I've been working on rewindtty, a lightweight terminal session recorder and replayer written in C. It works like script/scriptreplay, but outputs structured JSON and includes a browser-based player for replaying terminal sessions with timing, scrubbing, bookmarks, and more.
Until now, I was recording sessions command-by-command, capturing each shell command and its output separately. That made it easy to analyze sessions and index them by command.
However, I just introduced a new interactive mode, which behaves more like traditional script: it records raw terminal I/O in real-time via a PTY, capturing every character typed or displayed, including control sequences.
This is great for realism and full session fidelity (e.g. interactive tools like htop, vim, REPLs), but it makes command detection much harder — I'm no longer intercepting input at the shell level.
My question is: how can I extract actual commands from this raw PTY stream?
I'm aware it's tricky, but I'm wondering:
Has anyone tried parsing the ANSI stream to reconstruct command boundaries?
Is it possible to hook into the shell (bash, zsh, etc.) in real-time to intercept commands?
Are there shell options or audit features that can be leveraged in parallel to raw capture?
Any prior art or libraries I should look at?