Skip to content

Add end-of-run summary output to logira run #1

Closed
#8
Closed
Add end-of-run summary output to logira run#1
#8
Labels
area:cliCommand-line interface and user-facing commandspriority:mustRequired for the target milestonetype:featureNew functionality or user-visible behavior change
Milestone
v0.2.0
@melonattacker

Description

@melonattacker
melonattacker
opened on Mar 15, 2026

Motivation

logira run -- <command> records a run, but users currently need to run follow-up commands such as logira view last or logira explain last to understand what happened.

For the main use case — running Claude/Codex with strong permissions in a local environment — users should immediately know:

  • Did anything suspicious happen?
  • How many exec/file/net events were recorded?
  • Were any detections triggered?
  • How risky does the run look?
  • Which command should I run next to inspect details?

The end-of-run experience should make logira useful after a single run.

Goal

Display a concise summary automatically when logira run finishes.

Example:

[logira] run 20260507-143022-claude finished in 2m34s, exit=0
  events:      47 exec, 123 file, 18 net
  detections:  2 high, 1 medium, 0 low
  risk:        HIGH

  top detections:
    HIGH   F021   read aws credentials/config: ~/.aws/credentials
    HIGH   E001   possible curl|sh execution pattern
    MED    F132   write shell startup file

  next:
    logira view 20260507-143022-claude
    logira explain 20260507-143022-claude --show-related

Scope

Implement end-of-run summary output for logira run.

The summary should include:

  • run ID

  • run duration

  • audited command exit code

  • event counts by type

    • exec
    • file
    • net

  • detection counts by severity

    • info
    • low
    • medium
    • high

  • simple run risk level

  • top detections

  • next-command hints

Risk level

For v0.2.0, risk scoring should stay simple:

HIGH   = one or more high-severity detections
MEDIUM = one or more medium-severity detections and no high detections
LOW    = one or more low/info detections and no medium/high detections
NONE   = no detections

This does not need to be configurable in v0.2.0.

CLI design

Add a summary flag:

logira run --summary auto -- claude
logira run --summary off -- claude
logira run --summary detections -- claude

Suggested behavior:

  • auto: default human-readable summary
  • off: suppress summary
  • detections: show only detection/risk summary

The summary should be written to stderr so that the audited command's stdout is not polluted.

Non-goals

This issue should not implement:

  • report export
  • Markdown/HTML output
  • auto-capture
  • watch mode
  • cloud upload
  • UI
  • configurable risk scoring

Acceptance criteria

  • logira run -- <command> prints a concise summary after the command exits.

  • The summary includes event counts.

  • The summary includes detection counts by severity.

  • The summary includes a simple risk level.

  • The summary includes useful next-command hints.

  • --summary off suppresses the summary.

  • The audited command's exit code is preserved.

  • The audited command's stdout is not mixed with summary output.

  • Tests cover:

    • no detections
    • low/medium/high detections
    • non-zero audited command exit
    • summary disabled

Notes

This is the only must-have issue for v0.2.0.

The v0.2.0 goal is to make a single logira run immediately understandable.

Metadata

Metadata

Assignees

No one assigned

    Labels

    area:cliCommand-line interface and user-facing commandspriority:mustRequired for the target milestonetype:featureNew functionality or user-visible behavior change

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions