Verify Claude Code cwd metadata comes from JSONL body

[luoyuctl]

Background

#102 tracks local multi-agent observability as radar. One comment raised a source-specific correctness risk that is narrow enough to route without turning agenttrace into a live dashboard: Claude Code stores session files under ~/.claude/projects/<encoded-cwd>/<uuid>.jsonl, but that encoded directory name is not a reversible project path. Any parser/report metadata that needs a project cwd should prefer the authoritative cwd value from JSONL records when present.

Evidence

• [Radar] Track local multi-agent observability dashboards as adjacent surface #102 comment describes the concrete failure mode: Claude Code project-directory encoding can collapse /, \, and : into similar path fragments, so deriving a project name or cwd from the directory can mislabel sessions.
• Product read-only check of origin/master at 6fb3917 found Claude JSONL parsing in internal/engine/engine.go and session loading via LoadSession(path).
• Current Session has Name and Path; parseClaudeCodeJSONL(raw) does not expose a structured cwd/project metadata field from JSONL body records.
• The check did not find evidence that agenttrace currently reverse-decodes ~/.claude/projects/<encoded-cwd> into a cwd, so this is a focused correctness/metadata check rather than a confirmed misparse bug.

User value

Users comparing Claude Code sessions across repositories need project/session metadata that does not silently derive from an irreversible encoded path. Correct cwd provenance improves report trust when sessions are grouped, exported, or compared downstream.

Adoption rationale

This keeps Developer experience and Reliability value aligned with local multi-source observability while staying inside agenttrace's completed-session evidence model.

Suggested scope

• Add or verify a minimal Claude Code JSONL fixture where a record includes an authoritative cwd field.
• Ensure parser/session/report metadata uses the JSONL body cwd when a cwd/project field is exposed.
• Ensure no code path attempts to reconstruct cwd by replacing characters in ~/.claude/projects/<encoded-cwd>.
• If agenttrace chooses not to expose cwd metadata yet, add a regression guard or documented parser note proving the encoded directory is not treated as authoritative cwd.

Non-goals

• Do not build a live multi-agent monitor, watcher, or orchestration UI.
• Do not index prompt content by default.
• Do not infer project paths from private logs beyond local fixture-backed metadata.
• Do not claim Antigravity, Qwen export, or other new source support.

Acceptance criteria

• A test fixture covers a Claude Code JSONL session whose file path has an encoded project directory and whose JSONL record has an explicit cwd.
• The test proves any exposed cwd/project metadata comes from the JSONL body, not from encoded path reversal.
• If cwd is not currently exposed, the test or parser note proves encoded path reversal is absent and future exposure must use body metadata.
• Existing go test ./... and relevant CI checks pass.
• Public docs, if touched, use conservative wording and avoid live-dashboard or hosted-observability claims.

Suggested lane

lane/parser, priority/P2, status/ready-for-agent

Risk

Medium. The implementation surface is small, but incorrect project metadata can mislead downstream reports and future multi-agent comparison features.

Source

source/product: Product follow-up from #102, with read-only code inspection on origin/master at 6fb3917.

[luoyuctl]

Event: Evidence
Actor: Product
Scope: #249
State change: none; keep lane/parser,status/ready-for-agent
Evidence: Follow-up on #102 adds two useful acceptance clarifications before implementation starts:

• A Claude Code session may accumulate records with different cwd values after claude --resume from another directory, so the task should define which body cwd is authoritative for exposed session/project metadata, or explicitly document that mixed-cwd sessions are not collapsed into a single inferred cwd.
• The fixture should include an encoded path ambiguity such as a containing directory named D--Alef, where D:\Alef, D:/Alef, and /D/Alef can become wrong-but-plausible if someone tries path reversal.
  Next owner: Parser / Quality
  Acceptance refinement: include either a mixed-cwd/resume fixture or a documented decision for mixed-cwd handling; include an ambiguous encoded directory fixture that proves the implementation does not reverse-decode ~/.claude/projects/<encoded-cwd> as authoritative cwd.
  Guardrail: keep this as parser metadata correctness only; no live monitor, watcher, prompt-content indexing, or new source support.

[luoyuctl]

Event: Handoff
Actor: Product
Scope: #249
State change: none; keep lane/parser,status/ready-for-agent
Handoff to: Parser / Quality
Reason: This is the only current ready-for-agent task and it has a narrow fixture-backed acceptance path from #102.
Expected output: A focused test/fixture or parser note proving Claude Code cwd/project metadata is never derived by reversing ~/.claude/projects/<encoded-cwd>, and that any exposed cwd comes from JSONL body records with an explicit mixed-cwd decision.
Acceptance check: include the ambiguous D--Alef encoded-directory case, include or explicitly decide the mixed-cwd/resume case, and run go test ./... plus relevant parser/report checks.
Context: #102 discussion, internal/engine/engine.go, testdata/claude-code-preamble.jsonl.
Guardrail: Do not add live dashboard behavior, watchers, prompt-content indexing, new parser source claims, or release work from this issue.

[luoyuctl]

Event: Evidence
Actor: Product
Scope: #249
State change: none; keep lane/parser,priority/P2,status/ready-for-agent
Evidence: Additional public documentation supports the existing acceptance boundary:

• Claude Code directory documentation describes project transcripts under projects/<project>/<session>.jsonl: https://code.claude.com/docs/en/claude-directory
• Claude Code token-use documentation explicitly treats the project directory name as a lossy fallback and says it should not be canonical when body cwd is present: https://tokenuse.app/docs/development/tools/claude-code/
  Product interpretation: this reinforces the current requirement that any exposed cwd/project metadata must come from JSONL body evidence, not reverse-decoding ~/.claude/projects/<encoded-cwd>.
  Next owner: Parser / Quality
  Acceptance refinement: no new scope; keep the existing fixture-backed checks for body cwd, ambiguous encoded directory names such as D--Alef, and mixed-cwd/resume handling.
  Guardrail: no live dashboard, watcher, prompt-content indexing, new source support, or public compatibility claim from this evidence.

[luoyuctl]

Event: Evidence
Actor: Product
Scope: #249
State change: none; keep lane/parser,priority/P2,status/ready-for-agent
Evidence: Claude Code official changelog now has cwd-sensitive session behavior in recent releases: v2.1.118 notes that resumed subagents via SendMessage were fixed to restore the explicit cwd they were spawned with, and v2.1.71 notes Task tool resume cwd restoration in worktree isolation. Source: https://code.claude.com/docs/en/changelog
Product interpretation: this reinforces the existing requirement that cwd/project metadata must be event/body-evidence driven. Directory names under ~/.claude/projects/<encoded-cwd> are storage routing hints, not canonical cwd proof.
Next owner: Parser / Quality
Acceptance refinement: no new scope; keep the existing checks for JSONL body cwd, ambiguous encoded directory names such as D--Alef, and mixed-cwd/resume handling.
Guardrail: no live dashboard, watcher, prompt-content indexing, new source support, release work, or public compatibility claim from this evidence.