AI tool comparison
AI-SPM vs Ferretlog
Which one should you ship with? Here is the side-by-side panel verdict, pricing read, reviewer split, and community vote comparison.
Developer Tools
AI-SPM
Open-source runtime security control plane for AI agents in production
50%
Panel ship
—
Community
Paid
Entry
AI-SPM (AI Security Posture Management) is an open-source control plane for AI agent security in production environments. Built by indie developer dshapi and posted to Hacker News, it addresses a real gap: most LLM systems now have tool access and decision-making power, but almost no runtime oversight layer to catch when things go wrong. The system works as a gateway between your application and the LLM, enforcing three main controls: prompt injection detection (including obfuscated variants that bypass naive pattern matching), structured tool call validation against defined policies using Open Policy Agent (OPA), and sensitive data leakage prevention (PII and model output filtering). An Apache Kafka and Apache Flink streaming pipeline provides real-time audit trails and anomaly detection. The creator's key insight is that tool misuse — not model jailbreaks — is the primary risk vector in production AI agents. A rogue or compromised agent that escalates tool permissions or exfiltrates data through sanctioned channels is far harder to catch than a classic prompt injection. AI-SPM is early, minimal traction, and needs real-world stress testing. But as AI agent deployments mature from demos to production, runtime security tooling like this becomes non-optional.
Developer Tools
Ferretlog
git log for your Claude Code agent runs — local, zero dependencies
50%
Panel ship
—
Community
Free
Entry
Ferretlog is a zero-dependency pure Python CLI that treats your Claude Code session logs like a git repository. It parses the raw JSONL logs in `~/.claude/projects/` and gives you git-style history browsing, diff between runs, per-tool-call breakdowns, and cost/token stats — entirely locally, with no network calls and no configuration required. If you've been using Claude Code heavily, you've likely experienced the frustration of losing track of what changed across sessions, what tools were called how many times, and how much each session actually cost across sub-agent calls. Ferretlog makes that history explorable and comparable the same way `git log` makes code history explorable. This is an indie solo project from Eitan Lebras, submitted as a Show HN. It's genuinely useful as a power-user tool for anyone doing serious Claude Code work, especially those managing multi-session agent pipelines where debugging "what did the agent do last time?" is a real pain. The zero-dependency, local-only design means there's no trust surface and no setup friction.
Reviewer scorecard
“The OPA-based policy enforcement for tool calls is exactly the kind of control plane enterprises need before deploying agents in production. This is early but points in the right direction. If you're building agents with database or API access, you need something like this or you're flying blind.”
“If you run Claude Code daily, you need this immediately. Being able to diff two sessions like git commits and see exactly which tools fired and what they cost is something that should have existed from day one. Zero-dependency Python means it just works.”
“One developer, one HN post, minimal engagement. The Kafka + Flink stack for a security gateway seems like significant over-engineering for most teams. And the creator openly admits that pattern-based injection detection is easily bypassed — so the core feature has known weaknesses. Not production-ready.”
“This is a niche tool for a niche user (heavy Claude Code power users) and the session log format Anthropic uses is undocumented and could change at any update. Tying workflows to internal log parsing is fragile infrastructure — treat it as a convenience, not a dependency.”
“AI agent security is a category in its own right that barely existed a year ago. Every week there's a new story about an agent doing something unintended in production. AI-SPM is an early but important stake in the ground for what a mature runtime security layer for agentic systems should look like.”
“Agent observability tooling built by the community, not the vendor, is how this ecosystem will mature. Ferretlog is primitive but it points at a real gap: we need git-style versioning and auditability for agent sessions, not just for code.”
“This is deeply infrastructure-layer stuff that doesn't touch my workflow at all. Important for the ecosystem but not something I'd evaluate or deploy.”
“Terminal-only, Claude Code-specific, no visuals — this tool exists entirely outside my workflow. The underlying insight (session replay and cost tracking) is useful, but it needs a UI before it reaches anyone outside the developer community.”
Weekly AI Tool Verdicts
Get the next comparison in your inbox
New AI tools ship daily. We compare them before you waste an afternoon.