Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,23 @@ new version heading in the same commit.

## [Unreleased]

## [0.221.0] — 2026-07-16
### Added
- **Session activity trail — every object a run opened, with live status.** The per-session activity
panel (`GET /api/sessions/:id/activity` + the `SessionActivity` component) now answers "what is this
session doing / done?", not just "which primitives did it touch". Two changes: (1) **coverage** — the
classifier (`src/state/session-activity.ts`) gained `secrets` / `skills` / `policy` categories, so
`secret.put`/`secret.get`/`secret.requested`, `skill.proposed`/`skill.requested` and `policy.proposed`
surface as first-class trail entries instead of falling into `other`; (2) **live status** — each
object-bearing entry carries an `ActivityTarget` (`{kind,id}`), and the route resolves that target's
CURRENT state from its live store (a task's `todo→doing→done`, a KB page's `rev N`, a secret's
`stored`, a proposal card's `pending→approved/rejected`) and returns it as `status`/`statusTone`. The
console panel is now a right-docked **side panel** with an **Objects | Timeline** toggle: Objects
collapses the trail to one row per live object (outstanding ones first) with a status chip; Timeline is
the full chronological feed. It **polls while the run is alive**, so a task's status updates in place.
Audit stays the single spine — no new tables, no migration; adding a plane is one classifier case + one
resolver.

## [0.220.0] — 2026-07-16
### Added
- **Chat renders Library deliverables inline.** When an agent produces a Library artifact mid-conversation
Expand Down
4 changes: 2 additions & 2 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "agent-os",
"version": "0.220.0",
"version": "0.221.0",
"description": "A generic, governed operating system for running autonomous agents safely across brands. Ships with a local web console.",
"license": "MIT",
"type": "commonjs",
Expand Down
98 changes: 98 additions & 0 deletions scripts/session-trail-test.cjs
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
#!/usr/bin/env node
/* Session-trail test: the /api/sessions/:id/activity endpoint now (1) classifies secrets/skills/policy
* effects and (2) attaches each object's LIVE status resolved from its store (task todo→done, KB rev,
* proposal pending→approved, secret stored). Boots a real in-process HTTP server + registry, seeds one
* session's audit stream + the live objects, and asserts the endpoint's output. Isolated home. */
const fs = require('fs'); const os = require('os'); const path = require('path');
const ROOT = path.resolve(__dirname, '..');
const HOME = fs.mkdtempSync(path.join(os.tmpdir(), 'aos-trail-test-'));
process.env.AGENT_OS_HOME = HOME; process.env.AGENT_OS_TENANT = 'testco';
process.env.AGENT_OS_OWNER_EMAIL = 'owner@test';
delete process.env.AGENT_OS_SECRET_KEY;
let pass = 0, fail = 0;
const assert = (c, name, d) => c ? (pass++, console.log(` \x1b[32m✓\x1b[0m ${name}`)) : (fail++, console.log(` \x1b[31m✗ ${name}\x1b[0m${d ? ' — ' + d : ''}`));

const { TenantRegistry } = require(path.join(ROOT, 'dist/tenant-registry.js'));
const { createHttpServer } = require(path.join(ROOT, 'dist/server.js'));

(async () => {
const registry = new TenantRegistry(ROOT, 0);
registry.bootAll();
const rt = registry.get('testco');
const { os: aos } = rt;
const T = aos.tenant;

// owner cookie — invite + accept mints a real auth session id
const { token } = aos.team.invite({ email: 'tester@test', role: 'owner' });
const sid = aos.team.acceptToken(token).sid;
const cookie = `aos_sid=${sid}`;

// a session row (owner is run_as so canViewSession trivially passes)
const SID = 'ts_trail1';
aos.db.prepare(
"INSERT INTO term_sessions (id,agent,title,task,tmux,status,headless,resident,run_as,spawned_by,created_at,updated_at) VALUES (?,?,?,?,?,?,?,?,?,?,?,?)"
).run(SID, 'website-bot', 'trail run', 'do stuff', 'aos-' + SID, 'running', 1, 0, null, null, Date.now(), Date.now());

// audit stream for the run — one effect per plane we care about
let t = Date.now();
const audit = (type, data) => aos.db
.prepare("INSERT INTO audit_events (ts,run_id,tenant,type,principal,data) VALUES (?,?,?,?,?,?)")
.run(t++, SID, T, type, 'website-bot', JSON.stringify(data));
audit('task.created', { id: 'tk1', title: 'migrate the DB' });
audit('task.updated', { id: 'tk1', status: 'doing' });
audit('secret.put', { key: 'STRIPE_KEY', principal: '*' });
audit('secret.requested', { key: 'OPENAI_KEY', mode: 'provide' });
audit('skill.proposed', { name: 'triage-flow', description: 'triage playbook' });
audit('policy.proposed', { kind: 'tighten', capability: 'Bash' });
audit('kb.written', { section: 'engineering', slug: 'deploy', rev: 1 });

// live objects the statuses resolve against
const now = Date.now();
aos.db.prepare("INSERT INTO tasks (id,tenant,title,body,status,priority,labels,created_by,created_at,updated_at,updated_by) VALUES (?,?,?,?,?,?,?,?,?,?,?)")
.run('tk1', T, 'migrate the DB', '', 'doing', 2, '[]', 'agent:website-bot', now, now, 'agent:website-bot');
aos.db.prepare("INSERT INTO secrets (tenant,principal,key,value_enc,updated_at,updated_by) VALUES (?,?,?,?,?,?)")
.run(T, '*', 'STRIPE_KEY', 'x', now, 'agent:website-bot');
aos.db.prepare("INSERT INTO kb_pages (id,tenant,section,slug,title,tags,body,rel_path,rev,created_at,updated_at,updated_by) VALUES (?,?,?,?,?,?,?,?,?,?,?,?)")
.run('kp1', T, 'engineering', 'deploy', 'Deploy', '[]', '# deploy', 'kb/engineering/deploy.md', 3, now, now, 'agent:website-bot');
// proposal cards carry their own live status; secret-request approved, skill/policy still pending(open)
const addMsg = (id, type, status, args) => aos.db
.prepare("INSERT INTO messages (id,type,session_id,agent,title,body,status,args,created_at) VALUES (?,?,?,?,?,?,?,?,?)")
.run(id, type, SID, 'website-bot', 't', 'b', status, JSON.stringify(args), now);
addMsg('m_sec', 'secret.request', 'approved', { key: 'OPENAI_KEY', mode: 'provide' });
addMsg('m_skl', 'skill.proposed', 'open', { skill: 'triage-flow' });
addMsg('m_pol', 'policy.proposal', 'open', { delta: { kind: 'tighten', match: { capability: 'Bash' } } });

const server = createHttpServer(registry);
await new Promise((r) => server.listen(0, '127.0.0.1', r));
const port = server.address().port;
const res = await fetch(`http://127.0.0.1:${port}/api/sessions/${SID}/activity`, { headers: { cookie } });
const body = await res.json();

console.log('\n\x1b[1mSession activity trail — coverage + live status\x1b[0m');
assert(res.status === 200, 'endpoint returns 200', `${res.status} ${JSON.stringify(body)}`);
const ev = body.events || [];
const by = (prim) => ev.find((e) => e.primitive === prim) || {};

// (1) coverage — the new categories surface (were previously 'other')
assert(by('secret_put').category === 'secrets', 'secret.put → secrets category');
assert(by('secret_request').category === 'secrets', 'secret.requested → secrets category');
assert(by('skill_propose').category === 'skills', 'skill.proposed → skills category');
assert(by('policy_propose').category === 'policy', 'policy.proposed → policy category');

// (2) live status resolution
assert(by('task_create').status === 'doing' && by('task_create').statusTone === 'open', 'task → live status "doing" (open)', JSON.stringify(by('task_create')));
assert(by('task_update').status === 'doing', 'task_update entry also resolves to current "doing"');
assert(by('secret_put').status === 'stored', 'secret → "stored" (exists in vault)', JSON.stringify(by('secret_put')));
assert(by('kb_write').status === 'rev 3' && by('kb_write').statusTone === 'muted', 'kb_write → current "rev 3"', JSON.stringify(by('kb_write')));
assert(by('secret_request').status === 'approved' && by('secret_request').statusTone === 'done', 'secret_request → card status "approved" (done)', JSON.stringify(by('secret_request')));
assert(by('skill_propose').status === 'pending' && by('skill_propose').statusTone === 'open', 'skill_propose → card "pending" (open)', JSON.stringify(by('skill_propose')));
assert(by('policy_propose').status === 'pending' && by('policy_propose').statusTone === 'open', 'policy_propose → card "pending" (open)', JSON.stringify(by('policy_propose')));

// summary still groups counts
assert((body.summary || []).some((s) => s.category === 'policy'), 'summary includes the policy category');

console.log(`\n${fail === 0 ? '\x1b[32m' : '\x1b[31m'}SESSION TRAIL: ${pass}/${pass + fail} passed\x1b[0m`);
server.close();
try { fs.rmSync(HOME, { recursive: true, force: true }); } catch {}
process.exit(fail === 0 ? 0 : 1);
})().catch((e) => { console.error(e); try { fs.rmSync(HOME, { recursive: true, force: true }); } catch {} process.exit(1); });
67 changes: 65 additions & 2 deletions src/server.ts
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ import { pendingAlerts } from './edge/alerts';
import { exampleCapabilities } from './capabilities/examples';
import { evaluate } from './observability/evaluation';
import { TerminalManager, AGENT_OS_OPERATING_NOTES } from './terminal';
import { classifyActivity, clipText, ActivityCategory, ActivityEffect } from './state/session-activity';
import { classifyActivity, clipText, ActivityCategory, ActivityEffect, ActivityTarget } from './state/session-activity';
import { readConversation, type ChatArtifactRef } from './edge/conversation';
import { summarizeConversation } from './edge/summarize';
import { Automation, Automations, nextCronRun, derivedConcurrencyCap, chatTitle } from './edge/automations';
Expand Down Expand Up @@ -2301,7 +2301,8 @@ async function handle(os: AgentOS, tm: TerminalManager, autos: Automations, req:
const rows = os.db
.prepare('SELECT ts, type, data FROM audit_events WHERE tenant = ? AND run_id = ? ORDER BY ts ASC, id ASC')
.all<{ ts: number; type: string; data: string }>(os.tenant, id);
type Row = { ts: number; category: ActivityCategory; primitive: string; summary: string; effect?: ActivityEffect };
type StatusTone = 'open' | 'done' | 'blocked' | 'denied' | 'muted';
type Row = { ts: number; category: ActivityCategory; primitive: string; summary: string; effect?: ActivityEffect; target?: ActivityTarget; status?: string; statusTone?: StatusTone };
const events: Row[] = [];
for (const r of rows) {
const d = classifyActivity(r.type, safeJson(r.data));
Expand All @@ -2314,6 +2315,68 @@ async function handle(os: AgentOS, tm: TerminalManager, autos: Automations, req:
.all<{ ts: number; body: string }>(id);
for (const u of ups) events.push({ ts: u.ts, category: 'operator', primitive: 'update', summary: clipText(u.body) });
events.sort((a, b) => a.ts - b.ts);

// Attach each object-bearing entry's CURRENT status — audit is point-in-time ("task created"), so
// this is what turns the trail into "what is it doing/done" (a task's todo→done, a proposal's
// pending→approved). Resolved from the live stores; cached per target so a task touched by several
// events is queried once.
const statusCache = new Map<string, { status: string; tone: StatusTone } | null>();
const msgTone = (s: string): { status: string; tone: StatusTone } =>
s === 'approved' ? { status: 'approved', tone: 'done' }
: s === 'rejected' ? { status: 'rejected', tone: 'denied' }
: s === 'resolved' ? { status: 'resolved', tone: 'muted' }
: { status: 'pending', tone: 'open' };
// Proposal cards (secret-request / skill / policy) are `messages` rows that carry their own live
// status — load this session's once, indexed by the discriminator the classifier stored as target.id.
const skillProp = new Map<string, string>(); // skill name → status
const secretReq = new Map<string, string>(); // secret key → status
const policyProp: Array<{ cap: string; status: string }> = []; // capability → status (in order)
for (const m of os.db
.prepare("SELECT type, status, args FROM messages WHERE session_id = ? AND type IN ('secret.request','skill.proposed','policy.proposal')")
.all<{ type: string; status: string; args: string | null }>(id)) {
const a = safeJson(m.args ?? '') as Record<string, unknown>;
if (m.type === 'skill.proposed' && typeof a.skill === 'string') skillProp.set(a.skill, m.status);
else if (m.type === 'secret.request' && typeof a.key === 'string') secretReq.set(a.key, m.status);
else if (m.type === 'policy.proposal') {
const cap = (a.delta as { match?: { capability?: unknown } } | undefined)?.match?.capability;
if (typeof cap === 'string') policyProp.push({ cap, status: m.status });
}
}
const resolveStatus = (t: ActivityTarget): { status: string; tone: StatusTone } | null => {
const ck = `${t.kind}:${t.id}`;
const cached = statusCache.get(ck);
if (cached !== undefined) return cached;
let out: { status: string; tone: StatusTone } | null = null;
if (t.kind === 'task') {
const row = os.db.prepare('SELECT status FROM tasks WHERE tenant = ? AND id = ?').get<{ status: string }>(os.tenant, t.id);
out = !row ? { status: 'deleted', tone: 'muted' }
: { status: row.status, tone: row.status === 'done' ? 'done' : row.status === 'blocked' || row.status === 'cancelled' ? 'blocked' : 'open' };
} else if (t.kind === 'kb') {
const slash = t.id.indexOf('/');
const section = slash >= 0 ? t.id.slice(0, slash) : t.id, slug = slash >= 0 ? t.id.slice(slash + 1) : '';
const row = os.db.prepare('SELECT rev FROM kb_pages WHERE tenant = ? AND section = ? AND slug = ?').get<{ rev: number }>(os.tenant, section, slug);
out = row ? { status: `rev ${row.rev}`, tone: 'muted' } : { status: 'deleted', tone: 'muted' };
} else if (t.kind === 'approval') {
const row = os.db.prepare('SELECT status FROM approvals WHERE tenant = ? AND id = ?').get<{ status: string }>(os.tenant, t.id);
if (row) out = row.status === 'approved' ? { status: 'approved', tone: 'done' } : row.status === 'rejected' ? { status: 'rejected', tone: 'denied' } : { status: 'pending', tone: 'open' };
} else if (t.kind === 'secret') {
const row = os.db.prepare('SELECT 1 AS ok FROM secrets WHERE tenant = ? AND key = ? LIMIT 1').get<{ ok: number }>(os.tenant, t.id);
out = row ? { status: 'stored', tone: 'muted' } : { status: 'removed', tone: 'muted' };
} else if (t.kind === 'secret-request') {
const s = secretReq.get(t.id); out = s ? msgTone(s) : null;
} else if (t.kind === 'skill-proposal') {
const s = skillProp.get(t.id); out = s ? msgTone(s) : null;
} else if (t.kind === 'policy-proposal') {
const s = policyProp.find((p) => p.cap === t.id)?.status; out = s ? msgTone(s) : null;
}
statusCache.set(ck, out);
return out;
};
for (const e of events) {
if (!e.target) continue;
const r = resolveStatus(e.target);
if (r) { e.status = r.status; e.statusTone = r.tone; }
}
// Grouped count summary (primitive → how many times), most-used first.
const byPrim = new Map<string, { primitive: string; category: ActivityCategory; count: number }>();
for (const e of events) {
Expand Down
Loading
Loading