yeet

Unlock the kernel with JavaScript

Agent Security | Observability | Network Policy

curl -fsSL https://yeet.cx | sh

Available only on Linux

Full control over your AI agents

Observe and enforce policy without your agents knowing

Swap out credentials— running

$ yeet run pii-filter.ts

scanning traffic · all interfaces

Redefining network control for the agentic era

Agents and attackers work at the same level. We sit underneath your programs as a single binary deployment in kernel space, with the ability to observe and control the flow of data.

Our goal is to give you and your model the ability to build tools, specific to your needs. From agent security to network policy, no plumbing or code changes required.

claude

openclaw

codex

yeet

Linux Kernel

syscallsXDPkprobesuprobestracepointsLSMcgroupstc

Build tools on the fly

Describe what you want to see and yeet builds the tool, wires up the eBPF hooks, and runs it. When you want to dig deeper, just ask. No restarts, no config changes.

yeet · terminal

Popular Tools

Drop-in scripts that give your agents awareness, policy, and control.

Browse all scripts

claudefeed

Kernel-level audit log for Claude Code sessions

Live stream of every command, file access, and network connection a Claude Code (or any matched) session makes — sourced directly from the kernel.

ai-agentsauditsecurity

grpcsnoop

tcpdump for gRPC

Decodes protobuf messages between services live, from the kernel. No proxy, no code changes — plaintext gRPC traffic decoded inline.

grpcprotobuftracing

md-sentry

Integrity monitor for your agent's markdown brain

eBPF watcher for CLAUDE.md, skills, and memory files. Tags every write as AGENT or EXTERNAL so you know exactly what touched your agent's configuration.

ai-agentsintegrityebpf

usbsnoop

Live USB transfer sniffer from two fentry hooks

System-wide USB transfer sniffer in eBPF — decodes USB traffic inline (control SETUP, SCSI, HID) from two universal URB hooks. No usbmon, no hardware sniffer. CO-RE portable.

usbebpftracing

airtop

htop for the airwaves

A live 802.11 (Wi-Fi) RF dashboard in your terminal. Monitor signal strength, channel utilization, and nearby networks in real time.

wifi802.11rftui

dnssnoop

Real-time DNS query tracer for every process

Traces standard DNS queries as they leave your system — capturing both the query and the response with full process context and minimal overhead.

dnsebpftracing

runfrom

Live exec-provenance monitor

Flags execs launched from tmp/shm, fileless binaries, and setuid privilege jumps — all caught in-kernel before the process gets a chance to run.

securityexecebpf

dialout

Every outbound TCP connection, grouped by process

Captures outbound TCP connections in-kernel and groups them by the process that dialed. Flags public egress so unexpected external calls are impossible to miss.

networktcpebpf

heatsink

htop for thermals

Live hwmon temperatures, throttle headroom, GPU power draw, and per-core clocks in one terminal dashboard.

thermalsgputui

Action on everything.

Set alerts across your entire ops stack using natural language. Use Slack, webhooks, or any channel. The promise resolves when a person responds.

deploy-watch.tsx

▸import { watch, yeet } from "yeet";
2 
3watch({ kind: "deploy" }, async (d) => {
4  if (d.timedOut) {
5    const reply = await yeet.alert({
6      channel: "#oncall",
7      text: `${d.service} timed out`,
8      options: ["retry", "skip", "rollback"],
9    });
10    if (reply === "rollback") {
11      await d.rollback();
12    }
13  }
14});

#on-callyeet workspace

Today

Message #on-call

Secure by default.

yeet scripts run inside V8 isolates. As secure as the browser tab you're reading this in.

Chrome

V8 against the DOM

browser process

DOM·fetch·WebGL·WebRTC

supervises

child process

v8 isolate

gmail.com

v8 isolate

github.com

v8 isolate

stripe.com

v8 isolate

youtube.com

yeet

V8 against your kernel

yeetd daemon

eBPF·system graph·alerts·TUI

supervises

child process

v8 isolate

proctop.tsx

v8 isolate

tcp-radar.tsx

v8 isolate

flame-graph.tsx

v8 isolate

db-wire.tsx

Lightweight Isolation

yeet scripts execute inside a browser-style virtualized environment that doesn't compromise on cost, speed, or security.

Zero Cold Starts

Spin up and down new scripts at any moment.

Battle Tested

yeet executes JavaScript using the same isolation architecture securing Google Chrome and Cloudflare Workers.

Every syscall, packet and probe.

yeet gives you kernel level visibility with featherweight overhead. Nothing gets dropped.

Every kernel event is a Tokio task, scheduled onto whichever core is free. Each colored block is one unit of work.

cpu

0.50%

uptime 14d 3h

total 1,247,392,000

backpressure 0

Core 0

Core 1

Core 2

Core 3

Core 4

Core 5

Core 6

Core 7

syscall

http event

eBPF probe

graph query

timer tick

file I/O

Single binary, local deployment, bring your own model

Your kernel doesn't bill you per event, and neither do we. It's time to stop renting your tools and just build your own….with yeet!

Monthly cost as events scale

Splunk

Datadog

New Relic

Honeycomb

yeet

0events

Stay in the loop.

New scripts, release notes, and low level hot takes. No spam.