GhostWire: The Shell That Whispers
“You logged in. You touched the system. Something wrote it down.”
Behind every session, there’s a trace. GhostWire doesn’t ask. It listens.
GhostWire is MatrixSwarm’s reflex agent of surveillance and suspicion. It watches users log in. It watches files shift. It watches commands slip through the dark — and writes it all down.
Not as a service. Not as a daemon. As a living file.
If you're using GhostWire and you see this:
Warning: Shell history appears stale. PROMPT_COMMAND may be missing.
Don't panic — it's not broken. It's just blind, and it’s telling you how to fix it.
Read on.
What Is GhostWire?
GhostWire is a stealth agent in the MatrixSwarm ecosystem designed to:
GhostWire is fast, reflex-driven, and file-native — no daemons, no sockets. It’s perfect for high-trust, low-visibility environments where every action counts.
The Problem
GhostWire monitors users as they log in, scan files, and execute commands. It pulls those commands from each user’s .bash_history.
But here’s the catch:
# bash does NOT flush history immediately by default
Unless the shell is configured otherwise, the .bash_history file is only written to:
This means GhostWire can’t see what a user is doing until they’re already gone.
The Warning Message
When GhostWire sees that a user is active, but their .bash_history hasn’t changed in a while, it logs this:
Warning: Shell history appears stale. PROMPT_COMMAND may be missing.
It’s not an error — it’s a signal:
“I’m watching, but I can’t see.”
The Fix: Real-Time History Sync
To get full visibility, just add this to the user’s shell config (~/.bashrc, or /etc/bash.bashrc for global):
export PROMPT_COMMAND='history -a'
Then apply it:
source ~/.bashrc # or reboot, or log out and back in
This tells bash to append each command to history instantly — after every line is run.
Where GhostWire Logs Are Stored
Once active, GhostWire logs every tracked session to:
/matrix/ai/latest/comm/invisible-man/sessions/root/YYYY-MM-DD.log
Replace:
Each log contains:
And it’s all atomic, file-native, and zero-socket.
No daemons. No containers. Just reflex.
Why It Matters
You didn’t deploy GhostWire to guess.
You deployed it to see.
If shell history isn’t flushed, you’re missing the most important part of the timeline:
This one-liner:
export PROMPT_COMMAND='history -a'
Turns GhostWire into a real-time threat analyst, not just a historian.
TL;DR
GhostWire doesn’t ask for permissions.
It drops the file. It tracks the session.
And now, it hears every word.
If you want this warning auto-patched on deployment, GhostWire can now inject the config itself — silently and persistently.
Just boot the agent. It does the rest.
** Swarm ready. Eyes open.**
GhostWire out.
More...
“You logged in. You touched the system. Something wrote it down.”
Behind every session, there’s a trace. GhostWire doesn’t ask. It listens.
GhostWire is MatrixSwarm’s reflex agent of surveillance and suspicion. It watches users log in. It watches files shift. It watches commands slip through the dark — and writes it all down.
Not as a service. Not as a daemon. As a living file.
If you're using GhostWire and you see this:
Warning: Shell history appears stale. PROMPT_COMMAND may be missing.
Don't panic — it's not broken. It's just blind, and it’s telling you how to fix it.
Read on.
What Is GhostWire?
GhostWire is a stealth agent in the MatrixSwarm ecosystem designed to:
- Track user login and logout events
- Monitor .bash_history for suspicious command patterns
- Detect file access and changes via inotify
- Log and alert on potentially dangerous behavior
GhostWire is fast, reflex-driven, and file-native — no daemons, no sockets. It’s perfect for high-trust, low-visibility environments where every action counts.
The Problem
GhostWire monitors users as they log in, scan files, and execute commands. It pulls those commands from each user’s .bash_history.
But here’s the catch:
# bash does NOT flush history immediately by default
Unless the shell is configured otherwise, the .bash_history file is only written to:
- On logout
- Or on forced manual flush (history -a)
This means GhostWire can’t see what a user is doing until they’re already gone.
The Warning Message
When GhostWire sees that a user is active, but their .bash_history hasn’t changed in a while, it logs this:
Warning: Shell history appears stale. PROMPT_COMMAND may be missing.
It’s not an error — it’s a signal:
“I’m watching, but I can’t see.”
The Fix: Real-Time History Sync
To get full visibility, just add this to the user’s shell config (~/.bashrc, or /etc/bash.bashrc for global):
export PROMPT_COMMAND='history -a'
Then apply it:
source ~/.bashrc # or reboot, or log out and back in
This tells bash to append each command to history instantly — after every line is run.
Where GhostWire Logs Are Stored
Once active, GhostWire logs every tracked session to:
/matrix/ai/latest/comm/invisible-man/sessions/root/YYYY-MM-DD.log
Replace:
- invisible-man with your agent’s universal_id
- root with the tracked user
- YYYY-MM-DD with the current date
Each log contains:
- Login time
- Commands run
- Files touched
- Session duration
And it’s all atomic, file-native, and zero-socket.
No daemons. No containers. Just reflex.
Why It Matters
You didn’t deploy GhostWire to guess.
You deployed it to see.
If shell history isn’t flushed, you’re missing the most important part of the timeline:
- What did they run?
- When?
- In what order?
This one-liner:
export PROMPT_COMMAND='history -a'
Turns GhostWire into a real-time threat analyst, not just a historian.
TL;DR
| Shell history isn’t updating | Add PROMPT_COMMAND='history -a' to .bashrc |
| GhostWire says history is stale | That’s why |
| You want live command logging | This enables it instantly |
GhostWire doesn’t ask for permissions.
It drops the file. It tracks the session.
And now, it hears every word.
If you want this warning auto-patched on deployment, GhostWire can now inject the config itself — silently and persistently.
Just boot the agent. It does the rest.
** Swarm ready. Eyes open.**
GhostWire out.
More...