Overview

Shadow Observer — Passive Local Telemetry

We don't ask what you do.
We see what you do.

Shadow Observer uses 90 days of local machine telemetry from 15 passive connectors across macOS, Windows, and Linux to map every workflow in your organization — without a single interview, survey, or employee disruption.

$84K

Annual Savings

Recovered productivity value

312%

Year 1 ROI

Net of deployment costs

3 mo

Payback Period

Break-even on investment

989 hrs

Hours Recovered

Annual team capacity freed

Zero

Employee Disruption

No surveys, no interviews

Passive Local Agent Architecture

┌────────────────────────────────────────────────────────────────────────┐
│  WORKER'S LOCAL MACHINE (macOS / Windows / Linux)                      │
│                                                                        │
│  ┌─────────────┐ ┌──────────────┐ ┌───────────────┐ ┌──────────────┐ │
│  │Chrome / Edge │ │ Gmail API    │ │ Screen Time / │ │ PowerShell / │ │
│  │ (SQLite DB)  │ │ Calendar     │ │ Activity TL   │ │ Event Log    │ │
│  └──────┬──────┘ │ Drive        │ │ Spotlight /   │ │ Win Search   │ │
│         │        └──────┬───────┘ │ knowledgeC.db │ └──────┬───────┘ │
│         │               │         └──────┬────────┘        │          │
│  ┌──────┴──────┐        │                │          ┌──────┴───────┐  │
│  │Claude Code  │        │                │          │LimaCharlie   │  │
│  │Git / Shell  │        │                │          │EDR API       │  │
│  └──────┬──────┘        │                │          └──────┬───────┘  │
│         └───────────────┼────────────────┼─────────────────┘          │
│                         ▼                                              │
│  ┌────────────────────────────────────────────────────────────────────┐│
│  │ Shadow Observer Local Agent  (Node.js — run-shadow.mjs)            ││
│  │ ├── 15 connectors       (auto-detected per platform)               ││
│  │ ├── Universal (6)       Chrome, Edge, Claude, Git, EDR, Shell      ││
│  │ ├── Google (3)          Gmail, Calendar, Drive (OAuth2)            ││
│  │ ├── macOS (2)           Screen Time, Spotlight                     ││
│  │ └── Windows (4)         PowerShell, Activity TL, Search, EventLog  ││
│  └──────────────────────────────┬─────────────────────────────────────┘│
│                                 ▼                                      │
│  ┌────────────────────────────────────────────────────────────────────┐│
│  │ 4-Stage Inference Engine (Zero LLM — deterministic)                ││
│  │ ├── Sessionization        (30-min gap detection)                   ││
│  │ ├── Pattern detection     (Jaccard similarity clustering)          ││
│  │ ├── Classification        (cadence, function, tools)               ││
│  │ └── Pain point analysis   (context-switching, after-hours)         ││
│  └──────────────────────────────┬─────────────────────────────────────┘│
│                                 ▼                                      │
│  ┌─────────────────────┐  ┌──────────────────────────────────────────┐│
│  │ Claresia Prescription│  │ Per-Worker Telemetry Dashboard           ││
│  │ Skills + Coworks     │  │ (Astro + React + Recharts)               ││
│  └─────────────────────┘  └──────────────────────────────────────────┘│
└────────────────────────────────────────────────────────────────────────┘

Three-Phase Intelligence Pipeline

Phase 180%

Local Scan

30 minutes

Run the local agent on one machine. Auto-detects platform (macOS/Windows/Linux) and activates the right connectors — up to 15 passive sources. Discovers workflows instantly with zero infrastructure.

✓Chrome + Edge browsing history (SQLite)
✓Gmail, Calendar, Drive (OAuth2 metadata)
✓Claude Code session logs (JSONL)
✓Git commit history & Shell history
✓LimaCharlie EDR (process-level telemetry)
✓macOS: Screen Time + Spotlight
✓Windows: Activity Timeline + Event Log + Search
✓Context-switching & after-hours detection

Phase 2+20%

Team Rollout

1-2 days

Run the agent on each team member's machine. Aggregate individual telemetry into an org-wide dashboard with cross-team workflow patterns and collaboration insights.

✓Per-worker workflow maps aggregated
✓Cross-team collaboration patterns
✓Tool adoption heatmaps by role
✓Department-level pain point ranking
✓Org-wide automation opportunity scoring

Phase 3M365-heavy orgs

Microsoft Extension

Optional

For organizations deeply invested in Microsoft 365, add Graph API connectors for Exchange email, Teams chat, SharePoint, and Copilot usage. Same inference engine, additional data sources.

✓Exchange email metadata & collaboration
✓Teams activity & channel engagement
✓SharePoint / OneDrive file patterns
✓Azure AD sign-in logs (SaaS usage)
✓Copilot adoption & usage tracking

Old Way vs Shadow Observer

Traditional Approach

4-6 weeks

Schedule interviews with every employee. Transcribe. Analyze manually. Hope people remember what they actually do. High cost, high disruption, low accuracy.

Shadow Observer

30 minutes

Run the local agent on each machine. 15 passive connectors auto-activate per platform — Chrome, Edge, Gmail, Calendar, Drive, Claude Code, Git, Shell, EDR, Screen Time, Spotlight, PowerShell, Activity Timeline, Search, Event Log. Zero employee disruption.

500x fasterFrom install to actionable intelligence

Stack Comparison

Layer	Passive Local Agent	Azure BYOL (cc-048)
LLM Runtime	None ($0 cost)	GPT-4o (Azure OpenAI)
Data Sources	15 multi-platform connectors	Microsoft Graph API
Compute	Local Node.js script	Azure Functions v4
Inference	Jaccard + deterministic	Same engine on Azure
Dashboard	Netlify (static)	Azure Static Web Apps

Value Proposition

Shadow Observer identifies automation opportunities by passively analyzing how your teams actually work — from 15 multi-platform connectors on each machine, not interviews. $0 LLM cost — the entire inference engine is deterministic (Jaccard similarity + rule-based scoring). Zero infrastructure — no cloud, no API keys, no tenant consent. Just a local Node.js script that reads what is already on the machine and produces actionable workflow intelligence in 30 minutes.