A few weeks ago I posted about agent-trace. Since then I've been using it daily and shipped v0.8.0

Three things I kept running into:

1. An agent did something unexpected. I didn't know why.

→ Now: agent-strace why 14 walks backwards from event 14. Follows parent links, detects retries, traces read-write pairs on the same file. Stops at the user prompt. Instead of reading the whole replay, you go straight to the cause.

2. A run failed. I fixed something. I didn't know if I actually fixed the right thing.

→ Now: agent-strace diff <broken> <working> aligns both sessions phase by phase and shows exactly what changed — commands, files, outcomes.

3. The agent touched files I didn't expect.

→ Now: agent-strace audit auto-flags env, *.pem, .ssh/*, .aws/credentials, .github/workflows/*. No policy file needed. Add --policy to define what's allowed. Exits 1 in CI.

If you're running Claude Code, Cursor, or any MCP client in a team setting, these are the gaps that make agents hard to trust in practice.

github.com/Siddhant-K-code/agent-trace