Skip to content

feat: add session event timeline#1032

Draft
szdziedzic wants to merge 6 commits into
callstack:mainfrom
szdziedzic:szdziedzic-codex/session-event-log
Draft

feat: add session event timeline#1032
szdziedzic wants to merge 6 commits into
callstack:mainfrom
szdziedzic:szdziedzic-codex/session-event-log

Conversation

@szdziedzic

@szdziedzic szdziedzic commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Add a daemon-owned events.ndjson timeline under each session state dir so EAS and local tooling can show what the agent did during a run.
  • Record request start/finish entries and recorded actions, with sensitive typed text redacted while keeping target/ref/coordinate and duration context.
  • Expose the timeline through agent-device events, the typed observability client, and open-result eventLogPath for direct VM/local file collection.

Validation

Verified with focused daemon/session-store/observability/CLI/remote-daemon tests, pnpm typecheck, pnpm format, pnpm build, and pnpm check:unit outside the sandbox. Unit + smoke passed: 2,979 unit tests and 9 smoke tests; the live web smoke stayed skipped because AGENT_DEVICE_WEB_E2E was not set.

Touched-file count: 23. Scope stayed within session event logging, observability command surface, client/open result plumbing, and remote RPC coverage.

@thymikee

thymikee commented Jul 2, 2026

Copy link
Copy Markdown
Member

I found one issue that should be fixed before this merges:

The event timeline still leaks raw payload-bearing positionals for commands outside the current type/fill/find special cases. buildDisplayPositionals in src/daemon/session-event-action.ts falls back to action.positionals for most commands, so session-recorded actions like clipboard write <secret> from src/daemon/handlers/session.ts and inline push <app> <payload-json> from the same handler can persist the raw secret/payload into events.ndjson.

That matters more now because this PR exposes eventLogPath for collection by local/EAS tooling. The fix should centralize display-positionals redaction for every command that carries user text or inline payloads, not just typed input. The rest of the architecture looks like a good fit: session-owned timeline, observability command exposure, and request start/finish recording at the request-scope/finalization layer.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants