create-claude-code-visualizer 0.1.0

package/templates/app/src/app/api/governance/sessions/route.ts

@@ -0,0 +1,335 @@
+import { NextRequest, NextResponse } from "next/server";
+import fs from "fs";
+import path from "path";
+import readline from "readline";
+
+// ---------------------------------------------------------------------------
+// Risk classification
+// ---------------------------------------------------------------------------
+
+type RiskLevel = "critical" | "warning" | "info";
+
+interface RiskRule {
+  level: RiskLevel;
+  label: string;
+  test: (toolName: string, input: Record<string, unknown>) => boolean;
+}
+
+const RISK_RULES: RiskRule[] = [
+  // Critical — destructive or dangerous
+  {
+    level: "critical",
+    label: "Destructive delete",
+    test: (tool, input) =>
+      tool === "Bash" && /\brm\s+-rf\b/.test(String(input.command || "")),
+  },
+  {
+    level: "critical",
+    label: "Force push",
+    test: (tool, input) =>
+      tool === "Bash" &&
+      /\bgit\s+push\s+.*--force\b/.test(String(input.command || "")),
+  },
+  {
+    level: "critical",
+    label: "Hard reset",
+    test: (tool, input) =>
+      tool === "Bash" &&
+      /\bgit\s+reset\s+--hard\b/.test(String(input.command || "")),
+  },
+  {
+    level: "critical",
+    label: "Drop table",
+    test: (tool, input) =>
+      tool === "Bash" &&
+      /\bDROP\s+TABLE\b/i.test(String(input.command || "")),
+  },
+  {
+    level: "critical",
+    label: "Env/credentials write",
+    test: (tool, input) => {
+      if (tool !== "Write" && tool !== "Edit") return false;
+      const fp = String(input.file_path || input.filePath || "");
+      return /\.(env|pem|key|credentials|secret)/.test(fp);
+    },
+  },
+  {
+    level: "critical",
+    label: "Sudo command",
+    test: (tool, input) =>
+      tool === "Bash" && /\bsudo\b/.test(String(input.command || "")),
+  },
+  // Warning — potentially risky
+  {
+    level: "warning",
+    label: "Package install",
+    test: (tool, input) =>
+      tool === "Bash" &&
+      /\b(npm\s+(install|ci|uninstall)|pip3?\s+install)\b/.test(
+        String(input.command || "")
+      ),
+  },
+  {
+    level: "warning",
+    label: "Git push",
+    test: (tool, input) =>
+      tool === "Bash" && /\bgit\s+push\b/.test(String(input.command || "")),
+  },
+  {
+    level: "warning",
+    label: "File write",
+    test: (tool) => tool === "Write" || tool === "Edit",
+  },
+  {
+    level: "warning",
+    label: "Config file modified",
+    test: (tool, input) => {
+      if (tool !== "Write" && tool !== "Edit") return false;
+      const fp = String(input.file_path || input.filePath || "");
+      return /\b(package\.json|tsconfig|\.mcp\.json|next\.config|CLAUDE\.md)\b/.test(fp);
+    },
+  },
+  {
+    level: "warning",
+    label: "External network",
+    test: (tool) => tool === "WebFetch" || tool === "WebSearch",
+  },
+];
+
+function classifyRisk(
+  toolName: string,
+  input: Record<string, unknown>
+): { level: RiskLevel; label: string } {
+  for (const rule of RISK_RULES) {
+    if (rule.test(toolName, input)) {
+      return { level: rule.level, label: rule.label };
+    }
+  }
+  return { level: "info", label: "Normal" };
+}
+
+// ---------------------------------------------------------------------------
+// JSONL session parser
+// ---------------------------------------------------------------------------
+
+interface ToolCall {
+  toolName: string;
+  input: Record<string, unknown>;
+  inputSummary: string;
+  risk: { level: RiskLevel; label: string };
+  timestamp: string;
+}
+
+interface SessionSummary {
+  sessionId: string;
+  project: string;
+  startedAt: string;
+  lastActivity: string;
+  version: string;
+  gitBranch: string;
+  messageCount: number;
+  toolCalls: ToolCall[];
+  riskCounts: { critical: number; warning: number; info: number };
+  highestRisk: RiskLevel;
+}
+
+const CLAUDE_DIR = path.join(
+  process.env.HOME || "/home/collin",
+  ".claude",
+  "projects"
+);
+
+function summarizeInput(toolName: string, input: Record<string, unknown>): string {
+  if (toolName === "Bash") return String(input.command || "").slice(0, 200);
+  if (toolName === "Read") return String(input.file_path || "").slice(0, 200);
+  if (toolName === "Write" || toolName === "Edit")
+    return String(input.file_path || input.filePath || "").slice(0, 200);
+  if (toolName === "Glob") return String(input.pattern || "").slice(0, 200);
+  if (toolName === "Grep") return String(input.pattern || "").slice(0, 200);
+  if (toolName === "Agent")
+    return String(input.description || "").slice(0, 200);
+  if (toolName === "WebFetch" || toolName === "WebSearch")
+    return String(input.url || input.query || "").slice(0, 200);
+  // MCP tools
+  if (toolName.startsWith("mcp__"))
+    return JSON.stringify(input).slice(0, 200);
+  return JSON.stringify(input).slice(0, 150);
+}
+
+async function parseSession(
+  filePath: string,
+  projectName: string
+): Promise<SessionSummary | null> {
+  const sessionId = path.basename(filePath, ".jsonl");
+  const toolCalls: ToolCall[] = [];
+  let startedAt = "";
+  let lastActivity = "";
+  let version = "";
+  let gitBranch = "";
+  let messageCount = 0;
+
+  const stream = fs.createReadStream(filePath, { encoding: "utf-8" });
+  const rl = readline.createInterface({ input: stream, crlfDelay: Infinity });
+
+  for await (const line of rl) {
+    if (!line.trim()) continue;
+    let entry: Record<string, unknown>;
+    try {
+      entry = JSON.parse(line);
+    } catch {
+      continue;
+    }
+
+    const ts = String(entry.timestamp || "");
+    if (ts) {
+      if (!startedAt || ts < startedAt) startedAt = ts;
+      if (!lastActivity || ts > lastActivity) lastActivity = ts;
+    }
+
+    if (entry.version) version = String(entry.version);
+    if (entry.gitBranch) gitBranch = String(entry.gitBranch);
+
+    // Count user/assistant messages
+    if (entry.type === "user" || entry.type === "assistant") {
+      messageCount++;
+    }
+
+    // Extract tool_use blocks from assistant messages
+    if (entry.type === "assistant") {
+      const msg = entry.message as { content?: unknown[] } | undefined;
+      if (msg?.content && Array.isArray(msg.content)) {
+        for (const block of msg.content) {
+          const b = block as Record<string, unknown>;
+          if (b.type === "tool_use" && b.name) {
+            const toolName = String(b.name);
+            const input = (b.input as Record<string, unknown>) || {};
+            const risk = classifyRisk(toolName, input);
+            toolCalls.push({
+              toolName,
+              input,
+              inputSummary: summarizeInput(toolName, input),
+              risk,
+              timestamp: ts,
+            });
+          }
+        }
+      }
+    }
+  }
+
+  if (messageCount === 0) return null;
+
+  const riskCounts = { critical: 0, warning: 0, info: 0 };
+  for (const tc of toolCalls) {
+    riskCounts[tc.risk.level]++;
+  }
+  const highestRisk: RiskLevel = riskCounts.critical > 0
+    ? "critical"
+    : riskCounts.warning > 0
+      ? "warning"
+      : "info";
+
+  return {
+    sessionId,
+    project: projectName,
+    startedAt,
+    lastActivity,
+    version,
+    gitBranch,
+    messageCount,
+    toolCalls,
+    riskCounts,
+    highestRisk,
+  };
+}
+
+// ---------------------------------------------------------------------------
+// GET /api/governance/sessions
+// ---------------------------------------------------------------------------
+
+export async function GET(req: NextRequest) {
+  const { searchParams } = req.nextUrl;
+  const projectFilter = searchParams.get("project"); // optional filter
+  const limit = Math.min(parseInt(searchParams.get("limit") || "50", 10), 200);
+  const riskFilter = searchParams.get("risk") as RiskLevel | null; // optional
+
+  try {
+    if (!fs.existsSync(CLAUDE_DIR)) {
+      return NextResponse.json({ sessions: [], projects: [] });
+    }
+
+    const projectDirs = fs.readdirSync(CLAUDE_DIR).filter((d) => {
+      const full = path.join(CLAUDE_DIR, d);
+      return fs.statSync(full).isDirectory();
+    });
+
+    const projects = projectDirs.map((d) =>
+      d.replace(/-/g, "/").replace(/^\//, "")
+    );
+
+    // Collect all JSONL files across projects (or filtered project)
+    const filesToParse: { file: string; project: string }[] = [];
+
+    for (const dir of projectDirs) {
+      const projectName = dir.replace(/-/g, "/").replace(/^\//, "");
+      if (projectFilter && projectName !== projectFilter && dir !== projectFilter) {
+        continue;
+      }
+      const fullDir = path.join(CLAUDE_DIR, dir);
+      const jsonlFiles = fs.readdirSync(fullDir).filter((f) => f.endsWith(".jsonl"));
+
+      // Sort by mtime descending to get most recent first
+      const withStats = jsonlFiles.map((f) => {
+        const fp = path.join(fullDir, f);
+        return { file: fp, mtime: fs.statSync(fp).mtimeMs, project: projectName };
+      });
+      withStats.sort((a, b) => b.mtime - a.mtime);
+
+      for (const w of withStats) {
+        filesToParse.push({ file: w.file, project: w.project });
+      }
+    }
+
+    // Sort all files by mtime descending
+    filesToParse.sort((a, b) => {
+      const sa = fs.statSync(a.file).mtimeMs;
+      const sb = fs.statSync(b.file).mtimeMs;
+      return sb - sa;
+    });
+
+    // Parse sessions (limit to avoid huge responses)
+    const sessions: SessionSummary[] = [];
+    const parseLimit = limit * 2; // parse extra to allow risk filtering
+    for (const { file, project } of filesToParse.slice(0, parseLimit)) {
+      const session = await parseSession(file, project);
+      if (!session) continue;
+      if (riskFilter && session.highestRisk !== riskFilter) continue;
+      sessions.push(session);
+      if (sessions.length >= limit) break;
+    }
+
+    // Strip full tool inputs from response to keep payload small
+    // (keep inputSummary for display)
+    const lightweight = sessions.map((s) => ({
+      ...s,
+      toolCalls: s.toolCalls.map(({ input, ...rest }) => rest),
+    }));
+
+    // Aggregate stats
+    const stats = {
+      totalSessions: sessions.length,
+      totalToolCalls: sessions.reduce((n, s) => n + s.toolCalls.length, 0),
+      criticalCount: sessions.reduce((n, s) => n + s.riskCounts.critical, 0),
+      warningCount: sessions.reduce((n, s) => n + s.riskCounts.warning, 0),
+      infoCount: sessions.reduce((n, s) => n + s.riskCounts.info, 0),
+    };
+
+    return NextResponse.json({ sessions: lightweight, projects, stats });
+  } catch (err) {
+    console.error("Governance API error:", err);
+    return NextResponse.json(
+      { error: "Failed to parse session data" },
+      { status: 500 }
+    );
+  }
+}

package/templates/app/src/app/api/notifications/route.ts

@@ -0,0 +1,62 @@
+import { NextRequest, NextResponse } from "next/server";
+import { supabase } from "@/lib/supabase";
+
+export async function GET(req: NextRequest) {
+  const unreadOnly = req.nextUrl.searchParams.get("unread") === "true";
+
+  let query = supabase
+    .from("notifications")
+    .select("*")
+    .order("created_at", { ascending: false })
+    .limit(50);
+
+  if (unreadOnly) {
+    query = query.eq("read", false);
+  }
+
+  const { data, error } = await query;
+
+  if (error) {
+    return NextResponse.json({ error: error.message }, { status: 500 });
+  }
+
+  return NextResponse.json(data);
+}
+
+export async function PATCH(req: NextRequest) {
+  const body = await req.json();
+
+  if (body.all) {
+    const { error } = await supabase
+      .from("notifications")
+      .update({ read: true })
+      .eq("read", false);
+
+    if (error) {
+      return NextResponse.json({ error: error.message }, { status: 500 });
+    }
+  } else if (body.ids && Array.isArray(body.ids)) {
+    const { error } = await supabase
+      .from("notifications")
+      .update({ read: true })
+      .in("id", body.ids);
+
+    if (error) {
+      return NextResponse.json({ error: error.message }, { status: 500 });
+    }
+  } else if (body.session_id) {
+    const { error } = await supabase
+      .from("notifications")
+      .update({ read: true })
+      .eq("session_id", body.session_id)
+      .eq("read", false);
+
+    if (error) {
+      return NextResponse.json({ error: error.message }, { status: 500 });
+    }
+  } else {
+    return NextResponse.json({ error: "Provide { ids: [...] }, { session_id: '...' }, or { all: true }" }, { status: 400 });
+  }
+
+  return NextResponse.json({ ok: true });
+}

package/templates/app/src/app/api/preferences/route.ts

@@ -0,0 +1,44 @@
+import { NextRequest, NextResponse } from "next/server";
+import { createClient } from "@/lib/supabase-server";
+
+export async function GET() {
+  const supabase = await createClient();
+  const { data: { user } } = await supabase.auth.getUser();
+
+  if (!user?.email) {
+    return NextResponse.json({ error: "Not authenticated" }, { status: 401 });
+  }
+
+  const { data } = await supabase
+    .from("user_preferences")
+    .select("preferences")
+    .eq("user_email", user.email)
+    .single();
+
+  return NextResponse.json({ preferences: data?.preferences || "" });
+}
+
+export async function PUT(req: NextRequest) {
+  const supabase = await createClient();
+  const { data: { user } } = await supabase.auth.getUser();
+
+  if (!user?.email) {
+    return NextResponse.json({ error: "Not authenticated" }, { status: 401 });
+  }
+
+  const body = await req.json();
+  const preferences = typeof body.preferences === "string" ? body.preferences : "";
+
+  const { error } = await supabase
+    .from("user_preferences")
+    .upsert(
+      { user_email: user.email, preferences, updated_at: new Date().toISOString() },
+      { onConflict: "user_email" }
+    );
+
+  if (error) {
+    return NextResponse.json({ error: error.message }, { status: 500 });
+  }
+
+  return NextResponse.json({ saved: true });
+}

package/templates/app/src/app/api/runs/[id]/approve/route.ts

@@ -0,0 +1,38 @@
+import { NextRequest, NextResponse } from "next/server";
+import { submitApproval } from "@/lib/approval-store";
+
+// Retry with short delay — in dev mode, the approve POST can arrive
+// before or after the approval promise is registered due to route compilation timing.
+async function trySubmit(runId: string, toolUseId: string, approved: boolean, retries = 5): Promise<boolean> {
+  for (let i = 0; i < retries; i++) {
+    if (submitApproval(runId, toolUseId, approved)) return true;
+    if (i < retries - 1) await new Promise((r) => setTimeout(r, 500));
+  }
+  return false;
+}
+
+export async function POST(
+  req: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  const { id: runId } = await params;
+  const body = await req.json();
+  const { tool_use_id, approved } = body;
+
+  if (!tool_use_id || typeof approved !== "boolean") {
+    return NextResponse.json(
+      { error: "tool_use_id and approved (boolean) are required" },
+      { status: 400 }
+    );
+  }
+
+  const found = await trySubmit(runId, tool_use_id, approved);
+  if (!found) {
+    return NextResponse.json(
+      { error: "No pending approval found — it may have timed out" },
+      { status: 404 }
+    );
+  }
+
+  return NextResponse.json({ ok: true });
+}

package/templates/app/src/app/api/runs/[id]/events/route.ts

@@ -0,0 +1,28 @@
+import { NextRequest, NextResponse } from "next/server";
+import { supabase } from "@/lib/supabase";
+
+export async function GET(
+  req: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  const { id: runId } = await params;
+  const afterSeq = parseInt(req.nextUrl.searchParams.get("after_seq") || "0", 10);
+
+  let query = supabase
+    .from("run_events")
+    .select("*")
+    .eq("run_id", runId)
+    .order("seq", { ascending: true });
+
+  if (afterSeq > 0) {
+    query = query.gt("seq", afterSeq);
+  }
+
+  const { data, error } = await query;
+
+  if (error) {
+    return NextResponse.json({ error: error.message }, { status: 500 });
+  }
+
+  return NextResponse.json(data || []);
+}

package/templates/app/src/app/api/runs/[id]/metadata/route.ts

@@ -0,0 +1,30 @@
+import { NextRequest, NextResponse } from "next/server";
+import { supabase } from "@/lib/supabase";
+
+export async function PATCH(
+  req: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  const { id } = await params;
+  const body = await req.json();
+
+  // Merge new metadata with existing
+  const { data: existing } = await supabase
+    .from("agent_runs")
+    .select("metadata")
+    .eq("id", id)
+    .single();
+
+  const merged = { ...(existing?.metadata || {}), ...body };
+
+  const { error } = await supabase
+    .from("agent_runs")
+    .update({ metadata: merged })
+    .eq("id", id);
+
+  if (error) {
+    return NextResponse.json({ error: error.message }, { status: 500 });
+  }
+
+  return NextResponse.json({ ok: true });
+}

package/templates/app/src/app/api/runs/[id]/route.ts

@@ -0,0 +1,21 @@
+import { NextRequest, NextResponse } from "next/server";
+import { supabase } from "@/lib/supabase";
+
+export async function GET(
+  _req: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  const { id } = await params;
+
+  const { data, error } = await supabase
+    .from("agent_runs")
+    .select("*")
+    .eq("id", id)
+    .single();
+
+  if (error) {
+    return NextResponse.json({ error: error.message }, { status: 404 });
+  }
+
+  return NextResponse.json(data);
+}

package/templates/app/src/app/api/runs/[id]/start/route.ts

@@ -0,0 +1,61 @@
+import { NextRequest, NextResponse } from "next/server";
+import { supabase } from "@/lib/supabase";
+import { getAgent } from "@/lib/agents";
+import { executeDetached } from "@/lib/agent-runner";
+import { requireRole } from "@/lib/auth-guard";
+
+export async function POST(
+  req: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  const auth = await requireRole(req, ["admin", "operator"], "start_run", "agent_runs");
+  if (!auth.authorized) return auth.response!;
+
+  const { id: runId } = await params;
+
+  const { data: run, error } = await supabase
+    .from("agent_runs")
+    .select("*")
+    .eq("id", runId)
+    .single();
+
+  if (error || !run) {
+    return NextResponse.json({ error: "Run not found" }, { status: 404 });
+  }
+
+  if (run.status !== "queued") {
+    return NextResponse.json({ error: `Run is already ${run.status}` }, { status: 409 });
+  }
+
+  const agent = getAgent(run.agent_slug);
+  if (!agent) {
+    return NextResponse.json({ error: `Agent ${run.agent_slug} not found` }, { status: 404 });
+  }
+
+  // Parse optional files from request body
+  const body = await req.json().catch(() => ({}));
+  const files = body.files as string[] | undefined;
+
+  // For follow-up messages in a session, find the SDK session ID from a previous run
+  let resumeSessionId: string | undefined;
+  if (run.session_id) {
+    const { data: prevRuns } = await supabase
+      .from("agent_runs")
+      .select("metadata")
+      .eq("session_id", run.session_id)
+      .neq("id", runId)
+      .order("created_at", { ascending: false })
+      .limit(1);
+
+    if (prevRuns?.[0]) {
+      const meta = prevRuns[0].metadata as Record<string, unknown> | null;
+      if (meta?.sdk_session_id) {
+        resumeSessionId = meta.sdk_session_id as string;
+      }
+    }
+  }
+
+  executeDetached(runId, agent, run.prompt, resumeSessionId, files, auth.user!.role, auth.user!.email);
+
+  return NextResponse.json({ started: true });
+}

package/templates/app/src/app/api/runs/[id]/stop/route.ts

@@ -0,0 +1,16 @@
+import { NextRequest, NextResponse } from "next/server";
+import { stopRun } from "@/lib/agent-runner";
+
+export async function POST(
+  _req: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  const { id: runId } = await params;
+  const stopped = await stopRun(runId);
+
+  if (!stopped) {
+    return NextResponse.json({ error: "Run not found or already stopped" }, { status: 404 });
+  }
+
+  return NextResponse.json({ stopped: true });
+}