What did Claude touch? A zero-dependency Claude Code skill that shows exactly what happened in your session — blast radius score, interactive file tree, heatmap, sensitive file alerts, scope drift warnings, and web activity tracking.
Terminal (/session-map) |
HTML (/session-map --html or --live) |
|---|---|
![]() |
![]() |
npx skills add whitzhu/session-mapOr manually:
mkdir -p ~/.claude/skills/session-map
curl -fsSL https://raw.githubusercontent.com/whitzhu/session-map/main/SKILL.md \
-o ~/.claude/skills/session-map/SKILL.md
mkdir -p ~/.claude/skills/session-map/scripts
curl -fsSL https://raw.githubusercontent.com/whitzhu/session-map/main/scripts/session-map.py \
-o ~/.claude/skills/session-map/scripts/session-map.py
curl -fsSL https://raw.githubusercontent.com/whitzhu/session-map/main/scripts/template.html \
-o ~/.claude/skills/session-map/scripts/template.htmlIn any Claude Code session:
/session-map # Terminal report (default)
/session-map --html # Interactive HTML report in browser
/session-map --live # Live dashboard — auto-refreshes as Claude works
/session-map --live --timeout 0 # Live mode, never auto-shutdown (overnight sessions)
/session-map --scope src/ # Flag files outside src/
Quick inline report right in your Claude session. Shows blast radius, file tree, sensitive file alerts, scope drift, web activity, and tool breakdown.
Interactive report that opens in your browser. --html generates a static snapshot; --live starts a local server that auto-refreshes as Claude works (keep it on another monitor).
Blast radius, scope issues, and file tree — see what was touched, with scope drift (purple sidebar) and activity bars:
Web activity and treemap heatmap — block size = activity level, color = operation type. Click directories to zoom in:
Tool breakdown — which tools Claude used and how often:
Git activity — commits made during the session and uncommitted changes:
Footer — summary stats:
- Treemap heatmap — color-coded by operation type (modified/created/deleted/read-only/sensitive). Click directories to zoom in.
- Collapsible file tree — files sorted by activity, with inline edit/read bars. Purple sidebar = scope drift, pink sidebar = sensitive file.
- Open in editor — click the arrow on any file to open it in VS Code, Cursor, Zed, Sublime, IntelliJ, or copy the path. Choice is saved in localStorage.
- Scope drift & sensitive file alerts — click any alert to jump to the file in the tree. Press Escape or click again to unhighlight.
- Git activity — commits during the session with diffstat, plus uncommitted changes.
- Web activity — URLs accessed via WebFetch, WebSearch, and bash commands.
- Green "Live" indicator — shows connection status and human-readable time since last update.
- Auto-refreshes via Server-Sent Events when the session file changes (~1s latency).
- Server stays alive — watcher pauses after inactivity but server keeps running. Page never dies.
- Reconnect button — if server stops, page degrades to static snapshot with a Reconnect button.
- Server reuse — running
/session-map --liveagain reuses the existing server. - DNS rebinding protection — Host header validation on all requests.
| Indicator | Meaning |
|---|---|
| Green dot, "Live" | Connected, receiving updates |
| Grey text, "Updated 2min 30s ago" | Connected, waiting for changes |
| Yellow dot, "Reconnecting..." | Server unreachable, retrying (3 attempts) |
| Grey dot, "Stopped" + Reconnect button | Server gone, page preserved as static snapshot |
- Did Claude touch files it shouldn't? — sensitive file alerts (
.env,*.key,*.pem), scope drift warnings - How much did it change? — blast radius score (1-10), edit/read counts per file
- What websites did it access? — full URLs from WebFetch, WebSearch, and bash
curl/wgetcommands - Where did it work? — file tree grouped by directory, treemap heatmap
- What did it commit? — git commits during the session with diffstat
The skill runs a Python 3 script that:
- Finds the most recent Claude Code session JSONL for your working directory
- Parses tool calls: Read, Write, Edit, Glob, Grep, Bash, WebFetch, WebSearch
- Extracts file paths from bash commands (redirects,
rm,cp,mv,tee,curl -o) - Extracts URLs from bash commands (
curl,wget, etc.) - Calculates blast radius based on files touched vs. project size
- Detects sensitive files and scope drift
- Collects git commits and uncommitted changes since session start
- Renders the report (terminal, HTML, or live server)
Zero dependencies. No npm, no Bun, no build step. Just Python 3 (pre-installed on macOS and Linux) and a D3.js CDN load for the treemap.
| Source | Tracked as |
|---|---|
Read, Glob, Grep |
File read |
Write (new file) |
File create |
Write (existing), Edit, MultiEdit |
File write |
Bash: > /path, tee, curl -o, cp/mv dst |
File write |
Bash: rm /path |
File delete |
Bash: any /path argument |
File read (fallback) |
Bash: curl https://... |
Web request |
WebFetch |
Web request |
WebSearch |
Web search |
- Script-internal writes:
bun run script.tsmay write files not visible in the session log - Obfuscated commands:
python3 -c "open('/tmp/.x','w').write(secret)"bypasses string parsing - Ghost writes: Files written via Bash that are never read back don't appear
These are inherent limitations of session-log parsing. Filesystem-level monitoring is out of scope.
.env, .env.*, *.key, *.pem, *.p12, *.pfx, *.secret, credentials, secrets/, private/, .ssh/, payment/, billing/, config/secrets
- Python 3 (pre-installed on macOS since Catalina and most Linux distributions)
- Claude Code
MIT






