AI is creating more PRs, but reviewers still only see the code changes, not what happened when the code ran.
Garnet records what ran during execution and attaches that record directly to the PR you already review.
Review faster. Trust your PRs. Merge with confidence.
build-and-test workflow at 4f7a2c1.47 processes · 4 connections · 123 files
PROCESS LINEAGE
Your existing code review, now with execution context from every job — no new tools, no dashboards.
One workflow step attaches our eBPF sensor to the runner, recording every process, connection, and file.
No GitHub Actions? Install the Garnet GitHub App — no workflow edits→.github/workflows/ci.yml
steps:- uses: actions/checkout@v4+ - uses: garnet-org/action@v2+ with:+ api_token: ${{ secrets.GARNET_API_TOKEN }}
Your tests, builds, installs, publish jobs, and agent workflows run as usual.
Some checks pending
2 in progress, 1 successful
≤2% CPU · no proxy · no code change
Each run becomes a Run Profile — what ran, what it touched, where it connected. Surfaced as pass, attention, or fail in GitHub, Slack, and where you work.
Run Profile ready on build-and-test #4823 — 1 new egress flagged
one record · same context on every surface
“There are a lot of tools that process security advisory data, but Garnet is the first I’ve seen that goes a step further, applying behavioral analysis to find issues before they get reported to an advisory database. This is the kind of thing we’d always wanted to do at npm, Inc., but never got around to.”
Isaac Z. SchlueterCreator of npmA Run Profile turns each CI job or agent session into a structured, deterministic record of execution: what ran, what touched files, what connected out, and what changed.
garnet-labs/garnet-agentic-harness-poc · codex · 2026-05-21
Which step spawned which binary, down to the syscall.
Every outbound connection, attributed to the process that made it.
What was read, what was written, and which process touched it.
What matched baseline, what changed, and what deserves review.
Click any card to view the full profile.
No sidecars, no proxies, no build-time dependencies.
Process ancestry, network egress, and file access, all at the syscall boundary.
A run-bounded record. Not a firehose of events.
Built for ephemeral CI and agentic engineering.
Process-level attribution for every postinstall script and transitive dependency.
postinstall · npm · actions · transitive depsA Run Profile on every pipeline that holds a credential or touches production.
build · test · release · publishThe transcript says intent. The Run Profile says what happened.
agent harnesses · MCP · sandboxesRecords already tied to the commit, actor, and workflow.
incident response · forensics · auditOne primitive, everywhere your code runs. Start with GitHub Actions. Review your next run before you merge.