Skip to content

[sight] fix(sight): SSL capture fails for privilege-drop processes and SSE large payload truncation #1355

Description

@Daydreamer-Li

Problem

AgentSight fails to capture SSL/TLS traffic from certain agent processes:

  1. SSL attach failure: When a process runs as a different uid (e.g. codex spawned by runloop with privilege drop), /proc/<pid>/maps is unreadable, causing SSL uprobe attach to fail silently.
  2. Premature SSE stream termination: response.completed events from the OpenAI Responses API routinely exceed the 16KB parse limit. The current logic terminates the SSE stream based on the event-type header alone, losing usage/token data carried in the remaining chunks.
  3. Uprobe inode leak: On process exit, uprobe inode tracking is only cleaned up for recognized agent processes. Child processes that were attached via global uprobes retain stale inode entries, preventing re-attach.

Expected Behavior

  • SSL attach should fall back to exe-path lookup via the codex offset table when maps is unreadable
  • SSE streams should stay open until the HTTP chunked end marker, not terminate on event-type headers
  • Done events must not be deduplicated away (they carry usage data)
  • All uprobe inode tracking should be cleaned up on any process exit

Metadata

Metadata

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions