Skip to content

feat: add session event timeline#1032

Open
szdziedzic wants to merge 12 commits into
callstack:mainfrom
szdziedzic:szdziedzic-codex/session-event-log
Open

feat: add session event timeline#1032
szdziedzic wants to merge 12 commits into
callstack:mainfrom
szdziedzic:szdziedzic-codex/session-event-log

Conversation

@szdziedzic

@szdziedzic szdziedzic commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Add a daemon-owned events.ndjson timeline under each session state dir so EAS and local tooling can show what the agent did during a run.
  • Record request start/finish entries and recorded actions, with sensitive typed text redacted while keeping target/ref/coordinate and duration context.
  • Expose the timeline through agent-device events, the typed observability client, and open-result eventLogPath for direct VM/local file collection.

Validation

Verified with focused daemon/session-store/observability/CLI/remote-daemon tests, pnpm typecheck, pnpm format, pnpm build, and pnpm check:unit outside the sandbox. Unit + smoke passed: 2,979 unit tests and 9 smoke tests; the live web smoke stayed skipped because AGENT_DEVICE_WEB_E2E was not set.

Touched-file count: 23. Scope stayed within session event logging, observability command surface, client/open result plumbing, and remote RPC coverage.

@thymikee

thymikee commented Jul 2, 2026

Copy link
Copy Markdown
Member

I found one issue that should be fixed before this merges:

The event timeline still leaks raw payload-bearing positionals for commands outside the current type/fill/find special cases. buildDisplayPositionals in src/daemon/session-event-action.ts falls back to action.positionals for most commands, so session-recorded actions like clipboard write <secret> from src/daemon/handlers/session.ts and inline push <app> <payload-json> from the same handler can persist the raw secret/payload into events.ndjson.

That matters more now because this PR exposes eventLogPath for collection by local/EAS tooling. The fix should centralize display-positionals redaction for every command that carries user text or inline payloads, not just typed input. The rest of the architecture looks like a good fit: session-owned timeline, observability command exposure, and request start/finish recording at the request-scope/finalization layer.

@szdziedzic szdziedzic force-pushed the szdziedzic-codex/session-event-log branch from ff68524 to 53cb6e6 Compare July 7, 2026 09:14
@thymikee thymikee force-pushed the szdziedzic-codex/session-event-log branch 2 times, most recently from df1f71d to c054cb1 Compare July 7, 2026 10:09
@szdziedzic szdziedzic marked this pull request as ready for review July 7, 2026 10:23
Copilot AI review requested due to automatic review settings July 7, 2026 10:23

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a daemon-owned per-session events.ndjson timeline and surfaces it through a new events observability command, the typed client, and open results so tooling (EAS/local) can consume a single, redacted action/request timeline for a run.

Changes:

  • Introduces session event log writing/reading (events.ndjson) and records request start/finish + recorded actions (with typed text/payload redaction).
  • Adds agent-device events across command catalog, command descriptors, CLI formatting, and client APIs (including eventLogPath in open output).
  • Extends unit/integration coverage for daemon routing, remote-daemon RPC, and output guards.

Reviewed changes

Copilot reviewed 29 out of 29 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
website/docs/docs/sessions.md Documents events.ndjson as a session artifact.
website/docs/docs/commands.md Documents agent-device events usage and session artifact fields (eventLogPath).
website/docs/docs/client-api.md Documents client.observability.events({ cursor, limit }).
test/integration/provider-scenarios/remote-daemon-client.test.ts Adds remote RPC fixture + assertions for events paging.
test/integration/provider-scenarios/apple-platform-output-guard.test.ts Adds events to the public command output guard driven set.
src/daemon/web-session-names.ts Extracts openWebSessionNames helper for reuse.
src/daemon/session-store.ts Adds event log path helpers + recordEvent/readEvents; appends action events when recording actions.
src/daemon/session-event-log.ts Implements events.ndjson append + paged read; request started/finished event builders.
src/daemon/session-event-action.ts Builds redacted action summaries/details for event log entries.
src/daemon/session-action-recorder.ts Returns recorded SessionAction so the store can emit a matching action event.
src/daemon/server/daemon-runtime.ts Switches to extracted openWebSessionNames.
src/daemon/request-router.ts Records request-finished events for thrown errors after scope creation.
src/daemon/request-execution-scope.ts Records request started/finished events (including setup failures) and tracks startedAtMs.
src/daemon/handlers/session-open.ts Adds eventLogPath to open result; ensures session is stored before recording open action.
src/daemon/handlers/session-open-surface.ts Threads eventLogPath through open result builders.
src/daemon/handlers/session-observability.ts Adds daemon-side events command handler.
src/daemon/tests/session-store.test.ts Adds event log paging + redaction tests; updates script path test expectation.
src/daemon/tests/request-router-open.test.ts Asserts eventLogPath and that the file exists after open.
src/daemon/tests/request-router-events.test.ts Adds router-level tests for events polling/noise + error recording.
src/core/command-descriptor/registry.ts Registers events command descriptor (route/sessionKind/timeout/batchable).
src/core/command-descriptor/tests/parity.test.ts Marks events as no-capability command for parity expectations.
src/commands/observability/output.ts Adds CLI formatter for events timeline output.
src/commands/observability/index.ts Adds events facet: metadata/schema/CLI reader/daemon writer/positionals.
src/commands/observability/index.test.ts Adds tests for events CLI parsing/daemon writer + formatting.
src/command-catalog.ts Adds PUBLIC_COMMANDS.events.
src/client/client.ts Adds open result eventLogPath field and client.observability.events().
src/client/client-types.ts Adds eventLogPath to open result types + EventsOptions + client method.
src/client/client-shared.ts Serializes eventLogPath in open result JSON.
src/tests/cli-client-commands.test.ts Adds generic CLI route test for events output.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/daemon/session-event-log.ts Outdated
Comment on lines +158 to +162
const rawLines = fs
.readFileSync(eventLogPath, 'utf8')
.split(/\r?\n/)
.filter((line) => line.trim().length > 0);
const end = Math.min(rawLines.length, cursor + limit);
@thymikee

thymikee commented Jul 7, 2026

Copy link
Copy Markdown
Member

Ready for human review. I re-reviewed the now-clean session event timeline PR against the stated behavior and the relevant command-descriptor/session-routing/provider-test constraints. The earlier blocker is addressed: action event display positionals now redact typed text, clipboard writes, push/trigger payloads, and unknown command args by default, while preserving safe refs/targets and lengths. The event command is routed through the descriptor-derived observability path, reads the session-owned events.ndjson without self-appending poll noise, and request start/finish recording goes through the request-scope/finalization path with thrown-error coverage. Code gates are green; Bundle Size and deploy-preview are skipped/non-code. Residual risk: no live device run was included, but this is daemon/session-artifact plumbing and provider/remote scenarios cover the shipped request path.

@thymikee thymikee added the ready-for-human Valid work that needs human implementation, judgment, or maintainer merge label Jul 7, 2026
@thymikee

thymikee commented Jul 7, 2026

Copy link
Copy Markdown
Member

One privacy hardening issue remains in the latest fix: harden session event privacy commit:\n\nsanitizeActionDisplayText replaces raw positionals in their original order. If one raw positional is a substring of a later sensitive positional, the shorter replacement mutates the message first and the longer value no longer matches. For example, an unknown/future action with positionals like ["token", "my-token-123"] and message Ran my-token-123 can become Ran my-<arg:5 chars>-123, leaking the prefix/suffix of the longer argument into events.ndjson.\n\nPlease replace longer raw values before shorter ones, or otherwise build a single replacement pass that cannot partially consume overlapping sensitive strings. Add a regression test with overlapping positionals so the event summary/details message contains only the length-only placeholders.

@thymikee thymikee removed the ready-for-human Valid work that needs human implementation, judgment, or maintainer merge label Jul 7, 2026
Copilot AI review requested due to automatic review settings July 7, 2026 11:24

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

@thymikee

thymikee commented Jul 7, 2026

Copy link
Copy Markdown
Member

Review pass on the latest event-log/redaction head found no actionable blockers. I checked the daemon event append/read path, action-summary redaction, thrown-request finish events, open-result eventLogPath plumbing, CLI/client observability surface, and provider-output guard coverage. Current checks are green apart from expected skipped preview/size jobs, so this looks ready for maintainer judgment.

@thymikee thymikee added the ready-for-human Valid work that needs human implementation, judgment, or maintainer merge label Jul 7, 2026
Copilot AI review requested due to automatic review settings July 7, 2026 16:07
@thymikee thymikee force-pushed the szdziedzic-codex/session-event-log branch from 6159de6 to c7928d3 Compare July 7, 2026 16:07

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review is ineligible. To be eligible to request a review, you need a paid Copilot license, or your organization must enable Copilot code review.

@thymikee thymikee force-pushed the szdziedzic-codex/session-event-log branch from c7928d3 to d9b1134 Compare July 7, 2026 16:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ready-for-human Valid work that needs human implementation, judgment, or maintainer merge

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants