Event Processing Deep Dive

Understand how agent events flow from emission to storage to API. Learn the CloudEvents pattern.

🎯 The Mission

The agent emits events as it works: findings discovered, leads generated, tools called. These events power the real-time UI timeline. Understanding this flow is essential for debugging and extending the platform.

Trace an event from agent emission to API response. Then add support for a new event type.

Event Flow Architecture

EVENT PIPELINE

┌─────────────────────────────────────────────────────────────────┐
│                         AGENT                                    │
│  emitter.emit_finding() → AgentEvent (Pydantic)                 │
└──────────────────────────────┬──────────────────────────────────┘
                               │ SNS Publish
                               ▼
┌─────────────────────────────────────────────────────────────────┐
│                       SNS TOPIC                                  │
│  agent-events-{env}                                             │
└──────────────────────────────┬──────────────────────────────────┘
                               │ SQS Subscribe
                               ▼
┌─────────────────────────────────────────────────────────────────┐
│                       SQS QUEUE                                  │
│  agent-events-queue-{env}                                       │
└──────────────────────────────┬──────────────────────────────────┘
                               │ Lambda/Worker polls
                               ▼
┌─────────────────────────────────────────────────────────────────┐
│                    EVENT PROCESSOR                               │
│  event_parser.py → parse_event() → ScanEvent model → DB        │
└──────────────────────────────┬──────────────────────────────────┘
                               │
                               ▼
┌─────────────────────────────────────────────────────────────────┐
│                      DATABASE                                    │
│  scan_event table (event_type, event_data JSONB)                │
└──────────────────────────────┬──────────────────────────────────┘
                               │
                               ▼
┌─────────────────────────────────────────────────────────────────┐
│                     API ENDPOINT                                 │
│  GET /v1/scans/{id}/events → ScanEventService → Response        │
└─────────────────────────────────────────────────────────────────┘

CloudEvents Standard

Tenzai events follow the CloudEvents specification:

{
    "type": "com.tenzai.agent.finding.new",
    "source": "agent/bonzai",
    "id": "uuid-here",
    "time": "2025-01-27T10:00:00Z",
    "data": {
        "finding_id": "...",
        "severity": "high",
        "title": "SQL Injection in login endpoint"
    }
}

Current Event Types

com.tenzai.agent.finding.new com.tenzai.agent.lead.new com.tenzai.agent.lead.update com.tenzai.agent.endpoint.new com.tenzai.agent.thought.new com.tenzai.agent.tool_call.new com.tenzai.agent.agent_scope.new com.tenzai.agent.task.new com.tenzai.agent.error.new

Exercise 1: Trace the Flow

Follow an event through the entire pipeline:

Find where emit_finding() is called in agent/events/
See how the event is serialized and published to SNS
Find the SQS consumer that processes incoming events
Trace through event_parser.py and discriminated unions
See how events are stored in scan_event table
Find how /v1/scans/{id}/events queries and returns them

Exercise 2: Add a New Event Type

Add a com.tenzai.agent.screenshot.new event for browser screenshots.

Step 1: Define the Event Schema (Agent Side)

In agent/events/schema/:

from pydantic import BaseModel

class ScreenshotEventData(BaseModel):
    screenshot_id: str
    url: str
    s3_key: str
    width: int
    height: int
    timestamp: datetime

Step 2: Add to Discriminated Union

# In the AgentEvent union
AgentEvent = Annotated[
    FindingEvent | LeadEvent | ... | ScreenshotEvent,
    Field(discriminator="type")
]

Step 3: Handle in Platform Parser

The event_parser.py should automatically handle it via the discriminator.

Step 4: Update API Response

In parse_event_for_api(), add any sanitization or transformation needed:

def parse_event_for_api(event_data: dict, usage: dict) -> dict:
    event_type = event_data.get("type", "")
    
    if event_type == "com.tenzai.agent.screenshot.new":
        # Maybe presign the S3 URL?
        return {
            **event_data,
            "data": {
                **event_data.get("data", {}),
                "presigned_url": presign_s3_key(event_data["data"]["s3_key"])
            }
        }
    
    # ... existing handlers

✓ Success Criteria

Can explain the full event flow from agent to API
Understand how Pydantic discriminators work for event typing
New event type is defined in agent schema
Parser correctly handles the new event type
API returns the new event type in timeline

📋 Progress Checklist

Read agent/events/emitter.py to understand emission

Find where events are published to SNS

Read platform/services/event_parser.py

Understand the discriminated union pattern

Trace GET /v1/scans/{id}/events endpoint

Define new ScreenshotEvent schema

Add to AgentEvent discriminated union

Update parse_event_for_api if needed

Write a test that parses the new event type

Stretch Goals

Add event filtering by type in the API
Implement event aggregation (e.g., count by type)
Add dead letter queue handling for failed events
Build a real-time WebSocket for event streaming

← Previous: Alembic Next: S3 File Handling →