Skip to main content
For monitored agents, Oso captures the full content of each session: every prompt, completion, tool call, and piece of data that flows through the agent. You can use this data to investigate flagged sessions, review agent behavior, and verify what data agents accessed.

What you see

For each monitored session, Oso captures:
  • Prompts: what the user asked the agent to do
  • Completions: what the agent responded with
  • Tool calls: which tools the agent invoked and with what parameters
  • CLI tools and MCP servers: what external tools and integrations the agent is connected to
  • Data flow: what data entered and left the agent’s context
Sessions are presented as a chronological timeline, so you can trace the full sequence of exchanges from start to finish.

Monitored agents

Full session monitoring is available for agents whose traffic flows through Oso. The following agents are currently supported:
EnvironmentMonitored agents
Web appsClaude.ai, ChatGPT, Gemini
DesktopClaude Desktop, Cursor, Antigravity
CLIClaude Code, Codex, Gemini CLI
The list of monitored agents is expanding. Agents that are discovered but not yet monitored still provide inventory-level visibility (agent, users, devices, last seen).

How monitoring works

Session monitoring requires agent traffic to flow through Oso. There are two paths:
  1. Edge proxy: configure the agent to use agents.osohq.cloud as its LLM base URL. This works for CLI and desktop agents that support custom endpoints. See the Quickstart for setup.
  2. Browser extension: for web-based agents, the Oso browser extension captures session content from supported AI web apps. See Browser Extension for setup.

Using session data

Session monitoring supports several workflows:

Investigating alerts

When an alert fires, you can drill into the session timeline to see exactly what happened: what the user asked, what the agent did, and what data was involved.

Reviewing behavior patterns

Session data shows which tools agents invoke, what kinds of tasks they are applied to, and how usage changes over time.

Verifying data exposure

The session timeline records what data entered and left the agent’s context window. You can use this to determine whether an agent accessed or transmitted sensitive data.