AI 9 min read

Do You Know What Commands Your AI Agent Ran?

AI coding assistants run dozens of shell commands per prompt. Most developers never review them. Here is why that matters and how to get full visibility.

Madhubalan Appachi ·

You open Claude Code, type a prompt — "refactor the auth module to use JWT" — and walk away to grab coffee. When you come back, the task is done. New files, updated tests, a clean diff. You review the code changes, run the tests, push to main. Job well done.

But here's a question: do you know what shell commands Claude ran to get there?

If you're like most developers, the answer is no. And that should bother you.

The Invisible Execution Problem

AI coding assistants like Claude Code, Cursor, and Codex don't just write code. They execute code. They run shell commands in your terminal: installing packages, running tests, reading files, modifying configs. A single prompt can trigger dozens of commands.

The problem is visibility. Most developers interact with AI agents through a chat-style interface. The conversation scrolls, commands fly by. Even when people try, it's easy to miss the npm install sketchy-package buried between forty cat and grep calls.

Here's what a single AI prompt actually looks like under the hood:

$ suv search --executor claude-code --last 1h

 #  Time   Exit  Duration  Command
 1  14:32  0     12ms      cat src/auth/jwt.ts
 2  14:32  0     8ms       cat src/auth/types.ts
 3  14:32  0     15ms      grep -r "authenticate" src/
 4  14:32  0     6ms       cat src/middleware/auth.ts
 5  14:33  0     45ms      cat tsconfig.json
 6  14:33  0     3200ms    npm install jsonwebtoken @types/jsonwebtoken
 7  14:33  0     8ms       cat package.json
 8  14:34  0     12ms      mkdir -p src/auth/jwt
 9  14:34  0     5ms       cat src/auth/session.ts
10  14:34  0     6ms       grep -rn "import.*auth" src/
11  14:35  0     8ms       cat src/routes/api.ts
12  14:35  0     4ms       cat src/config/env.ts
13  14:35  0     2100ms    npx tsc --noEmit
14  14:36  0     3ms       chmod +x scripts/migrate-auth.sh
15  14:36  0     850ms     ./scripts/migrate-auth.sh
16  14:36  0     15ms      cat src/auth/jwt/verify.ts
17  14:37  0     6ms       grep -n "SECRET" .env.example
18  14:37  0     5200ms    npm test -- --testPathPattern=auth
19  14:38  0     12ms      cat test/auth/jwt.test.ts
20  14:38  0     4800ms    npm test -- --testPathPattern=auth
21  14:39  0     8ms       cat src/auth/index.ts
22  14:39  0     6ms       grep -rn "session" src/middleware/
23  14:39  0     3ms       cat src/auth/jwt/sign.ts
24  14:40  0     2ms       cat src/auth/jwt/decode.ts

24 commands found (executor: claude-code)

Twenty-four commands. Package installations, script executions, permission changes. All of this happened in your terminal, under your user account, with your filesystem permissions. And unless you were watching the chat scroll in real time, you probably didn't review any of it.

Why This Matters More Than You Think

Security

Every command an AI agent runs has the same permissions you do. It can read your .env files, install packages, modify configs, and execute arbitrary scripts. Most AI tools have safety guardrails, but the attack surface is real: malicious packages, prompt injection via file contents, or simply an AI making a well-intentioned but dangerous decision like running rm -rf in the wrong directory.

Without a record of what was executed, you have no way to audit what actually happened during an AI-assisted session.

Debugging

When something breaks after an AI session, the first question is always: "what changed?" If you only reviewed the code diff, you're missing half the picture. Maybe the agent installed a conflicting package version. Maybe it ran a migration script. Maybe it modified a config file and then overwrote it. The command history tells the full story.

Learning

AI agents often use clever command patterns you wouldn't think of. Reviewing what they ran — not just what they wrote — teaches you new tools, flags, and workflows. But you can only learn from what you can see.

How Suvadu Solves This

Suvadu is a shell history tool built in Rust that records every command with rich metadata: timestamp, working directory, exit code, duration, and — critically — executor attribution. It knows who ran each command.

Automatic Executor Detection

Suvadu checks 20+ environment variables to identify the executor — covering AI agents (Claude Code, Codex CLI, Aider), IDEs (Cursor, VS Code, Antigravity, Windsurf), and CI/CD platforms (GitHub Actions, GitLab CI, CircleCI). Detection is automatic on every command.

Claude Code Integration

Claude Code supports PostToolUse hooks, which means Suvadu can capture commands the moment they execute — not just when they appear in the shell's history file. Setup is one command:

$ suv init claude-code

This installs a hook in Claude Code's configuration that calls suv add after every tool execution. Every cat, every grep, every npm install — captured with the executor tagged as claude-code.

Cursor Integration

Cursor runs commands through its integrated terminal. Suvadu's shell hooks detect Cursor's environment variables and automatically tag those commands with the cursor executor. No additional setup required beyond the standard suv init.

Antigravity Integration

Antigravity, like Cursor, uses an integrated terminal. Suvadu detects it via its environment signatures and tags commands as antigravity. Again, automatic — just have Suvadu's shell hooks active.

Searching by Executor

Once commands are tagged, you can slice your history by executor:

# Show everything Claude Code ran today
$ suv search --executor claude-code --today

# Show commands Cursor ran in a specific directory
$ suv search --executor cursor --dir ~/projects/api

# Show all AI-executed commands that failed
$ suv search --executor claude-code --exit-code 1

# Compare: what did YOU run vs what the AI ran?
$ suv search --executor human --last 2h
$ suv search --executor claude-code --last 2h

Stats by Executor

Suvadu's stats command breaks down your usage by executor, giving you a clear picture of the human-to-AI ratio in your terminal:

$ suv stats --last 7d

Executor Breakdown (last 7 days):
  human        1,247 commands  (62%)
  claude-code    583 commands  (29%)
  cursor         142 commands  (7%)
  github-ci       38 commands  (2%)

Top commands by claude-code:
  cat           189 (32%)
  grep           97 (17%)
  npm            64 (11%)
  node           45 (8%)
  tsc            38 (7%)

A Practical Workflow

Here's how executor tracking fits into a real development workflow:

  1. Before the AI session: Note the time or start a tagged session with suv session start "jwt-refactor".
  2. During: Let the AI agent work. Don't worry about watching every command scroll by.
  3. After: Run suv search --executor claude-code --last 1h to review everything the agent did.
  4. Audit: Check for unexpected package installations, permission changes, or commands that accessed sensitive files.
  5. Learn: Look at the command patterns the AI used. Often you'll discover new flags or tools you didn't know about.

This takes about two minutes and gives you complete visibility into an AI session that might have run for thirty minutes and executed dozens of commands.

The Bigger Picture

AI coding assistants are becoming a standard part of the development workflow. That's a good thing — they genuinely make us more productive. But productivity without visibility is a liability.

We wouldn't accept a CI pipeline that doesn't log its commands. We wouldn't accept a deployment script that runs silently. We shouldn't accept AI agents that execute dozens of commands with no persistent, searchable, auditable record.

Executor tracking isn't about distrusting AI tools. It's about applying the same observability standards to AI-assisted development that we already apply to every other automated process in our stack.

What's Next: MCP

Suvadu recently gained a built-in MCP (Model Context Protocol) server. This flips the relationship: instead of just passively recording what agents do, your shell history becomes an active resource that AI agents can query. Claude Code can search your recent commands, check what failed, see what changed in a directory, and get context-aware suggestions — all from your local database. The agents that run commands can now learn from the history of commands. See How AI Agents Query Your Shell History via MCP for the full story.

Trust your AI tools. But verify what they did. Your shell history should make that effortless.

Install Suvadu, run suv init claude-code, and start building a complete record of every command that runs in your terminal — human or otherwise.

#ai-agents#claude-code#cursor#security#executor-tracking#developer-tools
← All posts Star on GitHub