Problem
AgentSight fails to capture SSL/TLS traffic from certain agent processes:
- SSL attach failure: When a process runs as a different uid (e.g. codex spawned by runloop with privilege drop),
/proc/<pid>/maps is unreadable, causing SSL uprobe attach to fail silently.
- Premature SSE stream termination:
response.completed events from the OpenAI Responses API routinely exceed the 16KB parse limit. The current logic terminates the SSE stream based on the event-type header alone, losing usage/token data carried in the remaining chunks.
- Uprobe inode leak: On process exit, uprobe inode tracking is only cleaned up for recognized agent processes. Child processes that were attached via global uprobes retain stale inode entries, preventing re-attach.
Expected Behavior
- SSL attach should fall back to exe-path lookup via the codex offset table when maps is unreadable
- SSE streams should stay open until the HTTP chunked end marker, not terminate on event-type headers
- Done events must not be deduplicated away (they carry usage data)
- All uprobe inode tracking should be cleaned up on any process exit
Problem
AgentSight fails to capture SSL/TLS traffic from certain agent processes:
/proc/<pid>/mapsis unreadable, causing SSL uprobe attach to fail silently.response.completedevents from the OpenAI Responses API routinely exceed the 16KB parse limit. The current logic terminates the SSE stream based on the event-type header alone, losing usage/token data carried in the remaining chunks.Expected Behavior