@qiaolei81/copilot-session-viewer 0.1.9 → 0.2.1

package/.nycrc

@@ -0,0 +1,29 @@
+{
+  "all": true,
+  "include": [
+    "server.js",
+    "src/**/*.js",
+    "public/**/*.js"
+  ],
+  "exclude": [
+    "**/*.test.js",
+    "**/__tests__/**",
+    "**/node_modules/**",
+    "coverage/**",
+    ".nyc_output/**",
+    "test-results/**",
+    "scripts/**",
+    "**/*.spec.js"
+  ],
+  "reporter": [
+    "text",
+    "text-summary",
+    "html",
+    "lcov"
+  ],
+  "report-dir": "./coverage/combined",
+  "temp-dir": "./.nyc_output",
+  "cache": true,
+  "sourceMap": false,
+  "instrument": false
+}

package/CHANGELOG.md

@@ -5,6 +5,54 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.2.1] - 2026-02-25
+
+### Changed
+- `.nyc_output/` and `coverage/` directories now properly ignored in `.gitignore`
+
+### Removed
+- NYC coverage intermediate files (`.nyc_output/`, 1.6 MB) from repository
+- Removed 28 coverage data files that should not be committed
+
+### Docs
+- Translated `lib/parsers/README.md` from Chinese to English for international contributors
+
+## [0.2.0] - 2026-02-25
+
+### Added
+- **Multi-Tool Support** - Full support for **Pi-Mono** sessions (now supports 3 tools: Copilot CLI, Claude Code, Pi-Mono)
+- **Agent Review for All Tools** - AI-powered session analysis now works for all 3 supported tools
+- **Pi-Mono Parser** - New `PiMonoSessionParser` with full strategy pattern implementation
+- **Unified Event Format** - All 3 tools now use consistent event schema across backend and frontend
+- **Backend-Generated Display Metadata** - Badge labels, source names, and display data generated in backend for consistency
+
+### Changed
+- **Default Filter to Copilot** - Homepage now defaults to Copilot filter instead of "All" (matches user behavior)
+- **Removed "All" Filter** - Simplified UI by removing the "All" filter option
+- **Type Transformation Strategy** - Backend now transforms event types for unified schema (Pi-Mono `message` → `assistant.message`)
+- **Tool Result Merging** - Pi-Mono tool results now properly merged into parent assistant messages
+- **Badge Logic Moved to Backend** - Frontend no longer generates badge labels (single source of truth)
+
+### Fixed
+- **Pi-Mono Agent Review Accuracy** - Fixed incorrect session data by explicitly specifying target file in prompt
+- **Timeline Rendering for Old Copilot Sessions** - Old CLI format now properly expands to `assistant.message` events for timeline
+- **Architecture Consistency** - Unified type transformation across all sources (no more "按了葫芦起了瓢")
+- **CI Upload Directory Race Condition** - Tests now create directories defensively before file operations
+- **Event Expansion Test Coverage** - Tests now verify `assistant.message` generation (frontend dependency)
+
+### Docs
+- **README Multi-Tool Emphasis** - Updated subtitle and descriptions to highlight multi-tool support
+- **lib/parsers Documentation** - Translated Chinese README to English for international contributors
+- **Project Cleanup** - Removed backup files (`time-analyze-v2.ejs`, `*.bak`) and 30 failed E2E test screenshot directories
+
+### Performance
+- **Agent Review Session Isolation** - Simplified from temporary directory approach to prompt-based file specification (6 lines vs 58 lines)
+
+### Architecture
+- **Strategy Pattern Complete** - All 3 parsers follow unified `BaseSessionParser` interface
+- **Backend Normalization** - `eventNormalizer.js` handles all format differences, frontend renders uniformly
+- **No Frontend Source Checks** - Frontend doesn't check `source` field, only renders normalized data
+
 ## [0.1.7] - 2026-02-16
 
 ### Changed

package/README.md

@@ -1,12 +1,14 @@
 # 🤖 Copilot Session Viewer
 
 [![npm version](https://img.shields.io/npm/v/@qiaolei81/copilot-session-viewer.svg)](https://www.npmjs.com/package/@qiaolei81/copilot-session-viewer)
+[![CI](https://github.com/qiaolei81/copilot-session-viewer/actions/workflows/ci.yml/badge.svg)](https://github.com/qiaolei81/copilot-session-viewer/actions/workflows/ci.yml)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 [![Node.js Version](https://img.shields.io/badge/node-%3E%3D18.0.0-brightgreen)](https://nodejs.org/)
 
-**AI-Powered Session Log Analysis Tool for GitHub Copilot CLI**
+**Multi-Tool Session Log Viewer & Analyzer**  
+View and analyze AI coding assistant sessions from **GitHub Copilot CLI**, **Claude Code CLI**, and **Pi-Mono** with time analysis, virtual scrolling, and AI-powered insights.
 
-A modern web-based viewer for analyzing GitHub Copilot CLI session logs with virtual scrolling, infinite loading, time analysis, and AI-powered insights.
+A modern web-based viewer for analyzing AI coding assistant session logs with virtual scrolling, infinite loading, time analysis, and AI-powered insights. Supports **GitHub Copilot CLI**, **Claude Code CLI**, and **Pi-Mono** sessions.
 
 ### Session List
 ![Session List](https://raw.githubusercontent.com/qiaolei81/copilot-session-viewer/main/docs/images/homepage.png)
@@ -39,7 +41,10 @@ copilot-session-viewer
 ### Requirements
 
 - Node.js ≥ 18.0.0
-- GitHub Copilot CLI (for generating session data)
+- At least one AI coding assistant (optional for generating sessions):
+  - [GitHub Copilot CLI](https://github.com/cli/cli) (recommended)
+  - [Claude Code CLI](https://github.com/anthropics/claude-code)
+  - [Pi-Mono](https://github.com/badlogic/pi-mono)
 
 ---
 
@@ -52,37 +57,53 @@ copilot-session-viewer
 - **🚀 Virtual Scrolling** - Handle 1000+ events smoothly
 - **♾️ Infinite Scroll** - Progressive session loading for better performance
 - **🤖 AI Insights** - LLM-powered session analysis
+- **🎭 Multi-Format Support** - Copilot, Claude Code, and Pi-Mono sessions
 
 ### 🎨 **User Experience**
 - **🌙 Dark Theme** - GitHub-inspired interface
 - **📱 Responsive** - Works on desktop, tablet, and mobile
 - **⚡ Fast** - Optimized virtual rendering and lazy loading
-- **🔐 Secure** - Local-first with no data sharing
+- **🔐 Secure** - Local-first with no data sharing, XSS protection, ZIP bomb defense
 
 ### 🛠️ **Technical Features**
 - **Vue 3** - Reactive virtual scrolling
 - **Express.js** - Robust backend API
-- **ZIP Import/Export** - Session sharing capabilities
-- **Multi-format Support** - Directory and JSONL sessions
+- **ZIP Import/Export** - Session sharing capabilities with security validation
+- **Multi-Source Support** - Copilot (`~/.copilot/session-state/`), Claude (`~/.claude/projects/`), Pi-Mono (`~/.pi/agent/sessions/`)
+- **Unified Event Format** - Consistent schema across all sources
+- **Memory Pagination** - Efficient handling of large sessions
+- **XSS Protection** - DOMPurify-based HTML sanitization
+- **ZIP Bomb Defense** - 4-layer protection (compressed size, uncompressed size, file count, depth)
 
 ---
 
 ## 🚀 How It Works
 
-1. **Generate Sessions** - Use GitHub Copilot CLI to create session logs
-2. **Auto-Discovery** - Sessions are automatically detected in `~/.copilot/session-state/`
+1. **Generate Sessions** - Use GitHub Copilot CLI, Claude Code CLI, or Pi-Mono to create session logs
+2. **Auto-Discovery** - Sessions are automatically detected from:
+   - Copilot: `~/.copilot/session-state/`
+   - Claude: `~/.claude/projects/`
+   - Pi-Mono: `~/.pi/agent/sessions/`
 3. **Browse & Analyze** - View sessions with infinite scroll and detailed event streams
 4. **Time Analysis** - Analyze turn durations, tool usage, and sub-agent performance
 5. **AI Insights** - Generate comprehensive session analysis with Copilot
 
 ```bash
-# Example: Generate a session with Copilot CLI
+# Example: Generate sessions with different tools
+
+# GitHub Copilot CLI
 copilot --model claude-sonnet-4.5 -p "Help me refactor this code"
 
+# Claude Code CLI
+claude -p "Implement user authentication"
+
+# Pi-Mono CLI
+pi -p "Create a REST API endpoint"
+
 # Start the viewer
 npx @qiaolei81/copilot-session-viewer
 
-# Browse sessions at http://localhost:3838
+# Browse all sessions at http://localhost:3838
 ```
 
 ---
@@ -97,6 +118,53 @@ npx @qiaolei81/copilot-session-viewer
 
 ---
 
+## 🧪 Testing & Quality
+
+This project includes comprehensive unit and E2E test coverage with CI/CD integration.
+
+### Test Coverage
+
+- **470+ Tests** (411 unit + 59 E2E)
+- **Unified Format Tests** - Mock data validation for all sources (Copilot, Claude, Pi-Mono)
+- **Security Tests** - XSS prevention, ZIP bomb defense
+- **Integration Tests** - Session import/export, file operations
+- **CI-Friendly** - Mock data generation for reproducible tests
+
+### Running Tests
+
+```bash
+# Unit tests only
+npm test
+
+# Unit tests with coverage
+npm run test:coverage
+
+# E2E tests only
+npm run test:e2e
+
+# Lint check
+npm run lint:check
+
+# Run all tests (unit + E2E)
+npm run test:all
+```
+
+### CI/CD Pipeline
+
+GitHub Actions workflow includes:
+1. **Linting** - ESLint code quality checks
+2. **Unit Tests** - 411 Jest tests with coverage
+3. **Mock Data Generation** - Reproducible test session fixtures
+4. **E2E Tests** - 59 Playwright tests with Chromium
+5. **Artifact Upload** - Test results on failure
+
+**Test Data Strategy:**
+- ✅ CI uses generated mock data (fast, reliable, no external dependencies)
+- ✅ Local development can use real sessions for integration testing
+- ✅ Fixtures cover all event formats (Copilot, Claude, Pi-Mono)
+
+---
+
 ## 🏗️ Architecture
 
 ```
@@ -105,23 +173,84 @@ npx @qiaolei81/copilot-session-viewer
 │  • Virtual Scroller (vue-virtual-scroller)      │
 │  • Infinite Scroll (JavaScript)                 │
 │  • GitHub-inspired Dark Theme                   │
+│  • XSS Protection (DOMPurify)                   │
 └─────────────────────────────────────────────────┘
                       ↕ HTTP/API
 ┌─────────────────────────────────────────────────┐
 │  Backend (Node.js + Express)                    │
-│  • Session Repository & File Watcher            │
+│  • Multi-Source Session Repository              │
+│  • Unified Event Format Normalizer              │
 │  • JSONL Streaming Parser                       │
 │  • Paginated API Endpoints                      │
+│  • ZIP Import/Export with Security Validation   │
 └─────────────────────────────────────────────────┘
                       ↕ File System
 ┌─────────────────────────────────────────────────┐
-│  Data Layer (~/.copilot/session-state/)         │
-│  • events.jsonl (event streams)                 │
-│  • workspace.yaml (metadata)                    │
-│  • copilot-insight.md (AI analysis)              │
+│  Data Layer (Multi-Source)                      │
+│  • Copilot: ~/.copilot/session-state/           │
+│  • Claude:  ~/.claude/projects/                 │
+│  • Pi-Mono: ~/.pi/agent/sessions/               │
 └─────────────────────────────────────────────────┘
 ```
 
+### Unified Event Format
+
+All session sources are normalized to a consistent schema:
+
+```javascript
+{
+  type: 'assistant.message',
+  timestamp: '2026-02-23T00:00:00.000Z',
+  data: {
+    message: 'Response text',
+    tools: [
+      {
+        id: 'tool-001',
+        name: 'read',
+        startTime: '2026-02-23T00:00:01.000Z',
+        endTime: '2026-02-23T00:00:02.000Z',
+        status: 'completed',
+        input: { path: 'file.js' },
+        result: { content: '...' },
+        error: null,
+        metadata: {
+          source: 'copilot',  // or 'claude', 'pi-mono'
+          duration: 1000
+        }
+      }
+    ]
+  }
+}
+```
+
+**Benefits:**
+- ✅ Consistent UI rendering across all sources
+- ✅ Simplified frontend logic
+- ✅ Easy to add new sources
+
+---
+
+## 🔒 Security
+
+### XSS Protection
+- **DOMPurify Sanitization** - All user-generated content is sanitized before rendering
+- **Whitelist-based** - Only safe HTML tags and attributes are allowed
+- **JavaScript URL Protection** - Blocks `javascript:`, `data:`, and `onclick` handlers
+- **Tested** - Comprehensive E2E tests for XSS attack vectors
+
+### ZIP Bomb Defense
+4-layer protection against malicious archives:
+1. **Compressed Size Limit** - 50 MB max upload
+2. **Uncompressed Size Limit** - 200 MB max expansion
+3. **File Count Limit** - 1000 files max
+4. **Directory Depth Limit** - 5 levels max
+
+### Local-First Design
+- No external API calls for session data
+- All processing happens locally
+- Optional AI insights require user action
+- No telemetry or tracking
+
 ---
 
 ## 🎯 Use Cases
@@ -172,6 +301,16 @@ MIT License - see [LICENSE](LICENSE) file for details
 - [vue-virtual-scroller](https://github.com/Akryum/vue-virtual-scroller) - High-performance virtual scrolling
 - [Express.js](https://expressjs.com/) - Web application framework
 - [EJS](https://ejs.co/) - Templating engine
+- [DOMPurify](https://github.com/cure53/DOMPurify) - XSS protection
+- [Playwright](https://playwright.dev/) - E2E testing
+
+**Recent Updates (v0.1.9+):**
+- ✨ Multi-source support (Copilot, Claude, Pi-Mono)
+- 🔒 XSS protection with DOMPurify
+- 🛡️ ZIP bomb defense (4-layer validation)
+- 📄 Memory pagination API
+- 🧪 470+ tests with CI/CD integration
+- 📚 Comprehensive documentation
 
 ---
 

package/examples/parser-usage.js

@@ -0,0 +1,114 @@
+const { ParserFactory } = require('../lib/parsers');
+
+// Example: Parse Copilot CLI session
+function parseCopilotSession() {
+  const copilotEvents = [
+    {
+      type: 'session.start',
+      data: {
+        sessionId: '12345',
+        startTime: '2026-02-20T00:00:00Z',
+        selectedModel: 'claude-sonnet-4.5',
+        copilotVersion: '0.0.411',
+        context: {
+          cwd: '/path/to/project',
+          branch: 'main'
+        }
+      },
+      id: 'evt-1',
+      timestamp: '2026-02-20T00:00:00Z'
+    },
+    {
+      type: 'user.message',
+      data: {
+        content: 'Hello',
+        transformedContent: 'Hello'
+      },
+      id: 'evt-2',
+      timestamp: '2026-02-20T00:00:01Z',
+      parentId: 'evt-1'
+    },
+    {
+      type: 'assistant.message',
+      data: {
+        messageId: 'msg-1',
+        content: 'Hi there!',
+        toolRequests: []
+      },
+      id: 'evt-3',
+      timestamp: '2026-02-20T00:00:02Z',
+      parentId: 'evt-2'
+    }
+  ];
+
+  const factory = new ParserFactory();
+  const result = factory.parse(copilotEvents);
+  
+  console.log('=== Copilot Session ===');
+  console.log('Parser type:', factory.getParserType(copilotEvents));
+  console.log('Metadata:', JSON.stringify(result.metadata, null, 2));
+  console.log('Turns:', result.turns.length);
+  console.log('First turn:', JSON.stringify(result.turns[0], null, 2));
+}
+
+// Example: Parse Claude Code session
+function parseClaudeSession() {
+  const claudeEvents = [
+    {
+      type: 'user',
+      uuid: 'uuid-1',
+      parentUuid: null,
+      sessionId: 'session-123',
+      timestamp: '2026-02-20T00:00:00Z',
+      cwd: '/path/to/project',
+      gitBranch: 'main',
+      version: '2.1.42',
+      message: {
+        role: 'user',
+        content: 'Analyze this code'
+      }
+    },
+    {
+      type: 'assistant',
+      uuid: 'uuid-2',
+      parentUuid: 'uuid-1',
+      sessionId: 'session-123',
+      timestamp: '2026-02-20T00:00:01Z',
+      message: {
+        id: 'msg-1',
+        role: 'assistant',
+        model: 'claude-opus-4.6',
+        content: [
+          { type: 'text', text: "I'll analyze the code." },
+          {
+            type: 'tool_use',
+            id: 'tool-1',
+            name: 'read_file',
+            input: { path: 'src/main.js' }
+          }
+        ]
+      }
+    }
+  ];
+
+  const factory = new ParserFactory();
+  const result = factory.parse(claudeEvents);
+  
+  console.log('\n=== Claude Code Session ===');
+  console.log('Parser type:', factory.getParserType(claudeEvents));
+  console.log('Metadata:', JSON.stringify(result.metadata, null, 2));
+  console.log('Turns:', result.turns.length);
+  console.log('First turn:', JSON.stringify(result.turns[0], null, 2));
+  console.log('Tool calls:', result.toolCalls.length);
+}
+
+// Run examples
+if (require.main === module) {
+  parseCopilotSession();
+  parseClaudeSession();
+}
+
+module.exports = {
+  parseCopilotSession,
+  parseClaudeSession
+};

package/lib/parsers/README.md

@@ -0,0 +1,239 @@
+# Session Event Parsers
+
+Strategy pattern implementation for parsing session events from multiple formats.
+
+## Architecture
+
+```
+lib/parsers/
+├── base-parser.js       # Base parser interface
+├── copilot-parser.js    # Copilot CLI format parser
+├── claude-parser.js     # Claude Code format parser
+├── pi-mono-parser.js    # Pi-Mono format parser
+├── parser-factory.js    # Parser factory (auto-detection)
+└── index.js             # Export all parsers
+```
+
+## Design Pattern
+
+### Strategy Pattern
+
+- **Strategy Interface**: `BaseSessionParser` defines methods all parsers must implement
+- **Concrete Strategies**: `CopilotSessionParser`, `ClaudeSessionParser`, `PiMonoSessionParser` implement specific parsing logic
+- **Context**: `ParserFactory` automatically selects the appropriate strategy
+
+### Benefits
+
+1. **Extensible**: Add new formats by simply implementing `BaseSessionParser`
+2. **Decoupled**: Parsing logic is separated from consumers
+3. **Auto-detection**: `ParserFactory` automatically identifies formats
+4. **Unified Interface**: Different formats output the same data structure
+
+## Usage
+
+### Auto-detect Format
+
+```javascript
+const { ParserFactory } = require('./lib/parsers');
+
+const events = [...]; // Events read from jsonl
+const factory = new ParserFactory();
+
+// Auto-detect and parse
+const result = factory.parse(events);
+
+// Get parser type
+const parserType = factory.getParserType(events); // 'copilot', 'claude', or 'pi-mono'
+```
+
+### Use Specific Parser Directly
+
+```javascript
+const { CopilotSessionParser, ClaudeSessionParser, PiMonoSessionParser } = require('./lib/parsers');
+
+// Copilot CLI
+const copilotParser = new CopilotSessionParser();
+if (copilotParser.canParse(events)) {
+  const result = copilotParser.parse(events);
+}
+
+// Claude Code
+const claudeParser = new ClaudeSessionParser();
+if (claudeParser.canParse(events)) {
+  const result = claudeParser.parse(events);
+}
+
+// Pi-Mono
+const piMonoParser = new PiMonoSessionParser();
+if (piMonoParser.canParse(events)) {
+  const result = piMonoParser.parse(events);
+}
+```
+
+## Unified Output Format
+
+All parsers output the same data structure:
+
+```javascript
+{
+  metadata: {
+    sessionId: "...",
+    startTime: "...",
+    model: "...",
+    version: "...",
+    cwd: "...",
+    branch: "...",
+    // ...
+  },
+  turns: [
+    {
+      turnId: "...",
+      userMessage: {
+        id: "...",
+        content: "...",
+        timestamp: "..."
+      },
+      assistantMessages: [
+        {
+          id: "...",
+          content: "...",
+          toolRequests: [...],
+          timestamp: "..."
+        }
+      ],
+      toolCalls: [...]
+    }
+  ],
+  toolCalls: [...],
+  allEvents: [...] // Raw events
+}
+```
+
+## Supported Formats
+
+### 1. Copilot CLI Format
+
+**Characteristics:**
+- Event types: `session.start`, `user.message`, `assistant.message`, `tool.execution_start`
+- Structure: `{type, data: {...}, id, parentId}`
+- Tree relationship: Connected via `parentId`
+
+**Example:**
+```json
+{
+  "type": "session.start",
+  "data": {
+    "sessionId": "...",
+    "selectedModel": "claude-sonnet-4.5"
+  },
+  "id": "...",
+  "timestamp": "..."
+}
+```
+
+### 2. Claude Code Format
+
+**Characteristics:**
+- Event types: `user`, `assistant`, `file-history-snapshot`, `queue-operation`
+- Structure: `{type, uuid, parentUuid, message: {...}}`
+- Tree relationship: Connected via `parentUuid`
+
+**Example:**
+```json
+{
+  "type": "user",
+  "uuid": "...",
+  "parentUuid": null,
+  "sessionId": "...",
+  "message": {
+    "role": "user",
+    "content": "..."
+  }
+}
+```
+
+### 3. Pi-Mono Format
+
+**Characteristics:**
+- Event types: `message` (with role), `model_change`, `thinking_change`
+- Structure: `{type, role, message, toolResult, timestamp}`
+- Flat structure with parentId linkage for tool results
+
+**Example:**
+```json
+{
+  "type": "message",
+  "role": "user",
+  "message": "...",
+  "timestamp": "...",
+  "id": "..."
+}
+```
+
+## Adding New Formats
+
+1. Extend `BaseSessionParser`
+2. Implement all required methods
+3. Register in `ParserFactory`
+
+```javascript
+const BaseSessionParser = require('./base-parser');
+
+class MyCustomParser extends BaseSessionParser {
+  canParse(events) {
+    // Detection logic
+    return events.some(e => e.customField);
+  }
+
+  parse(events) {
+    return {
+      metadata: this.getMetadata(events),
+      turns: this.extractTurns(events),
+      toolCalls: this.extractToolCalls(events),
+      allEvents: events
+    };
+  }
+
+  getMetadata(events) { /* ... */ }
+  extractTurns(events) { /* ... */ }
+  extractToolCalls(events) { /* ... */ }
+}
+
+// Add to parser-factory.js
+this.parsers.push(new MyCustomParser());
+```
+
+## Testing
+
+Run example:
+```bash
+node examples/parser-usage.js
+```
+
+## API Documentation
+
+### BaseSessionParser
+
+Base class for all parsers.
+
+#### Methods
+
+- `canParse(events)` - Check if this format can be parsed
+- `parse(events)` - Parse events and return unified format
+- `getMetadata(events)` - Extract session metadata
+- `extractTurns(events)` - Extract conversation turns
+- `extractToolCalls(events)` - Extract tool calls
+
+### ParserFactory
+
+Parser factory for automatic format detection.
+
+#### Methods
+
+- `getParser(events)` - Return appropriate parser instance
+- `parse(events)` - Auto-detect and parse
+- `getParserType(events)` - Return parser type name
+
+## License
+
+MIT