A cross-platform system service for process monitoring and parental controls. The agent runs as a background service on Windows, macOS, and Linux, monitoring running processes and enforcing policies set by parent applications.
- Cross-Platform Support: Runs on Windows, macOS, and Linux
- Process Monitoring: Continuously monitors running processes
- Policy Enforcement: Automatically terminates prohibited processes
- REST API: HTTPS API for remote management
- mDNS Discovery: Automatic discovery by parent applications
- Auto-Update: Self-updating mechanism
- Secure: JWT authentication, encrypted communications
- System Service: Runs as a native system service
┌─────────────────────────────────────────┐
│ Allow2 Automate Agent │
├─────────────────────────────────────────┤
│ ┌──────────────┐ ┌─────────────────┐ │
│ │ API Server │ │ Process Monitor │ │
│ │ (REST/JWT) │ │ (30s interval) │ │
│ └──────────────┘ └─────────────────┘ │
│ ┌──────────────┐ ┌─────────────────┐ │
│ │ Policy Engine│ │ mDNS Discovery │ │
│ │ (Sync/Cache) │ │ (Bonjour) │ │
│ └──────────────┘ └─────────────────┘ │
│ ┌──────────────┐ ┌─────────────────┐ │
│ │ Auto-Updater │ │ Config Manager │ │
│ └──────────────┘ └─────────────────┘ │
├─────────────────────────────────────────┤
│ Platform Abstraction Layer │
│ (Windows | macOS | Linux) │
└─────────────────────────────────────────┘
- Node.js >= 18.0.0
- Administrator/root privileges for service installation
npm installnpm run start:devnpm run build:windows
# Run the generated MSI installernpm run build:macos
# Install the generated PKGnpm run build:linux
# Install the generated DEB/RPM packageThe agent stores configuration in platform-specific locations:
- Windows:
C:\ProgramData\Allow2\agent\config.json - macOS:
/Library/Application Support/Allow2/agent/config.json - Linux:
/etc/allow2/agent/config.json
{
"apiPort": 8443,
"checkInterval": 30000,
"logLevel": "info",
"enableMDNS": true,
"autoUpdate": true
}| Option | Type | Default | Description |
|---|---|---|---|
agentId |
string | null | Unique agent identifier |
parentApiUrl |
string | null | Parent application API URL |
authToken |
string | null | JWT authentication token |
apiPort |
number | 8443 | API server port |
checkInterval |
number | 30000 | Process check interval (ms) |
logLevel |
string | "info" | Logging level |
enableMDNS |
boolean | true | Enable mDNS advertising |
autoUpdate |
boolean | true | Enable auto-updates |
The agent exposes a REST API on port 8443 (configurable).
All API endpoints (except /api/health, /api/heartbeat, and /api/platform-users) require JWT authentication:
Authorization: Bearer <token>
GET /api/health
Returns agent health status and basic information.
POST /api/heartbeat
Keep-alive endpoint for monitoring.
GET /api/platform-users
Discover local platform users for account linking.
Create policy:
POST /api/policies
Content-Type: application/json
{
"id": "policy-123",
"processName": "game.exe",
"allowed": false,
"schedule": {
"startTime": "14:00",
"endTime": "16:00",
"days": [1, 2, 3, 4, 5]
}
}
List policies:
GET /api/policies
Get policy:
GET /api/policies/:id
Update policy:
PATCH /api/policies/:id
Content-Type: application/json
{
"allowed": true
}
Delete policy:
DELETE /api/policies/:id
POST /api/sync
Trigger policy synchronization with parent API.
Get configuration:
GET /api/config
Update configuration:
PATCH /api/config
Content-Type: application/json
{
"checkInterval": 60000,
"logLevel": "debug"
}
Get monitor status:
GET /api/monitor/status
Start monitoring:
POST /api/monitor/start
Stop monitoring:
POST /api/monitor/stop
GET /api/processes
Returns list of currently running processes.
POST /api/update
Content-Type: application/json
{
"version": "1.1.0",
"downloadUrl": "/downloads/agent-1.1.0.msi"
}
The agent advertises itself via mDNS/Bonjour for automatic discovery:
- Service Type:
_allow2._tcp - Service Name:
allow2-agent-{hostname} - TXT Records:
agentId: Unique agent identifierhostname: System hostnameversion: Agent versionplatform: Operating system platformarch: System architecture
The agent monitors processes at regular intervals (default: 30 seconds) and:
- Fetches active policies from the policy engine
- Checks if prohibited processes are running
- Terminates any prohibited processes
- Reports violations to parent API
- Enforces time-based schedules and quotas
{
id: "policy-123",
processName: "game.exe",
allowed: false,
schedule: {
startTime: "14:00", // 2:00 PM
endTime: "16:00", // 4:00 PM
days: [1, 2, 3, 4, 5] // Monday-Friday (0=Sunday)
},
quotas: {
dailyMinutes: 120 // 2 hours per day (future)
}
}allow2automate-agent/
├── src/
│ ├── index.js # Main entry point
│ ├── ApiServer.js # REST API server
│ ├── ProcessMonitor.js # Process monitoring
│ ├── PolicyEngine.js # Policy management
│ ├── ConfigManager.js # Configuration
│ ├── DiscoveryAdvertiser.js # mDNS advertising
│ ├── AutoUpdater.js # Auto-update
│ ├── Logger.js # Logging utility
│ └── platform/
│ ├── windows.js # Windows implementation
│ ├── darwin.js # macOS implementation
│ └── linux.js # Linux implementation
├── tests/
│ ├── ConfigManager.test.js
│ ├── PolicyEngine.test.js
│ ├── ProcessMonitor.test.js
│ └── platform/
│ ├── windows.test.js
│ ├── darwin.test.js
│ └── linux.test.js
├── config/
│ └── default.json
├── installers/
│ ├── windows/
│ ├── macos/
│ └── linux/
├── scripts/
└── package.json
# Run all tests
npm test
# Watch mode
npm run test:watch
# Coverage report
npm run test:coverage# Lint code
npm run lintEach platform has its own implementation for process management:
- Uses
tasklistto check running processes - Uses
taskkill /Fto terminate processes - Processes identified by executable name (e.g.,
chrome.exe)
- Uses
pgrepto check running processes - Uses
pkill -9to terminate processes - Processes identified by app name (case-insensitive)
- Uses
pgrepto check running processes - Uses
pkill -9to terminate processes - Similar to macOS implementation
- JWT Authentication: All API endpoints require valid JWT tokens
- Secure Storage: Configuration files have restricted permissions (0600)
- HTTPS: API server uses HTTPS (certificates configurable)
- Token Rotation: Support for token refresh
- Rate Limiting: Violation reports are rate-limited
Logs are stored in platform-specific locations:
- Windows:
C:\ProgramData\Allow2\agent\logs\ - macOS:
/Library/Logs/Allow2/agent/ - Linux:
/var/log/allow2/agent/
Log files:
agent.log- General application logserror.log- Error logs only
Log rotation:
- Maximum file size: 10 MB
- Maximum files: 5
- Check logs in the platform-specific log directory
- Verify Node.js version >= 18.0.0
- Ensure proper permissions (run as admin/root)
- Check if port 8443 is available
- Check if policy is active (schedule, days)
- Verify process name matches exactly
- Check agent has sufficient privileges
- Review logs for error messages
- Ensure
enableMDNSis true in config - Check firewall allows mDNS (port 5353)
- Verify network supports multicast
- Check Bonjour/Avahi service is running
- Check agent is running
- Verify port is not blocked by firewall
- Ensure proper authentication token
- Check SSL/TLS certificate configuration
- Fork the repository
- Create a feature branch
- Make your changes
- Write/update tests
- Submit a pull request
MIT
For issues and questions:
- GitHub Issues: github.com/allow2/allow2automate-agent
- Documentation: docs.allow2.com