Skip to content

feat(sight): support Codex LLM call capture #1036

Description

@Daydreamer-Li

Problem

AgentSight currently does not support capturing LLM calls from OpenAI Codex. Codex is built as a stripped static-PIE musl Rust binary that links rustls + ring, which the existing sslsniff probe cannot cover:

  • No stable exported symbols like SSL_write / SSL_read after stripping.
  • Rust ABI is unstable and compiler-specific.
  • Trait methods are often monomorphized or inlined, so there is no stable vtable entry.
  • Function prologues change across compilations, unlike BoringSSL.

As a result, AgentSight cannot observe Codex's Chat Completions request body or reliably compute input/output token counts.

Proposed Solution

Add a rustls-aware plaintext capture path for static Rust binaries:

  1. Discover candidate hook offsets generically via .eh_frame, .rodata rustls source paths, and panic::Location cross-references.
  2. Attach a minimal BPF uprobe tap on the discovered candidates.
  3. Reassemble plaintext fragments into OpenAI-style SSE streams for the existing analyzer pipeline.
  4. Find a request-side hook point inside the rustls/ring encryption path so that request.messages and token metadata can be captured or computed locally.

Component

  • sight (agentsight)
  • cosh (copilot-shell)
  • agent-sec (agent-sec-core)
  • tokenless
  • Other:

Additional Context

The response-side SSE stream can already be reconstructed in prototype work, but without the request side the record remains incomplete. The root cause is that Codex encrypts the request body through rustls internal paths that differ from the decryption paths the current candidates intercept.

Metadata

Metadata

Labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions