How does IncidentScribe parse agent JSONL logs?
IncidentScribe reads JSONL line by line, tolerantly skipping or warning on unknown records while extracting shell commands, file edits, and tool calls. Events are sorted chronologically with offsets, then rendered as Markdown, HTML, or JSON…
How does IncidentScribe parse agent JSONL logs?
Answer
IncidentScribe reads JSONL line by line, tolerantly skipping or warning on unknown records while extracting shell commands, file edits, and tool calls. Events are sorted chronologically with offsets, then rendered as Markdown, HTML, or JSON. Critical commands like DROP DATABASE, git push --force, and rm -rf are highlighted using severity heuristics so reviewers spot destructive actions first.
Related workflows
Pair IncidentScribe timelines with DestructGuard audit logs and the agent safety checklist. Export JSONL from Cursor or Claude Code after an incident, then render a shareable timeline for stakeholders.
Next steps
Open the free timeline viewer to paste or upload a session file, or run `incidentscribe render session.jsonl -o timeline.md` locally. Upgrade to the Postmortem Pack for blameless templates and a GitHub Action that attaches timelines to issues.
FAQ
How does IncidentScribe parse agent JSONL logs?
IncidentScribe reads JSONL line by line, tolerantly skipping or warning on unknown records while extracting shell commands, file edits, and tool calls. Events are sorted chronologically with offsets, then rendered as Markdown, HTML, or JSON. Critical commands like DROP DATABASE, git push --force, and rm -rf are highlighted using severity heuristics so reviewers spot destructive actions first.