feat: v4 agent observability — logging, notifications, terminal improvements#78
Merged
itscooleric merged 19 commits intodevfrom Mar 14, 2026
Merged
feat: v4 agent observability — logging, notifications, terminal improvements#78itscooleric merged 19 commits intodevfrom
itscooleric merged 19 commits intodevfrom
Conversation
Replace the npm-installed Claude Code CLI with the official native installer (curl -fsSL https://claude.ai/install.sh | sh). This eliminates the auto-update permission error that occurred because the npm global prefix was owned by root while claude runs as clide. The native binary at ~/.local/bin/claude is self-updating — no more version pinning or container rebuilds needed to get new Claude releases. Node.js is retained for Codex CLI and entrypoint config scripts. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…41, #42, #44) Add session-logger.sh that wraps agent CLI sessions with: - JSONL event logging (session_start/session_end) with schema_version=1 - Raw transcript capture via `script` command, gzipped on exit - Secret scrubbing (blocklist + heuristic) on all logged output - Automatic retention: prune oldest sessions beyond CLIDE_MAX_SESSIONS (default 30) - Agent-agnostic: works with claude, codex, copilot, or any command Wired into claude-entrypoint.sh so all agent sessions are logged automatically. Disable with CLIDE_LOG_DISABLED=1. Adds docs/schema/session-events-v1.md documenting the event format. Closes #41, closes #42, closes #44 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The install script from claude.ai uses bash syntax (parentheses in conditionals) which fails under dash (Ubuntu's default sh). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Bump scrollback 10k → 50k (long agent output) - Zero escape-time (no vim lag) - Enable focus-events + OSC 52 clipboard - F12 toggles mouse mode (mobile-friendly) - Dark theme status bar with active command display - Subtle pane borders - Fix reload bind to use ~/.tmux.conf (was /root/) - ttyd --reconnect 3 for auto-reconnect on disconnect Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds notify.sh — background watcher that tails the transcript and sends push notifications via ntfy when: - Agent needs approval (permission prompts) - Agent needs input - Errors occur - Task completes 30s cooldown between notifications to avoid spam. Fully opt-in via CLIDE_NTFY_URL env var. Works with any self-hosted or public ntfy instance. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ttyd 1.7.7 doesn't have --reconnect as a server flag — it's a client-side option passed via --client-option reconnect=N. This was causing exit code 254 crash loops. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Documents how to move auth from ttyd --credential (leaks password to process args and docker logs) to Caddy reverse proxy layer. Labels go in docker-compose.override.yml since they can't be conditional. Co-Authored-By: Claude Opus 4.6 <parameter>noreply@anthropic.com>
ttyd prints --credential args in its startup banner, leaking passwords into `docker logs`. Filter output through sed to redact TTYD_PASS. Simpler than moving auth to Caddy (bcrypt $ breaks compose interpolation) and keeps auth config in one place (.env). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ttyd 1.7.7 prints the credential both as plaintext and base64 in its startup banner. Scrub both forms. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Piping exec through sed made sed PID 1 instead of ttyd, breaking health checks and signal handling. Revert to clean exec. ttyd logs the credential as base64 which is acceptable since docker logs requires host access. Unset TTYD_PASS from env so child processes (shells, agents) can't read it. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Downloads and trusts a CA certificate on container startup so internal TLS services (ntfy, gitlab, etc.) work with https. Graceful — logs a warning and continues if the download fails. Skips if already installed (avoids duplicate work when entrypoint.sh calls claude-entrypoint.sh). Set CLIDE_CA_URL in .env to the URL of your CA cert. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Raw terminal transcripts are too noisy (ANSI escapes, partial writes) for reliable pattern matching. Replaced background tail -f watcher with simple event-based calls: start, end, error. Session logger fires notifications directly at session boundaries. Approval-prompt notifications will require structured output (--output-format stream-json or SDK) — tracked as future work. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The web entrypoint runs claude-entrypoint.sh true to pre-seed config. This was creating spurious sessions and firing false start/end notifications. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Typing claude/codex/copilot in any shell now automatically goes through session-logger.sh for structured logging and notifications. No need to remember session-logger.sh prefix. Disable with CLIDE_LOG_DISABLED=1. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Bump version banner to v4 - Add session logging section with env vars - Add push notifications (ntfy) section - Add LAN CA certificate section - Add F12 mouse toggle to tmux shortcuts - Document auto-reconnect - Add session events schema to docs table Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
itscooleric
changed the title
- SC2148: add shellcheck directive to .bashrc - SC2086: disable for intentional word splitting of AGENT_CMD - SC2012: disable for intentional ls -1dt sorting by mtime - MD040: add language to fenced code block in README Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
v4 observability and terminal improvements:
--client-option reconnect=3for resilient connectionsCLIDE_CA_URLfor internal TLS servicesTTYD_PASSunset from env after ttyd starts; base64 credential in docker logs is acceptable (host-access-only)claude/codex/copilotautomatically go through session-logger — no prefix neededcurl | bashinstead of npm (self-updating)Env vars added
CLIDE_LOG_DISABLEDCLIDE_MAX_SESSIONS30CLIDE_NTFY_URLCLIDE_NTFY_TOPICclideCLIDE_NTFY_DISABLEDCLIDE_CA_URLFiles changed
scripts/session-logger.sh— core session logging wrapperscripts/notify.sh— ntfy notification sender.bashrc— auto-wrap agent CLIs through session-logger.tmux.conf— terminal UI improvementsentrypoint.sh— CA cert install, credential cleanup, reconnectclaude-entrypoint.sh— CA cert install, session logger wiringDockerfile— add new scripts, native Claude installerdocker-compose.yml— new env varsdocs/schema/session-events-v1.md— event format documentationREADME.md— v4 docsTest plan
🤖 Generated with Claude Code