AbhineetPandey003 VS Code Marketplace publisher and the abhineet-pandey Open VSX namespace exist, that your tokens can publish to them, and that the extension still compiles and packages.

The default npm run package command builds the VS Code Marketplace VSIX with publisher AbhineetPandey003. The npm run package:ovsx command builds a separate Open VSX VSIX with publisher namespace abhineet-pandey.

To publish to Open VSX, set an Open VSX token and run:

npm run publish:ovsx

License

MIT