Watchtower

Production-grade remote operations with audit logging. Safe commands for SSH, kubectl, and filesystem operations with centralized logging and mutation alerts.

Requirements

This plugin requires the UTCP Bridge on your system. The 16 UTCP tools are designed for AI agents to safely execute remote commands with full audit trails. Without UTCP, you only get the shell commands (wt_*) — the core value is in the guarded AI-accessible tools.

Install

# Clone
git clone https://github.com/awdemos/opencode-watchtower.git
cd opencode-watchtower

# Setup
./install.sh
source ~/.bashrc

UTCP Integration

Add to your ~/.utcp_config.json:

{
  "imports": ["/path/to/opencode-watchtower/watchtower.json"]
}

Or copy the remote-safe template into your config.

Shell Commands

Command	Purpose
wt_init	Create /tmp/watchtower/ audit logs
wt_clean	Clear all logs
wt_stats	Show tool usage statistics
wt_watch	Live dashboard (updates every 2s)
wt_tail	tail -f all logs
wt_alert	Alert on mutations (rm/chmod/chown)
wt_export	Export logs as JSON
wt_report	Daily command frequency report
wt_recent	Show last N entries
wt_status	Check initialization status

UTCP Tools (16 total)

SSH Operations

• ssh_ls — Read-only directory listing
• ssh_cat — Read file contents
• ssh_ps — List processes

Kubernetes Operations

• kubectl_exec_read — Safe kubectl exec (cat, ls, ps, df, top)
• kubectl_get_yaml — Get resource as YAML
• kubectl_logs — Get pod logs

Search Operations

• rg_search — Ripgrep search (no mutation flags)
• jq_query — JSON processing

Filesystem Operations

• safe_rm — Remove with protected path blocking
• safe_mkdir — Create directories
• safe_touch — Create/update files
• safe_mv — Move (no-clobber by default)
• safe_cp — Copy (no-clobber by default)
• safe_chown — Change ownership (restricted combos)
• safe_chmod — Change permissions (safe modes only)
• safe_ln — Create symlinks

Audit Logs

/tmp/watchtower/
├── ssh.log      # SSH operations
├── k8s.log      # Kubernetes operations
├── search.log   # rg/jq operations
└── fs.log       # Filesystem operations

Each logged entry includes [WATCHTOWER] prefix for easy parsing.

Safety Guards

Path Protection

safe_rm blocks: /, /home, /etc, /var, /usr, /root, /bin, /sbin, /lib, /opt

Mode Restrictions

• safe_chmod: Only 644, 755, 600, 700, 640, 750
• safe_chown: Only root:root, www-data:www-data, ubuntu:ubuntu, $USER:$USER
• kubectl_exec_read: Only cat, ls, ps, df, top

Default Behavior

• safe_mv, safe_cp: no-clobber by default (won't overwrite)
• safe_rm: Requires explicit mode: dir-recursive for recursive deletion

GTFOBins Risk Classification

Each tool includes a gtfo_risk level based on GTFOBins signatures:

Risk Level	Meaning
critical	Can spawn shell, escalate privileges, bypass all security
high	Can read/write arbitrary files or execute commands
medium	Can leak information or perform limited privileged ops
low	Minimal abuse potential

Tool Risk Levels

Tool	Risk	Underlying Binary
ssh_ls, ssh_cat, ssh_ps	medium	ssh (tunnel/proxy)
kubectl_exec_read, kubectl_get_yaml, kubectl_logs	high	kubectl (secrets, exec)
rg_search, jq_query	low	rg, jq (read-only)
safe_rm	medium	rm (sudo file-write)
safe_mv, safe_cp	medium	mv, cp (sudo file-write)
safe_chown, safe_chmod	medium	chown, chmod (sudo)
safe_mkdir, safe_touch, safe_ln	low	mkdir, touch, ln

The gtfo.json file contains full signatures for 100+ binaries. AI agents should check this reference before executing any command.

Example Usage

# Initialize
wt_init

# Watch live in one terminal
wt_watch

# In another terminal, use UTCP tools
# (AI agent calls safe_rm, kubectl_exec_read, etc.)

# Check stats
wt_stats

# Export for analysis
wt_export ./audit-report.json

Environment Variables

Variable	Default	Purpose
WATCHTOWER_DIR	/tmp/watchtower	Audit log directory

License

MIT