Add end-of-run summary output to logira run #1
Description
Is your feature request related to a problem? Please describe.
Currently, after running a command with:
logira run -- <command>
users need to manually inspect the run using commands like:
logira view <run-id>
logira explain <run-id>
to understand what happened.
This creates friction for common cases where users only want a quick answer to questions like:
- How many events happened?
- Were any detections triggered?
- Which run should I inspect next?
Without a concise summary, users must always perform additional commands to determine whether anything noteworthy occurred.
Describe the solution you'd like
Display a concise summary automatically when logira run finishes.
Example:
[logira] run 20260314-153022-claude finished (2m34s)
events: 47 exec, 123 file, 18 net
detections: 2 found
- credential-read: ~/.aws/credentials (1 event)
- suspicious-exec: curl | sh pattern (1 event)
→ logira view 20260314-153022-claude
The summary should include:
- run ID
- run duration
- event counts by category (exec / file / net)
- detection count
- a small list of top detections
- a hint for the next command (
logira view)
Describe alternatives you've considered
Users can currently inspect runs using:
logira view
logira explain
logira query
However, these require additional manual steps and are inconvenient for quick inspection.
Another option would be a full TUI interface, but that would be a much larger change. A simple summary would already reduce friction significantly.
Additional context
This aligns well with logira's design as an observe-only auditing tool.
The summary would not replace existing review commands but would provide a quick overview to help users decide whether deeper inspection is necessary.