Skip to content
Omnodex Omnodex Omnodex Docs

Using the Dashboard

The Omnodex dashboard provides a real-time view of all traced agent activity and risk findings.

Starting the Dashboard

Section titled “Starting the Dashboard”
Terminal window
npx omnodex dashboard

This starts a local web server at http://localhost:7890. The dashboard automatically:

  • Replays existing events from the log
  • Runs detection on any unanalyzed events
  • Opens a live SSE connection for real-time updates

Multi-Source Aggregation

Section titled “Multi-Source Aggregation”

If you run multiple agent surfaces simultaneously (e.g. Cowork on Windows, Claude Code in WSL, Codex in a terminal), each one writes to its own event log under its own ~/.omnodex directory. The dashboard can tail all of them at once, merging events into a single unified timeline.

Option 1: Config file (persistent)

Section titled “Option 1: Config file (persistent)”

Add additional roots to ~/.omnodex/config.json:

{
  "dashboard": {
    "roots": [
      "\\\\wsl$\\Ubuntu\\home\\you\\.omnodex",
      "/mnt/c/Users/you/.omnodex"
    ]
  }
}

The default root (~/.omnodex or $OMNODEX_HOME) is always included automatically — you only need to list the additional roots.

Option 2: CLI flag (ad-hoc)

Section titled “Option 2: CLI flag (ad-hoc)”

Pass extra roots at launch time:

Terminal window
npx omnodex dashboard --roots /path/to/other/.omnodex

Multiple paths can be space-separated: --roots /path/a /path/b.

How it works

Section titled “How it works”

Each root keeps its own event log (append-only JSONL files). The dashboard creates an EventLog reader per root, polls each independently for new sessions, and merges all events into a single SQLite read model ordered by timestamp. Each session is tagged with its source_root for filtering.

This is fully local with no network calls — it just reads from multiple directories on the same machine.

Dashboard Sections

Section titled “Dashboard Sections”

Event Timeline

Section titled “Event Timeline”

The main view shows a chronological list of all traced events. Each entry shows:

  • Timestamp
  • Event type (tool call, file access, network request, etc.)
  • Summary of what happened
  • Risk indicators if any rules fired

Click any event to expand its full context: the complete parameters, response, and any associated findings.

Risk Findings

Section titled “Risk Findings”

Filtered view showing only events where detection rules fired. Sorted by severity (critical first). Each finding includes:

  • The rule that triggered
  • Why it triggered (which part of the event matched)
  • The full event context
  • Risk level

Session Overview

Section titled “Session Overview”

High-level view of traced sessions:

  • Which agent was used (Claude Code, Codex)
  • Session duration
  • Number of tool calls
  • Number of findings by severity

Live Updates

Section titled “Live Updates”

The dashboard uses server-sent events (SSE) to update in real time. When an agent session is active:

  • New events appear as they happen
  • Risk findings surface immediately when detected
  • A LIVE/OFFLINE indicator shows connection status

No page refresh is needed. The dashboard streams updates as they occur.

Next Steps

Section titled “Next Steps”