agent-tracer 0.2.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 hashika-kalisetty
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,100 @@
+# agent-trace
+
+A browser-based trace viewer for Claude Code. Shows a live tree of agents, subagents, tool calls, tokens, and cost as Claude works. Sessions are persisted across restarts.
+
+## Requirements
+
+- Node.js 18+
+- Claude Code CLI
+
+## Setup
+
+**Option 1: From source**
+
+```bash
+git clone https://github.com/hashikakalisetty/agent-trace
+cd agent-trace
+npm install
+```
+
+Start the daemon:
+
+```bash
+node bin/agent-trace-daemon.js
+```
+
+**Option 2: Global install**
+
+```bash
+npm install -g agent-trace
+agent-trace-daemon
+```
+
+Install hooks into `~/.claude/settings.json` so Claude Code sends events to the daemon:
+
+```bash
+# From source:
+node bin/agent-trace-daemon.js --install
+
+# Global install:
+agent-trace-daemon --install
+```
+
+Open the UI at `http://localhost:4243`.
+
+From that point on, every Claude Code session is automatically traced. No changes to how you run Claude Code.
+
+## How it works
+
+Claude Code fires lifecycle hooks (`PreToolUse`, `PostToolUse`, `Stop`) before and after each tool call. The daemon receives these as HTTP POST requests, stores them in SQLite, and pushes updates to the browser over SSE.
+
+Session history survives daemon restarts. When the daemon starts, it reads the last 100 sessions from the database and backfills any missing cost or metadata from the transcript files in `~/.claude/projects/`.
+
+## UI
+
+**Trace tab** — live session tree. Each agent shows its tool calls in order. Click any row to see full input, duration, and output in the detail panel. The graph button opens a visual tree of the agent hierarchy.
+
+**History tab** — past sessions with timestamps and cost. Click any session to inspect its tool calls and conversation thread.
+
+**Permissions tab** — active permission rules, configured hooks, MCP servers, environment variables, bash command audit, sensitive file access, and network requests across all sessions.
+
+## File structure
+
+```
+bin/
+  agent-trace-daemon.js   entry point, HTTP server, all route handlers
+lib/
+  parser.js               transcript parsing, pricing, security helpers (no DB dependency)
+  db.js                   SQLite schema, migrations, prepared statements
+  session-store.js        in-memory session state, hook handler, SSE broadcast
+public/
+  index.html              browser UI (vanilla JS, no build step)
+test/
+  parser.test.js          unit tests for parser functions
+  hook-integration.test.js  integration tests against a real daemon instance
+```
+
+## Configuration
+
+**Port** — set the `PORT` environment variable (default: `4243`).
+
+**Database path** — set `AGENT_TRACE_DB` to use a custom SQLite file (useful for testing).
+
+```bash
+PORT=4244 node bin/agent-trace-daemon.js
+AGENT_TRACE_DB=/tmp/test.db node bin/agent-trace-daemon.js
+```
+
+## Running tests
+
+```bash
+npm test
+```
+
+The test suite spawns a daemon on port 14243 with a temp database, runs all hook scenarios over HTTP, then cleans up. Unit tests cover transcript parsing independently.
+
+## Cost tracking
+
+Token costs are calculated from the transcript files in `~/.claude/projects/`. Pricing is defined in `lib/parser.js` and covers all current Claude models. Costs are stored per session and updated after each `Stop` event and during periodic background refreshes.
+
+The header totals sum root sessions only — each root already includes its subagents recursively, so summing all nodes would double-count.

package/bin/agent-trace-daemon.js

@@ -0,0 +1,482 @@
+#!/usr/bin/env node
+/**
+ * agent-trace daemon — entry point.
+ *
+ * Business logic lives in:
+ *   lib/parser.js        — pure transcript parsing + pricing (testable, no DB)
+ *   lib/db.js            — SQLite schema, migrations, prepared statements
+ *   lib/session-store.js — in-memory session state, hook handler, SSE broadcast
+ *
+ * This file owns: HTTP server, all route handlers, install-hooks CLI mode.
+ *
+ * Start:         node bin/agent-trace-daemon.js
+ * Install hooks: node bin/agent-trace-daemon.js --install
+ * UI at:         http://localhost:4243
+ */
+
+'use strict';
+
+const http = require('http');
+const fs   = require('fs');
+const path = require('path');
+const os   = require('os');
+
+const { isValidSessionId, findTranscript } = require('../lib/parser');
+const { createDb }    = require('../lib/db');
+const { createStore } = require('../lib/session-store');
+
+// ── Config ────────────────────────────────────────────────────────────────────
+const PORT     = process.env.PORT || 4243;
+const SETTINGS = path.join(os.homedir(), '.claude', 'settings.json');
+
+const DB_DIR  = process.env.AGENT_TRACE_DB
+  ? path.dirname(process.env.AGENT_TRACE_DB)
+  : path.join(os.homedir(), '.claude', 'agent-trace');
+const DB_PATH = process.env.AGENT_TRACE_DB || path.join(DB_DIR, 'traces.db');
+
+const MAX_BODY_BYTES = 1_048_576; // 1 MB
+
+// ── Install hooks mode ────────────────────────────────────────────────────────
+if (process.argv.includes('--install')) {
+  installHooks();
+  process.exit(0);
+}
+
+function installHooks() {
+  let settings = {};
+  if (fs.existsSync(SETTINGS)) {
+    try { settings = JSON.parse(fs.readFileSync(SETTINGS, 'utf8')); } catch {}
+  }
+  const hookCmd = `curl -s -X POST http://localhost:${PORT}/hook -H 'Content-Type: application/json' -d @-`;
+  settings.hooks = settings.hooks || {};
+  function ensureHook(event) {
+    settings.hooks[event] = settings.hooks[event] || [];
+    if (!settings.hooks[event].some(h => h.hooks?.some(hh => hh.command?.includes(`localhost:${PORT}`)))) {
+      settings.hooks[event].push({ hooks: [{ type: 'command', command: hookCmd }] });
+    }
+  }
+  ensureHook('PreToolUse');
+  ensureHook('PostToolUse');
+  ensureHook('Stop');
+  fs.mkdirSync(path.dirname(SETTINGS), { recursive: true });
+  fs.writeFileSync(SETTINGS, JSON.stringify(settings, null, 2));
+  console.log(`✓ Hooks installed in ${SETTINGS}`);
+  console.log(`  Start daemon: node bin/agent-trace-daemon.js`);
+  console.log(`  UI at:        http://localhost:${PORT}`);
+}
+
+// ── Initialise database + session store ───────────────────────────────────────
+const { db, stmts, persistSession, persistTool, persistCompaction } = createDb(DB_PATH);
+const store = createStore({ db, stmts, persistSession, persistTool, persistCompaction });
+const { sessions, clients, sessionList } = store;
+
+store.loadHistory();
+store.backfillCosts();
+store.discoverChildSessions();
+
+// Force fresh cost read 2s after startup (transcripts may have tokens the DB doesn't yet)
+setTimeout(() => {
+  const { findTranscript: ft, parseFullSessionStats } = require('../lib/parser');
+  for (const node of sessions.values()) {
+    const transcript = ft(node.sessionId, node.cwd);
+    if (!transcript) continue;
+    try {
+      const stats = parseFullSessionStats(transcript, node.sessionId);
+      if (stats.costUsd > 0 && Math.abs(stats.costUsd - node.costUsd) > 0.001) {
+        node.tokens.input     = stats.inputTokens;
+        node.tokens.output    = stats.outputTokens;
+        node.tokens.cacheRead = stats.cacheReadTokens;
+        node.costUsd          = stats.costUsd;
+        persistSession(node);
+        console.log(`  Refreshed ${node.sessionId.slice(0, 8)}: $${stats.costUsd.toFixed(4)}`);
+      }
+    } catch {}
+  }
+}, 2000);
+
+setInterval(() => store.refreshLiveCosts(), 45000);
+
+// ── CORS helpers ─────────────────────────────────────────────────────────────
+// The UI and API are served from the same origin (localhost:PORT), so the
+// browser never needs CORS for the UI. We only allow localhost origins so that
+// third-party websites cannot silently read session data, bash-command history,
+// or conversation threads from a running daemon.
+const LOCALHOST_RE = /^https?:\/\/localhost(:\d+)?$/;
+function isAllowedOrigin(origin) { return !origin || LOCALHOST_RE.test(origin); }
+function corsHeaders(req) {
+  const origin = req.headers.origin || '';
+  return isAllowedOrigin(origin) ? { 'Access-Control-Allow-Origin': origin || `http://localhost:${PORT}` } : {};
+}
+
+// ── HTTP server ───────────────────────────────────────────────────────────────
+const server = http.createServer((req, res) => {
+
+  // Reject cross-origin requests from non-localhost origins
+  const origin = req.headers.origin;
+  if (origin && !isAllowedOrigin(origin)) {
+    res.writeHead(403); res.end('forbidden'); return;
+  }
+
+  if (req.method === 'OPTIONS') {
+    res.writeHead(204, {
+      ...corsHeaders(req),
+      'Access-Control-Allow-Methods': 'POST, GET, OPTIONS',
+      'Access-Control-Allow-Headers': 'Content-Type',
+    });
+    res.end();
+    return;
+  }
+
+  // ── Hook receiver ──────────────────────────────────────────────────────────
+  if (req.method === 'POST' && req.url === '/hook') {
+    let body = '', tooLarge = false;
+    req.on('data', chunk => {
+      if (tooLarge) return;
+      body += chunk;
+      if (body.length > MAX_BODY_BYTES) { tooLarge = true; req.destroy(); res.writeHead(413); res.end('payload too large'); }
+    });
+    req.on('end', () => {
+      if (tooLarge) return;
+      try {
+        const ev = JSON.parse(body);
+        if (ev.session_id && !isValidSessionId(ev.session_id)) { res.writeHead(400); res.end('invalid session_id'); return; }
+        if (ev.cwd && (ev.cwd.includes('..') || ev.cwd.includes('\0') || !path.isAbsolute(ev.cwd) || path.normalize(ev.cwd) !== ev.cwd)) {
+          console.warn(`[hook] stripped unsafe cwd: ${JSON.stringify(ev.cwd)}`);
+          delete ev.cwd;
+        }
+        if (ev.tool_input && JSON.stringify(ev.tool_input).length > 65536) ev.tool_input = { _truncated: true };
+        store.handleHook(ev);
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end('{"ok":true}');
+      } catch { res.writeHead(400); res.end('bad json'); }
+    });
+    return;
+  }
+
+  // ── SSE stream ─────────────────────────────────────────────────────────────
+  if (req.url === '/events') {
+    if (clients.length >= 50) { res.writeHead(503); res.end('too many SSE clients'); return; }
+    res.writeHead(200, {
+      'Content-Type':      'text/event-stream',
+      'Cache-Control':     'no-cache',
+      'Connection':        'keep-alive',
+      'X-Accel-Buffering': 'no',   // prevent nginx buffering
+      ...corsHeaders(req),
+    });
+    res.write(`data: ${store.serializeTree()}\n\n`);
+    clients.push(res);
+    req.on('close', () => { const i = clients.indexOf(res); if (i >= 0) clients.splice(i, 1); });
+    const hb = setInterval(() => { try { res.write(': heartbeat\n\n'); } catch { clearInterval(hb); } }, 3000);
+    return;
+  }
+
+  // ── Sessions list (history sidebar) ───────────────────────────────────────
+  if (req.url === '/api/sessions') {
+    const rows = stmts.listRootSessions.all();
+    res.writeHead(200, { 'Content-Type': 'application/json', ...corsHeaders(req) });
+    res.end(JSON.stringify(rows));
+    return;
+  }
+
+  // ── Single session ─────────────────────────────────────────────────────────
+  const sessionMatch = req.url.match(/^\/api\/sessions\/([^/]+)$/);
+  if (sessionMatch) {
+    const sid = decodeURIComponent(sessionMatch[1]);
+    if (!sessions.has(sid)) store.loadSessionTree(sid);
+    const data = store.serializeSession(sid);
+    if (!data) { res.writeHead(404); res.end('not found'); return; }
+    res.writeHead(200, { 'Content-Type': 'application/json', ...corsHeaders(req) });
+    res.end(JSON.stringify(data));
+    return;
+  }
+
+  // ── Conversation thread ────────────────────────────────────────────────────
+  const threadMatch = req.url.match(/^\/api\/sessions\/([^/]+)\/thread$/);
+  if (threadMatch) {
+    const sid = decodeURIComponent(threadMatch[1]);
+    const node = sessions.get(sid) || (() => { store.loadSessionTree(sid); return sessions.get(sid); })();
+    const transcript = findTranscript(sid, node?.cwd || null);
+    if (!transcript) { res.writeHead(404); res.end('no transcript'); return; }
+
+    const messages = [];
+    try {
+      const lines = fs.readFileSync(transcript, 'utf8').split('\n');
+      const compactUuids = new Set();
+      for (const line of lines) {
+        if (!line.trim()) continue;
+        try {
+          const obj = JSON.parse(line);
+          if (obj.type === 'system' && obj.subtype === 'compact_boundary' && obj.uuid) compactUuids.add(obj.uuid);
+        } catch {}
+      }
+      for (const line of lines) {
+        if (!line.trim()) continue;
+        try {
+          const obj = JSON.parse(line);
+          if (obj.type === 'user' && obj.message?.content) {
+            if (obj.parentUuid && compactUuids.has(obj.parentUuid)) continue;
+            const content = obj.message.content;
+            if (typeof content === 'string' && content.length > 2) {
+              messages.push({ role: 'user', text: content.slice(0, 8000), timestamp: obj.timestamp });
+            } else if (Array.isArray(content)) {
+              const textParts = content.filter(b => b.type === 'text' && b.text?.length > 2).map(b => b.text);
+              if (textParts.length > 0) messages.push({ role: 'user', text: textParts.join('\n\n').slice(0, 8000), timestamp: obj.timestamp });
+            }
+          }
+          if (obj.type === 'assistant' && obj.message?.content) {
+            const texts = (obj.message.content || []).filter(b => b.type === 'text' && b.text?.trim()).map(b => b.text.trim());
+            if (texts.length > 0) messages.push({ role: 'assistant', text: texts.join('\n\n').slice(0, 8000), timestamp: obj.timestamp });
+          }
+        } catch {}
+      }
+    } catch {}
+
+    res.writeHead(200, { 'Content-Type': 'application/json', ...corsHeaders(req) });
+    res.end(JSON.stringify(messages.slice(-100)));
+    return;
+  }
+
+  // ── Permissions ────────────────────────────────────────────────────────────
+  if (req.url === '/api/permissions') {
+    function loadSettings(filePath) {
+      try { return JSON.parse(fs.readFileSync(filePath, 'utf8')); } catch { return {}; }
+    }
+    const globalSettings = loadSettings(SETTINGS);
+    const allNodes = [...sessions.values()];
+    let cwd = allNodes.filter(n => n.cwd).sort((a, b) => b.startedAt - a.startedAt)[0]?.cwd || null;
+    if (!cwd) {
+      try { const row = db.prepare(`SELECT cwd FROM sessions WHERE cwd IS NOT NULL ORDER BY started_at DESC LIMIT 1`).get(); cwd = row?.cwd || null; } catch {}
+    }
+    let projectSettings = {}, projectLocalSettings = {};
+    if (cwd) {
+      projectSettings      = loadSettings(path.join(cwd, '.claude', 'settings.json'));
+      projectLocalSettings = loadSettings(path.join(cwd, '.claude', 'settings.local.json'));
+    }
+    const recentNode = allNodes.filter(n => n.projectAllow || n.projectDeny).sort((a, b) => b.startedAt - a.startedAt)[0];
+    if (!projectSettings.permissions && !projectLocalSettings.permissions && recentNode) {
+      projectLocalSettings = { permissions: { allow: recentNode.projectAllow || [], deny: recentNode.projectDeny || [] } };
+    }
+    function mergePerms(...layers) {
+      const allow = [], deny = [], ask = [], additionalDirs = [];
+      let defaultMode = 'default';
+      for (const s of layers) {
+        const p = s.permissions || {};
+        if (p.defaultMode) defaultMode = p.defaultMode;
+        allow.push(...(p.allow || [])); deny.push(...(p.deny || [])); ask.push(...(p.ask || []));
+        additionalDirs.push(...(p.additionalDirectories || []));
+      }
+      return { defaultMode, allow: [...new Set(allow)], deny: [...new Set(deny)], ask: [...new Set(ask)], additionalDirs: [...new Set(additionalDirs)] };
+    }
+    const perms = mergePerms(globalSettings, projectSettings, projectLocalSettings);
+
+    function extractMcp(s) {
+      return Object.entries(s.mcpServers || {}).map(([name, cfg]) => ({
+        name, type: cfg.type || (cfg.command ? 'stdio' : cfg.url ? 'sse' : 'unknown'),
+        command: cfg.command || cfg.url || null, args: cfg.args || [], enabled: true,
+      }));
+    }
+    const mcpMap = new Map();
+    const desktopCfg = loadSettings(path.join(os.homedir(), 'Library', 'Application Support', 'Claude', 'claude_desktop_config.json'));
+    for (const s of [...extractMcp(desktopCfg), ...extractMcp(globalSettings), ...extractMcp(projectSettings)]) mcpMap.set(s.name, s);
+
+    const toolMap = new Map();
+    for (const node of allNodes) {
+      for (const tc of node.toolCalls) {
+        const e = toolMap.get(tc.name) || { name: tc.name, calls: 0, totalMs: 0 };
+        e.calls++; if (tc.durationMs) e.totalMs += tc.durationMs;
+        toolMap.set(tc.name, e);
+      }
+    }
+
+    const safeEnv = {};
+    for (const [k, v] of Object.entries(globalSettings.env || {})) {
+      const lower = k.toLowerCase();
+      safeEnv[k] = (lower.includes('key') || lower.includes('secret') || lower.includes('token') || lower.includes('password')) ? '••••••' : v;
+    }
+
+    res.writeHead(200, { 'Content-Type': 'application/json', ...corsHeaders(req) });
+    res.end(JSON.stringify({
+      defaultMode: perms.defaultMode, allow: perms.allow, deny: perms.deny, ask: perms.ask,
+      fileAccess:  { cwd, additionalDirs: perms.additionalDirs, denied: perms.deny.filter(r => r.startsWith('Read(') || r === 'Read') },
+      mcpServers:  [...mcpMap.values()],
+      toolStats:   [...toolMap.values()].sort((a, b) => b.calls - a.calls),
+      plugins:     Object.entries(globalSettings.enabledPlugins || {}).filter(([, v]) => v).map(([k]) => k),
+      env: safeEnv,
+    }));
+    return;
+  }
+
+  // ── Packages ───────────────────────────────────────────────────────────────
+  if (req.url === '/api/packages') {
+    const allNodes = [...sessions.values()];
+    const rootNodes = allNodes.filter(n => !n.parentSessionId);
+    const recentNode = (rootNodes.length > 0 ? rootNodes : allNodes).sort((a, b) => b.startedAt - a.startedAt)[0];
+    const cwd = recentNode?.cwd || null;
+    const result = { cwd, npm: null, pip: null, other: [] };
+    if (cwd) {
+      try {
+        const pkg = JSON.parse(fs.readFileSync(path.join(cwd, 'package.json'), 'utf8'));
+        result.npm = {
+          name: pkg.name, version: pkg.version,
+          deps:    Object.entries(pkg.dependencies    || {}).map(([n, v]) => ({ name: n, version: v, type: 'dep'  })),
+          devDeps: Object.entries(pkg.devDependencies || {}).map(([n, v]) => ({ name: n, version: v, type: 'dev'  })),
+        };
+      } catch {}
+    }
+    if (!result.npm && recentNode?.packageJson) {
+      const pkg = recentNode.packageJson;
+      result.npm = {
+        name: pkg.name, version: pkg.version,
+        deps:    Object.entries(pkg.deps    || {}).map(([n, v]) => ({ name: n, version: v, type: 'dep' })),
+        devDeps: Object.entries(pkg.devDeps || {}).map(([n, v]) => ({ name: n, version: v, type: 'dev' })),
+      };
+    }
+    if (recentNode?.requirementsTxt) {
+      result.pip = recentNode.requirementsTxt.map(l => {
+        const [name, version] = l.split(/[=><~!]+/);
+        return { name: name.trim(), version: (version || '').trim() };
+      });
+    }
+    res.writeHead(200, { 'Content-Type': 'application/json', ...corsHeaders(req) });
+    res.end(JSON.stringify(result));
+    return;
+  }
+
+  // ── Projects ───────────────────────────────────────────────────────────────
+  if (req.url === '/api/projects') {
+    const rows = db.prepare(`
+      SELECT id, label, status, started_at, ended_at, cost_usd, cwd, permission_mode
+      FROM sessions WHERE parent_id IS NULL ORDER BY started_at DESC LIMIT 300
+    `).all();
+    const projectMap = new Map();
+    for (const row of rows) {
+      const key = row.cwd || '__unknown__';
+      if (!projectMap.has(key)) {
+        const parts = (row.cwd || '').replace(/\\/g, '/').split('/').filter(Boolean);
+        projectMap.set(key, { cwd: row.cwd || null, name: parts[parts.length - 1] || row.cwd || 'unknown', sessions: [] });
+      }
+      const proj = projectMap.get(key);
+      if (proj.sessions.length < 20) proj.sessions.push(row);
+    }
+    const projects = [...projectMap.values()].sort((a, b) => (b.sessions[0]?.started_at || 0) - (a.sessions[0]?.started_at || 0));
+    res.writeHead(200, { 'Content-Type': 'application/json', ...corsHeaders(req) });
+    res.end(JSON.stringify(projects));
+    return;
+  }
+
+  // ── Security audit ─────────────────────────────────────────────────────────
+  if (req.url === '/api/security-audit') {
+    function loadSettingsAudit(p) { try { return JSON.parse(fs.readFileSync(p, 'utf8')); } catch { return {}; } }
+    const gs = loadSettingsAudit(SETTINGS);
+    const allNodes = [...sessions.values()];
+    let cwdAudit = allNodes.filter(n => n.cwd).sort((a, b) => b.startedAt - a.startedAt)[0]?.cwd || null;
+    if (!cwdAudit) { try { const r = db.prepare(`SELECT cwd FROM sessions WHERE cwd IS NOT NULL ORDER BY started_at DESC LIMIT 1`).get(); cwdAudit = r?.cwd || null; } catch {} }
+    const ps  = cwdAudit ? loadSettingsAudit(path.join(cwdAudit, '.claude', 'settings.json'))       : {};
+    const pls = cwdAudit ? loadSettingsAudit(path.join(cwdAudit, '.claude', 'settings.local.json')) : {};
+
+    function extractAllHooks(settings, source) {
+      const hooks = [];
+      for (const [event, groups] of Object.entries(settings.hooks || {})) {
+        if (!Array.isArray(groups)) continue;
+        for (const group of groups) {
+          for (const hook of (group.hooks || [])) {
+            hooks.push({ event, matcher: group.matcher || null, type: hook.type || 'command', command: hook.command || hook.prompt || '', source });
+          }
+        }
+      }
+      return hooks;
+    }
+
+    const bashRows = db.prepare(`
+      SELECT tc.session_id, tc.input_json, tc.started_at, tc.done, s.label
+      FROM tool_calls tc JOIN sessions s ON tc.session_id = s.id
+      WHERE tc.name = 'Bash' ORDER BY tc.started_at DESC LIMIT 300
+    `).all();
+    const bashCommands = bashRows.map(r => {
+      let cmd = '';
+      try { cmd = JSON.parse(r.input_json)?.command || ''; } catch {}
+      return { sessionId: r.session_id, sessionLabel: r.label, command: cmd, startedAt: r.started_at, done: !!r.done };
+    }).filter(r => r.command);
+
+    const SENSITIVE_RE = /\.env(\b|$|\.|_)|\.pem$|\.key$|\.p12$|\.pfx$|\.crt$|\.cer$|credentials|secret|id_rsa|id_ed25519|\.kubeconfig|\.aws\/|\.ssh\/|\.npmrc|\.netrc|\.htpasswd/i;
+    const fileToolRows = db.prepare(`
+      SELECT tc.session_id, tc.name, tc.input_json, tc.started_at, s.label
+      FROM tool_calls tc JOIN sessions s ON tc.session_id = s.id
+      WHERE tc.name IN ('Read', 'Write', 'Edit') ORDER BY tc.started_at DESC LIMIT 2000
+    `).all();
+    const sensitiveFiles = fileToolRows.flatMap(r => {
+      let fp = '';
+      try { const inp = JSON.parse(r.input_json); fp = inp?.file_path || inp?.path || ''; } catch {}
+      if (!fp || !SENSITIVE_RE.test(fp)) return [];
+      return [{ sessionId: r.session_id, sessionLabel: r.label, tool: r.name, filePath: fp, startedAt: r.started_at }];
+    });
+
+    const fetchRows = db.prepare(`
+      SELECT tc.session_id, tc.name, tc.input_json, tc.started_at, s.label
+      FROM tool_calls tc JOIN sessions s ON tc.session_id = s.id
+      WHERE tc.name IN ('WebFetch', 'WebSearch') ORDER BY tc.started_at DESC LIMIT 200
+    `).all();
+    const webRequests = fetchRows.map(r => {
+      let url = '';
+      try { const inp = JSON.parse(r.input_json); url = inp?.url || inp?.query || ''; } catch {}
+      return { sessionId: r.session_id, sessionLabel: r.label, tool: r.name, url, startedAt: r.started_at };
+    }).filter(r => r.url);
+
+    const bypassRows = db.prepare(`SELECT id, label, started_at, ended_at, status, cwd FROM sessions WHERE permission_mode = 'bypassPermissions' ORDER BY started_at DESC`).all();
+    const blockedRows = db.prepare(`
+      SELECT tc.session_id, tc.name, tc.input_json, tc.started_at, s.label, s.status
+      FROM tool_calls tc JOIN sessions s ON tc.session_id = s.id
+      WHERE tc.done = 0 AND s.status != 'running' AND tc.duration_ms IS NULL ORDER BY tc.started_at DESC LIMIT 100
+    `).all();
+    const blockedActions = blockedRows.map(r => {
+      let detail = '';
+      try { const inp = JSON.parse(r.input_json); detail = inp?.command || inp?.file_path || inp?.query || ''; } catch {}
+      return { sessionId: r.session_id, sessionLabel: r.label, tool: r.name, detail, startedAt: r.started_at };
+    });
+
+    res.writeHead(200, { 'Content-Type': 'application/json', ...corsHeaders(req) });
+    res.end(JSON.stringify({
+      hooks: [...extractAllHooks(gs, 'global'), ...extractAllHooks(ps, 'project'), ...extractAllHooks(pls, 'project-local')],
+      bashCommands, sensitiveFiles, webRequests,
+      bypassSessions: bypassRows, blockedActions,
+    }));
+    return;
+  }
+
+  // ── Health ─────────────────────────────────────────────────────────────────
+  if (req.url === '/health') {
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ok: true, sessions: sessions.size, port: PORT }));
+    return;
+  }
+
+  // ── Serve UI ───────────────────────────────────────────────────────────────
+  const uiCandidates = [
+    path.join(os.homedir(), 'Library', 'Application Support', 'agent-trace', 'public', 'index.html'),
+    path.join(__dirname, '..', 'public', 'index.html'),
+  ];
+  const filePath = uiCandidates.find(p => fs.existsSync(p));
+  if (!filePath) { res.writeHead(404); res.end('index.html not found'); return; }
+  fs.readFile(filePath, (err, data) => {
+    if (err) { res.writeHead(404); res.end('Not found'); return; }
+    res.writeHead(200, {
+      'Content-Type':             'text/html',
+      'Cache-Control':            'no-store, no-cache, must-revalidate',
+      'Pragma':                   'no-cache',
+      'Content-Security-Policy':  `default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' data:; font-src 'self' data:; frame-ancestors 'none'`,
+      'X-Content-Type-Options':   'nosniff',
+      'X-Frame-Options':          'DENY',
+    });
+    res.end(data);
+  });
+});
+
+server.listen(PORT, () => {
+  console.log(`\n  Agent Trace Daemon → http://localhost:${PORT}`);
+  console.log(`  DB                 → ${DB_PATH}`);
+  console.log(`  Sessions loaded    → ${sessionList.length}`);
+  console.log(`\n  To install hooks:  node bin/agent-trace-daemon.js --install\n`);
+});
+
+process.on('SIGINT',  () => { db.close(); console.log('\n  Daemon stopped.\n'); process.exit(0); });
+process.on('SIGTERM', () => { db.close(); process.exit(0); });