DEV Community

Yurukusa
Yurukusa

Posted on

What My AI Did While I Slept: Building an Audit Log for Autonomous Claude Code

#ai #claudecode #productivity #opensource

I run Claude Code autonomously. It works while I sleep. When I wake up, the question is always the same: "What did it actually do?"

Session transcripts are JSONL files. Some are over 1GB. Nobody reads those. They just accumulate.

So I built a tool that reads them for you.

The Tool 

npx cc-audit-log
Enter fullscreen mode Exit fullscreen mode

It scans your ~/.claude/projects/ directory, parses session transcripts, and generates a human-readable audit trail.

What It Shows

Here's what my AI did during a 4-hour session yesterday:

  ? Session: 2026-02-27 11:47 ? 15:44 (3h 56m)
    Project: nursery-shift  |  7.1MB transcript

  ? Summary
    Tool calls:     201
    Files created:  4
    Files modified: 6
    Files read:     18
    Bash commands:  44
    Git commits:    1

  ? Key Actions
    11:48  T Spawned agent: Explore codebase
    11:51  + Created src/nr_supply.py
    11:51  $ Syntax check nr_supply.py
    11:53  + Created src/shift_milp.py
    11:54  ~ Modified src/scheduler.py
    11:55  ~ Modified src/schedule_optimizer.py
    12:10  G Git commit
    ...

  ? Risk Flags
    None detected
Enter fullscreen mode Exit fullscreen mode

201 tool calls. 4 new files. 44 bash commands. In one session. While I was doing something else.

Why This Matters

If you're running Claude Code autonomously - letting it work on tasks while you're away - you need to know what it did. Not in a 1GB JSONL file. In 30 lines.

The tool extracts:

  • File operations: What was created, modified, read
  • Commands: What bash commands ran
  • Git activity: Commits, pushes
  • Subagent spawns: When it launched helper agents
  • Risk flags: Force pushes, recursive deletes, sudo, npm publish

Risk Detection

The audit automatically flags concerning patterns:

Pattern Flag
rm -rf Recursive delete
git push --force Force push
git reset --hard Hard reset
sudo Sudo command
curl -X POST HTTP POST request
npm publish npm publish

If your AI ran rm -rf at 3am, you'll know.

Usage 

# Most recent session
npx cc-audit-log

# Everything from today
npx cc-audit-log --today

# Specific date
npx cc-audit-log --date 2026-02-27

# Last 5 sessions
npx cc-audit-log --last 5
Enter fullscreen mode Exit fullscreen mode

The Monitoring Stack

This is part of the cc-toolkit:

Tool Question
cc-health-check Is my AI setup safe?
cc-session-stats How much am I using AI?
cc-audit-log What did my AI do?
cc-cost-check How much is my AI costing me?

Together: setup safety + usage patterns + action audit + cost visibility. The full picture.

Zero Dependencies

All four tools: zero npm dependencies. No data leaves your machine. They read local files and print to stdout.

Try It 

npx cc-audit-log
Enter fullscreen mode Exit fullscreen mode

GitHub: github.com/yurukusa/cc-audit-log

What did your AI do while you weren't watching?

I run Claude Code 24/7 on WSL2 and document everything - including building the tools to document it. This is the third in a trilogy of monitoring tools born from the question "what is my AI actually doing?"

More tools: Dev Toolkit - 56 free browser-based tools for developers. JSON, regex, colors, CSS, SQL, and more. All single HTML files, no signup.

Top comments (0)