Replaces the unbounded readFile in parseSessionFile with the 128 MB-capped
helper from src/fs-utils. Addresses MEDIUM-1 for the Claude provider
hot path.
Verbose-mode stderr output replaces the previous silent catch,
closing LOW-1 as a side effect.
Initialize the four breakdown maps (model, tool, mcp, bash) with null
prototype so attacker-controlled keys named __proto__ create own
properties on the map instead of mutating Object.prototype.
Closes the HIGH-1 finding from the 2026-04-16 external security audit.
Adds two new repeatable flags to all commands (report, today, month, status, export):
- --project <name>: include only projects matching name (substring, case-insensitive)
- --exclude <name>: exclude projects matching name (substring, case-insensitive)
Both flags can be specified multiple times to match multiple projects.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Reads session data from OpenCode's SQLite databases at
~/.local/share/opencode/. Reuses the existing better-sqlite3
adapter (same as Cursor), lazy-loaded so users without OpenCode
see no difference. Adds bashCommands to the provider interface
so shell command breakdowns work across all providers.
31 tests, schema validation, diagnostic stderr on failures.
Also fixes a pre-existing tsc error in currency.ts.
- Remove agent-*.jsonl exclusion filter that was dropping ~46% of API calls
- Scan subagents/ directories for subagent session files
- Normalize Codex token semantics: OpenAI includes cached tokens inside
input_tokens, subtract them to match Anthropic's separate reporting
- Fixes cost double-counting and 100% cache hit display for Codex users
readFile in parseSessionFile had no error handling. If a .jsonl file
is missing, has bad permissions, or gets deleted between readdir and
readFile, the whole process crashes with ENOENT. Now returns null
and skips the file.
Fixes#9
Detects edit/test/fix retry cycles (Edit -> Bash -> Edit) within each
turn. Shows 1-shot percentage in the By Activity panel for categories
that involve code edits. Updated screenshot and README.
Fixes#4
Tool results in JSONL are type:"user" entries with no text content.
groupIntoTurns was flushing on every type:"user" entry, creating
phantom turns that got classified as Conversation. Now only flush
when the user entry contains actual text.
Fixes#7
Scans ~/Library/Application Support/Claude/local-agent-mode-sessions/
for Desktop sessions in addition to ~/.claude/projects/. Same JSONL
format, just nested deeper. Cross-platform paths for macOS/Windows/Linux.
Interactive TUI dashboard for Claude Code token observability.
13-category task classifier, per-project/model/tool breakdowns,
gradient bar charts, SwiftBar menu bar widget, CSV/JSON export.
