@zzusp/ccsm 1.0.0

package/dist/favicon.svg

@@ -0,0 +1,7 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32">
+  <rect width="32" height="32" rx="7" fill="#d18a3a"/>
+  <g fill="none" stroke="#fdf6ec" stroke-width="2.4" stroke-linecap="round">
+    <path d="M23 10A8 8 0 1 0 23 22"/>
+    <path d="M19 13a4.5 4.5 0 1 0 0 6" opacity="0.55"/>
+  </g>
+</svg>

package/dist/index.html

@@ -0,0 +1,30 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta name="color-scheme" content="light dark" />
+    <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
+    <title>Claude Sessions · archive</title>
+    <script>
+      // Theme bootstrapping — runs before React mounts to prevent FOUC
+      (function () {
+        try {
+          var saved = localStorage.getItem("theme");
+          var prefersDark = window.matchMedia("(prefers-color-scheme: dark)").matches;
+          var dark = saved ? saved === "dark" : prefersDark;
+          if (dark) document.documentElement.classList.add("dark");
+        } catch (_) {}
+      })();
+    </script>
+    <script type="module" crossorigin src="/assets/index-DLATR3tZ.js"></script>
+    <link rel="modulepreload" crossorigin href="/assets/react-W0jzChlo.js">
+    <link rel="modulepreload" crossorigin href="/assets/query-C1K1uQRu.js">
+    <link rel="modulepreload" crossorigin href="/assets/router-DfbutHY3.js">
+    <link rel="modulepreload" crossorigin href="/assets/vendor-CH80ylbS.js">
+    <link rel="stylesheet" crossorigin href="/assets/index-DLDtbkux.css">
+  </head>
+  <body class="antialiased">
+    <div id="root"></div>
+  </body>
+</html>

package/package.json

@@ -0,0 +1,72 @@
+{
+  "name": "@zzusp/ccsm",
+  "version": "1.0.0",
+  "description": "Local web UI to view and clean up Claude Code session history (~/.claude/)",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/zzusp/claude-code-session.git"
+  },
+  "homepage": "https://github.com/zzusp/claude-code-session#readme",
+  "bugs": "https://github.com/zzusp/claude-code-session/issues",
+  "type": "module",
+  "engines": {
+    "node": ">=22"
+  },
+  "bin": {
+    "ccsm": "bin/cli.mjs"
+  },
+  "files": [
+    "bin/",
+    "server/",
+    "shared/",
+    "dist/",
+    "README.md",
+    "LICENSE"
+  ],
+  "keywords": [
+    "claude",
+    "claude-code",
+    "anthropic",
+    "session-manager",
+    "cli"
+  ],
+  "publishConfig": {
+    "access": "public",
+    "registry": "https://registry.npmjs.org/"
+  },
+  "scripts": {
+    "dev": "concurrently -k -n server,web -c blue,magenta \"npm:dev:server\" \"npm:dev:web\"",
+    "dev:server": "node --import tsx --watch server/index.ts",
+    "dev:web": "node scripts/wait-for-server.mjs && vite",
+    "build": "vite build",
+    "start": "tsx server/index.ts",
+    "typecheck": "tsc -b",
+    "prepublishOnly": "npm run build"
+  },
+  "dependencies": {
+    "@fontsource-variable/geist-mono": "^5.2.7",
+    "@fontsource-variable/plus-jakarta-sans": "^5.2.8",
+    "@hono/node-server": "^1.13.7",
+    "@tanstack/react-query": "^5.62.7",
+    "hono": "^4.6.14",
+    "motion": "^12.38.0",
+    "react": "^19.0.0",
+    "react-dom": "^19.0.0",
+    "react-router-dom": "^7.1.1",
+    "recharts": "^2.15.0",
+    "tsx": "^4.19.2"
+  },
+  "devDependencies": {
+    "@tailwindcss/vite": "^4.0.0",
+    "@types/node": "^22.10.5",
+    "@types/react": "^19.0.2",
+    "@types/react-dom": "^19.0.2",
+    "@vitejs/plugin-react": "^4.3.4",
+    "concurrently": "^9.1.2",
+    "playwright": "^1.59.1",
+    "tailwindcss": "^4.0.0",
+    "typescript": "^5.7.2",
+    "vite": "^6.0.7"
+  }
+}

package/server/index.ts

@@ -0,0 +1,126 @@
+import { serve } from '@hono/node-server';
+import { serveStatic } from '@hono/node-server/serve-static';
+import { Hono } from 'hono';
+import { spawn } from 'node:child_process';
+import fs from 'node:fs';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { parseArgs } from 'node:util';
+import { PATHS } from './lib/claude-paths.ts';
+import { findAvailablePort } from './lib/port.ts';
+import { diskRoute } from './routes/disk.ts';
+import { importRoute } from './routes/import.ts';
+import { projectsRoute } from './routes/projects.ts';
+import { searchRoute } from './routes/search.ts';
+import { sessionsRoute } from './routes/sessions.ts';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const projectRoot = path.resolve(__dirname, '..');
+const distDir = path.join(projectRoot, 'dist');
+
+const PORT_RANGE_START = 3131;
+const PORT_RANGE_END = 3140;
+const DEFAULT_HOST = '127.0.0.1';
+
+const app = new Hono();
+
+app.onError((err, c) => {
+  console.error('[server] unhandled error', err);
+  if (c.req.path.startsWith('/api/')) {
+    return c.json({ error: err.message || 'internal error' }, 500);
+  }
+  return c.text('internal error', 500);
+});
+
+app.get('/api/health', (c) =>
+  c.json({
+    ok: true,
+    claudeRoot: PATHS.root,
+    claudeRootExists: fs.existsSync(PATHS.root),
+    platform: process.platform,
+    node: process.version,
+    pid: process.pid,
+  }),
+);
+
+app.route('/api/projects', projectsRoute);
+app.route('/api/sessions', sessionsRoute);
+app.route('/api/disk-usage', diskRoute);
+app.route('/api/search', searchRoute);
+app.route('/api/import', importRoute);
+
+if (fs.existsSync(distDir)) {
+  app.use('/*', serveStatic({ root: path.relative(process.cwd(), distDir) || '.' }));
+  app.get('*', serveStatic({ path: path.relative(process.cwd(), path.join(distDir, 'index.html')) }));
+}
+
+function parseCliArgs() {
+  try {
+    return parseArgs({
+      args: process.argv.slice(2),
+      options: {
+        port: { type: 'string', short: 'p' },
+        host: { type: 'string' },
+        open: { type: 'boolean', short: 'o' },
+      },
+    });
+  } catch (err) {
+    console.error(`[server] ${(err as Error).message}`);
+    console.error('[server] run "ccsm --help" for usage');
+    process.exit(1);
+  }
+}
+
+const { values } = parseCliArgs();
+const host = values.host ?? DEFAULT_HOST;
+const isLoopback = host === '127.0.0.1' || host === 'localhost' || host === '::1';
+
+let port: number;
+if (values.port !== undefined) {
+  const requested = Number(values.port);
+  if (!Number.isInteger(requested) || requested < 1 || requested > 65535) {
+    console.error(`[server] invalid --port "${values.port}" (expected an integer 1..65535)`);
+    process.exit(1);
+  }
+  try {
+    port = await findAvailablePort(requested, requested, host);
+  } catch {
+    console.error(`[server] port ${requested} on ${host} is already in use`);
+    process.exit(1);
+  }
+} else {
+  port = await findAvailablePort(PORT_RANGE_START, PORT_RANGE_END, host);
+}
+
+serve({ fetch: app.fetch, hostname: host, port }, (info) => {
+  console.log(`[server] listening on http://${info.address}:${info.port}`);
+  console.log(`[server] claudeRoot = ${PATHS.root}`);
+  if (!isLoopback) {
+    console.warn(
+      `[server] WARNING: bound to ${host} (not loopback). The UI is now reachable from your network ` +
+        `and has NO authentication — anyone who can reach this host:port can read and delete your ` +
+        `Claude Code history. Only do this on a network you trust.`,
+    );
+  }
+  if (!fs.existsSync(distDir)) {
+    console.log('[server] dist/ not built yet — run "npm run build" (or open the Vite dev server: npm run dev:web)');
+  }
+  if (values.open) {
+    const browseHost = isLoopback ? (host === '::1' ? '[::1]' : host) : 'localhost';
+    openInBrowser(`http://${browseHost}:${info.port}`);
+  }
+});
+
+function openInBrowser(url: string): void {
+  let cmd: string;
+  if (process.platform === 'win32') cmd = 'explorer.exe';
+  else if (process.platform === 'darwin') cmd = 'open';
+  else cmd = 'xdg-open';
+  try {
+    const child = spawn(cmd, [url], { detached: true, stdio: 'ignore' });
+    child.on('error', (err) => console.error('[server] could not open browser:', err.message));
+    child.unref();
+  } catch (err) {
+    console.error('[server] could not open browser:', (err as Error).message);
+  }
+}

package/server/lib/active-sessions.ts

@@ -0,0 +1,95 @@
+import { execFileSync } from 'node:child_process';
+import fs from 'node:fs';
+import path from 'node:path';
+import { PATHS } from './claude-paths.ts';
+
+export interface ActivePidEntry {
+  pid: number;
+  sessionId: string;
+  cwd: string;
+  alive: boolean;
+  /** Absolute path to the PID file we read this entry from. */
+  sourceFile: string;
+}
+
+export function isPidAlive(pid: number): boolean {
+  if (!Number.isFinite(pid) || pid <= 0) return false;
+  if (process.platform === 'win32') {
+    try {
+      const out = execFileSync(
+        'tasklist',
+        ['/FI', `PID eq ${pid}`, '/NH', '/FO', 'CSV'],
+        { encoding: 'utf8', stdio: ['ignore', 'pipe', 'ignore'] },
+      );
+      return out.toLowerCase().includes(`"${pid}"`);
+    } catch {
+      return false;
+    }
+  }
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch (err) {
+    return (err as NodeJS.ErrnoException).code === 'EPERM';
+  }
+}
+
+/**
+ * Windows: enumerate every running PID with one `tasklist` call.
+ * Each call is ~400-700ms; doing it once instead of per-PID turns the
+ * cost from O(N×tasklist) into O(1×tasklist) for `readActivePidEntries`.
+ */
+function listAlivePidsWindows(): Set<number> {
+  const set = new Set<number>();
+  try {
+    const out = execFileSync('tasklist', ['/NH', '/FO', 'CSV'], {
+      encoding: 'utf8',
+      stdio: ['ignore', 'pipe', 'ignore'],
+    });
+    for (const line of out.split(/\r?\n/)) {
+      // Format: "Image Name","PID","Session Name","Session#","Mem Usage"
+      const m = line.match(/^"[^"]*","(\d+)"/);
+      if (m) set.add(Number(m[1]));
+    }
+  } catch {
+    /* return whatever we have; callers treat unknown PIDs as dead */
+  }
+  return set;
+}
+
+export function readActivePidEntries(): ActivePidEntry[] {
+  if (!fs.existsSync(PATHS.sessions)) return [];
+  const alivePids = process.platform === 'win32' ? listAlivePidsWindows() : null;
+  const entries: ActivePidEntry[] = [];
+  for (const name of fs.readdirSync(PATHS.sessions)) {
+    if (!name.endsWith('.json')) continue;
+    const full = path.join(PATHS.sessions, name);
+    try {
+      const obj = JSON.parse(fs.readFileSync(full, 'utf8')) as {
+        pid?: number;
+        sessionId?: string;
+        cwd?: string;
+      };
+      if (typeof obj.pid !== 'number' || typeof obj.sessionId !== 'string') continue;
+      const alive = alivePids ? alivePids.has(obj.pid) : isPidAlive(obj.pid);
+      entries.push({
+        pid: obj.pid,
+        sessionId: obj.sessionId,
+        cwd: typeof obj.cwd === 'string' ? obj.cwd : '',
+        alive,
+        sourceFile: full,
+      });
+    } catch {
+      // skip malformed PID files
+    }
+  }
+  return entries;
+}
+
+export function buildActiveSessionMap(): Map<string, number> {
+  const map = new Map<string, number>();
+  for (const e of readActivePidEntries()) {
+    if (e.alive) map.set(e.sessionId, e.pid);
+  }
+  return map;
+}

package/server/lib/bundle.ts

@@ -0,0 +1,86 @@
+import crypto from 'node:crypto';
+import fs from 'node:fs';
+import readline from 'node:readline';
+
+/**
+ * The literal placeholder that stands in for the project root inside a bundle.
+ * Export replaces the device-specific absolute path with this; import swaps it
+ * back to the local target path. Single-quoted on purpose — it is a literal
+ * string, NOT a template interpolation.
+ */
+export const SENTINEL = '${CLAUDE_PROJECT_ROOT}';
+
+/**
+ * Rewrite a single top-level string field of a JSONL line, only when its value
+ * exactly equals `fromValue`. Lines that don't carry the field (the fast path),
+ * fail to parse, or hold a different value pass through byte-for-byte unchanged —
+ * so message bodies and unrelated records are never touched. Re-serialization
+ * via JSON.stringify changes key order/whitespace only, which is semantically
+ * irrelevant to every consumer (Claude Code and this app both re-parse).
+ */
+export function rewriteLineField(
+  raw: string,
+  field: string,
+  fromValue: string,
+  toValue: string,
+): string {
+  if (!raw.includes(`"${field}"`)) return raw;
+  let obj: Record<string, unknown>;
+  try {
+    obj = JSON.parse(raw) as Record<string, unknown>;
+  } catch {
+    return raw;
+  }
+  if (obj[field] !== fromValue) return raw;
+  obj[field] = toValue;
+  return JSON.stringify(obj);
+}
+
+/**
+ * Stream a JSONL/NDJSON file line-by-line, rewriting `field` from `fromValue` to
+ * `toValue` where present, into `destPath`. Never slurps the whole file. Returns
+ * the line count and the sha256 of the exact bytes written. Blank lines are
+ * dropped (they carry no record).
+ */
+export async function transformFile(
+  srcPath: string,
+  destPath: string,
+  field: string,
+  fromValue: string,
+  toValue: string,
+): Promise<{ lines: number; sha256: string }> {
+  const hash = crypto.createHash('sha256');
+  const out = fs.createWriteStream(destPath, { encoding: 'utf8' });
+  const rl = readline.createInterface({
+    input: fs.createReadStream(srcPath, { encoding: 'utf8' }),
+    crlfDelay: Infinity,
+  });
+
+  let lines = 0;
+  try {
+    for await (const raw of rl) {
+      if (!raw) continue;
+      const chunk = rewriteLineField(raw, field, fromValue, toValue) + '\n';
+      hash.update(chunk);
+      out.write(chunk);
+      lines += 1;
+    }
+    await new Promise<void>((resolve, reject) => {
+      out.end((err?: Error | null) => (err ? reject(err) : resolve()));
+    });
+  } catch (err) {
+    out.destroy();
+    throw err;
+  }
+
+  return { lines, sha256: hash.digest('hex') };
+}
+
+export function sha256(data: string | Buffer): string {
+  return crypto.createHash('sha256').update(data).digest('hex');
+}
+
+/** sha256 of a file's raw bytes. For small files (memory entries); sync read. */
+export function sha256File(p: string): string {
+  return sha256(fs.readFileSync(p));
+}

package/server/lib/claude-paths.ts

@@ -0,0 +1,36 @@
+import os from 'node:os';
+import path from 'node:path';
+
+const claudeRoot = path.join(os.homedir(), '.claude');
+
+export const PATHS = {
+  root: claudeRoot,
+  projects: path.join(claudeRoot, 'projects'),
+  fileHistory: path.join(claudeRoot, 'file-history'),
+  sessionEnv: path.join(claudeRoot, 'session-env'),
+  sessions: path.join(claudeRoot, 'sessions'),
+  history: path.join(claudeRoot, 'history.jsonl'),
+} as const;
+
+const isWin = process.platform === 'win32';
+
+function normalizeForCompare(p: string): string {
+  const resolved = path.resolve(p);
+  return isWin ? resolved.toLowerCase() : resolved;
+}
+
+const claudeRootNorm = normalizeForCompare(claudeRoot);
+
+export function isUnderClaudeRoot(target: string): boolean {
+  const norm = normalizeForCompare(target);
+  return norm === claudeRootNorm || norm.startsWith(claudeRootNorm + path.sep);
+}
+
+export function getCacheDir(): string {
+  const env = process.env;
+  const base =
+    env.XDG_CACHE_HOME ??
+    env.LOCALAPPDATA ??
+    path.join(os.homedir(), '.cache');
+  return path.join(base, 'claude-session-viewer');
+}

package/server/lib/constants.ts

@@ -0,0 +1,7 @@
+export {
+  MAX_SESSION_MESSAGES,
+  RECENT_ACTIVITY_WINDOW_MIN,
+} from '../../shared/constants.ts';
+import { RECENT_ACTIVITY_WINDOW_MIN } from '../../shared/constants.ts';
+
+export const RECENT_ACTIVITY_WINDOW_MS = RECENT_ACTIVITY_WINDOW_MIN * 60 * 1000;

package/server/lib/delete-project.ts

@@ -0,0 +1,100 @@
+import fs from 'node:fs';
+import path from 'node:path';
+import { buildActiveSessionMap } from './active-sessions.ts';
+import { isUnderClaudeRoot, PATHS } from './claude-paths.ts';
+import { RECENT_ACTIVITY_WINDOW_MS } from './constants.ts';
+import { deleteSessions } from './delete.ts';
+import { isSafeId } from './safe-id.ts';
+import type { DeleteProjectResult, SkippedItem } from '../types.ts';
+
+const JSONL_EXT = '.jsonl';
+
+export async function deleteProject(projectId: string): Promise<DeleteProjectResult> {
+  if (!isSafeId(projectId)) {
+    return {
+      deleted: [],
+      skipped: [{ projectId, sessionId: '', reason: 'invalid project id' }],
+      historyLinesRemoved: 0,
+      projectDirRemoved: false,
+    };
+  }
+
+  const projectDir = path.join(PATHS.projects, projectId);
+  if (!isUnderClaudeRoot(projectDir)) {
+    return {
+      deleted: [],
+      skipped: [{ projectId, sessionId: '', reason: 'path escapes ~/.claude' }],
+      historyLinesRemoved: 0,
+      projectDirRemoved: false,
+    };
+  }
+  if (!fs.existsSync(projectDir)) {
+    return {
+      deleted: [],
+      skipped: [{ projectId, sessionId: '', reason: 'project directory does not exist' }],
+      historyLinesRemoved: 0,
+      projectDirRemoved: false,
+    };
+  }
+
+  const sessionIds: string[] = [];
+  for (const ent of fs.readdirSync(projectDir, { withFileTypes: true })) {
+    if (ent.isFile() && ent.name.endsWith(JSONL_EXT)) {
+      sessionIds.push(ent.name.slice(0, -JSONL_EXT.length));
+    }
+  }
+
+  // All-or-nothing precheck: refuse to touch any session if even one is live or
+  // recently active. Confirmed by the user — partial deletes leave the project
+  // half-cleared, which is more confusing than a clean "try again later".
+  const liveMap = buildActiveSessionMap();
+  const blockers: SkippedItem[] = [];
+  for (const sid of sessionIds) {
+    if (liveMap.has(sid)) {
+      blockers.push({
+        projectId,
+        sessionId: sid,
+        reason: `live PID ${liveMap.get(sid)} owns this session`,
+      });
+      continue;
+    }
+    const jsonlPath = path.join(projectDir, `${sid}${JSONL_EXT}`);
+    try {
+      if (Date.now() - fs.statSync(jsonlPath).mtimeMs < RECENT_ACTIVITY_WINDOW_MS) {
+        blockers.push({
+          projectId,
+          sessionId: sid,
+          reason: 'jsonl modified within the last 5 minutes — could still be in use',
+        });
+      }
+    } catch {
+      /* missing file is fine — deleteSessions will skip it */
+    }
+  }
+
+  if (blockers.length > 0) {
+    return {
+      deleted: [],
+      skipped: blockers,
+      historyLinesRemoved: 0,
+      projectDirRemoved: false,
+    };
+  }
+
+  const result = await deleteSessions(
+    sessionIds.map((sessionId) => ({ projectId, sessionId })),
+  );
+
+  let projectDirRemoved = false;
+  if (result.skipped.length === 0) {
+    try {
+      // Recursive remove also catches any orphan subdirs whose .jsonl was missing.
+      fs.rmSync(projectDir, { recursive: true, force: true });
+      projectDirRemoved = true;
+    } catch {
+      /* leave dir for manual cleanup */
+    }
+  }
+
+  return { ...result, projectDirRemoved };
+}