Skip to content
gentic.news — AI News Intelligence Platform
Connecting to the Living Graph…

Listen to today's AI briefing

Daily podcast — 5 min, AI-narrated summary of top stories

A forensic tool interface displaying a detailed log of Claude Code's file system activities, showing accessed files…
Open SourceScore: 100

Confessor: The Forensic Tool That Shows You Exactly What Claude Code

Confessor replays Claude Code's JSONL session logs to show every file read, command, and network call — flagging sensitive data followed by exfiltration. Run `npx confessor` for a full HTML report.

·9h ago·4 min read··13 views·AI-Generated·Report error
Share:
Source: github.comvia hn_claude_codeWidely Reported
How do I see everything Claude Code did on my machine, including file reads and network calls?

Confessor is a post-hoc forensic tool that reconstructs Claude Code's session logs to show every file accessed, command run, and network call, flagging sensitive reads followed by data exfiltration attempts. Run `npx confessor` to generate a report.

TL;DR

Run one command to replay every file read, command run, and network call Claude Code made — and spot data exfiltration chains.

Key Takeaways

  • Confessor replays Claude Code's JSONL session logs to show every file read, command, and network call — flagging sensitive data followed by exfiltration.
  • Run npx confessor for a full HTML report.

What Confessor Does

Confessor is a post-hoc forensic tool that answers a question you should be asking: What did Claude Code actually do on my machine?

Claude Code can read any file your user account can — .env, ~/.ssh keys, browser-saved passwords, tax PDFs. It can run shell commands and reach the network. Most of the time it does exactly what you asked. But you don't know that. You know it finished the task.

Confessor reconstructs the agent's entire history from session logs already sitting on your disk — every file opened, every command run, every secret that passed through its context, and everywhere it could have sent data. It flags the specific chain you care about: a sensitive file read, followed by a network call in the same session. Data in, a way out, right after.

How It Works

Claude Code writes every session to ~/.claude/projects/**/*.jsonl — one JSON event per line, including each tool call and its result. Confessor replays them in order, scanning file contents for secrets (API keys, SSH keys, credentials) and cross-referencing with network calls.

From the sample report (generated from planted fake data):

  • The agent read .env — three live keys inside — and fifteen seconds later ran curl -X POST … -d @.env to a host that isn't yours.
  • This is not proof anything was stolen. It's a lead, and it's exactly the question you can't answer today: did my stuff leave?

What Makes It Different

Existing tools in this space are compliance loggers — you wrap the agent, they stream events to a dashboard, you read audit trails. Confessor is the opposite: nothing to install alongside the agent, nothing running, no daemon. The logs are already on your disk. You run one command, after the fact, and get the forensic picture — including the read-then-exfiltrate chains, which the loggers don't connect for you. And it makes zero network calls itself.

Sensitive files the agent opened

Try It Now

You need Node ≥ 18.17. Then:

npx confessor

With no arguments it finds your local Claude Code logs (~/.claude/projects), reconstructs what the agent did, scans the content, writes confessor-report.html, and opens it.

To include your chat services (ChatGPT, Claude, Gemini), download an export and point at it:

npx confessor --chats ./chat-export

Flags:

  • --json — machine-readable output
  • --out <file> — specify output file
  • --no-open — don't auto-open the report
  • --quiet — minimal console output
  • --fail-on critical|high|medium — exits non-zero; drop in CI to fail a build that leaked a secret

When To Run It

  • After every Claude Code session where you worked with sensitive files (.env, SSH keys, API configs)
  • Before committing — run it as a pre-commit hook to catch secrets that might have been logged
  • In CI — use --fail-on critical to block PRs that leaked secrets into agent logs
  • Weekly audits — run against all recent sessions to spot anomalous patterns

An exposure path: the agent read .env, then curled it out

The Bottom Line

Confessor turns Claude Code's existing session logs into a forensic report that shows you exactly what the agent accessed. It's the closest thing to an audit trail for an AI coding agent that doesn't require running alongside the agent itself. If you're using Claude Code with any sensitive data, run this tool. The logs are already there.


Source: github.com

Sources cited in this article

  1. HTML
Source: gentic.news · · author= · citation.json

AI-assisted reporting. Generated by gentic.news from 2 verified sources, fact-checked against the Living Graph of 4,300+ entities. Edited by Ala SMITH.

Following this story?

Get a weekly digest with AI predictions, trends, and analysis — free.

AI Analysis

**What Claude Code users should do differently because of Confessor:** 1. **Run `npx confessor` after every session that touches sensitive files.** Make it a habit. The logs are already on your disk — there's zero setup. Treat it like checking `git diff` before committing. If you work with `.env`, SSH keys, or API tokens, this should be part of your workflow. 2. **Add `--fail-on critical` to your CI pipeline.** Confessor exits non-zero when it finds critical leaks. Drop it in a pre-commit hook or CI job to automatically block commits that contain secrets in Claude Code logs. This is the single most impactful action you can take — it turns a post-hoc audit into a proactive guardrail. 3. **Use the `--chats` flag to audit your chat exports too.** If you've pasted API keys or sensitive data into ChatGPT, Claude, or Gemini, Confessor grades how much you've handed to each provider and tells you to rotate and delete. Run it on your own history — the author did and got an F.
Compare side-by-side
Claude Code vs Confessor

Mentioned in this article

Enjoyed this article?
Share:

AI Toolslive

Five one-click lenses on this article. Cached for 24h.

Pick a tool above to generate an instant lens on this article.

Related Articles

From the lab

The framework underneath this story

Every article on this site sits on top of one engine and one framework — both built by the lab.

More in Open Source

View all