Inputs
- •Accept a session file name or full path from the user.
- •Default session root to
~/.codex/sessionswhen only a file name is provided. - •Confirm the resolved file exists before running search commands.
Search Strategy
Each event is a single long JSON line. Avoid raw full-line searches that flood output.
- •Count matches first.
- •Pull short snippets around matches.
- •Narrow snippets with a second filter.
- •Open full context only after locating a precise target.
Always use at least one output limiter:
- •
-cfor counts - •
-o '.{0,60}pattern.{0,60}'for snippets - •
-M 200or-M 500to truncate long lines - •
| head -20to cap result count
Core Commands
bash
# 1) Count first
rg -c 'search_term' ~/.codex/sessions/<session-file>.jsonl
# 2) Snippets with local context
rg -o '.{0,60}search_term.{0,60}' ~/.codex/sessions/<session-file>.jsonl | head -20
# 3) Narrow further
rg -o '.{0,60}search_term.{0,60}' ~/.codex/sessions/<session-file>.jsonl | rg 'new_string'
# 4) Full context only when needed
rg '"name":"Edit".*search_term' ~/.codex/sessions/<session-file>.jsonl -M 500
Never run:
bash
rg 'pattern' ~/.codex/sessions/<session-file>.jsonl
Useful Patterns
bash
# Human user inputs
rg -o '.{0,40}"type":"user".{0,80}"userType":"external".{0,40}' <session.jsonl> | head -10
# Tool edits
rg -c '"name":"Edit"' <session.jsonl>
rg -o '.{0,60}"name":"Edit".{0,60}' <session.jsonl> | head -10
# Commands run by shell tools
rg -o '.{0,100}"command":"[^"]*".{0,40}' <session.jsonl> | head -20
# Mentions tied to file edits
rg -o '.{0,60}auth.{0,60}' <session.jsonl> | rg 'file_path'
JSONL Reference
Use these keys when filtering:
- •Message roles:
"type":"user","type":"assistant","type":"tool_result" - •Human messages:
"userType":"external" - •Tool blocks:
"type":"tool_use" - •Common tool names:
"name":"Edit","name":"Write","name":"Bash","name":"Task" - •Useful fields:
"timestamp","agentId","input"
Workflow
- •Resolve session path from user input (
<name>.jsonlor full path). - •Ask for a target term if none is provided.
- •Run count, then snippets, then narrowed snippets.
- •Run full-context grep only for promising matches.
- •Report concise findings with quoted snippets and exact command(s) used.
Safety
- •Keep searches read-only.
- •Redact secrets if surfaced in snippets.
- •Prefer targeted patterns over broad regex to reduce accidental disclosure.