by matt1398
The missing DevTools for Claude Code — inspect session logs, tool calls, token usage, subagents, and context window in a visual UI. Free, open source.
# Add to your Claude Code skills
git clone https://github.com/matt1398/claude-devtoolsGuides for using ai agents skills like claude-devtools.
Last scanned: 4/21/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@boundaries/elements: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@electron/rebuild: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@tootallnate/once: @tootallnate/once vulnerable to Incorrect Control Flow Scoping",
"severity": "low"
},
{
"type": "npm-audit",
"message": "app-builder-lib: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "cacache: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "dmg-builder: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "electron-builder: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "electron-builder-squirrel-windows: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "electron-vite: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "esbuild: esbuild enables any website to send any requests to the development server and read the response",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "eslint-plugin-boundaries: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "eslint-plugin-sonarjs: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "handlebars: Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "http-proxy-agent: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "make-fetch-happen: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "minimatch: minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"severity": "high"
},
{
"type": "npm-audit",
"message": "node-gyp: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "tar: node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal",
"severity": "high"
},
{
"type": "npm-audit",
"message": "vite: Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling",
"severity": "medium"
}
],
"status": "FAILED",
"scannedAt": "2026-04-21T06:05:31.457Z",
"semgrepRan": false,
"npmAuditRan": true,
"pipAuditRan": true
}Claude Code started hiding what it does.
Since v2.1.20, Claude Code replaced detailed output with opaque summaries. Read 3 files. Searched for 1 pattern. Edited 2 files. No file paths. No content. No line numbers. The community backlash was immediate.
But the problem goes deeper than collapsed file paths:
The only workaround is --verbose, which dumps raw JSON, internal system prompts, and thousands of lines of noise. There is no middle ground.
claude-devtools is the debugging tool for Claude Code. It reads the Claude Code logs and session transcripts already saved to ~/.claude/ on your machine, and reconstructs everything.
| What the terminal hides | What claude-devtools shows |
|------------------------|---------------------------|
| Read 3 files | Exact file paths, syntax-highlighted content with line numbers |
| Searched for 1 pattern | The regex pattern, every matching file, matched lines |
| | Inline diffs with added/removed highlighting |
| Three-segment context bar | Per-turn token attribution across 7 categories with compaction visualization |
| Collapsed subagent output | Full execution trees per agent with tool traces, tokens, duration, cost |
| Nothing about thinking | Extended thinking content, fully visible |
| JSON dump | Structured, filterable, navigable interface — no noise |
No comments yet. Be the first to share your thoughts!
Based on votes and bookmarks from developers who liked this skill
Edited 2 files--verboseZero configuration. No API keys. No wrappers. Works with every session you've ever run.
brew install --cask claude-devtools
| Platform | Download | Notes |
|----------|----------|-------|
| macOS (Apple Silicon) | .dmg | Download the arm64 asset. Drag to Applications. On first launch: right-click → Open |
| macOS (Intel) | .dmg | Download the x64 asset. Drag to Applications. On first launch: right-click → Open |
| Linux | .AppImage / .deb / .rpm / .pacman | Choose the package format for your distro |
| Windows | .exe | Standard installer. May trigger SmartScreen — click "More info" → "Run anyway" |
| Docker | docker compose up | Open http://localhost:3456. See Docker deployment |
Per-turn token attribution across 7 categories — CLAUDE.md (global, project, directory), skills, @-mentioned files, tool I/O, thinking, team overhead, user text. See exactly what's in the context window at any point.
See the moment your context hits the limit. Visualizes how context fills, compresses, and refills — so you know exactly what was lost.
System notifications for .env access, tool errors, high token usage, and custom regex patterns on any field.
Every tool call expanded with specialized viewers — syntax-highlighted Read calls, inline Edit diffs, Bash output, and full subagent trees.
Isolated execution trees per agent with tool traces, token metrics, duration, and cost. Nested agents render recursively.
Inspect sessions on any remote machine over SSH. Reads ~/.ssh/config, supports agent forwarding and key auth.
Cmd+K for cross-session search. Open multiple sessions side-by-side with drag-and-drop tabs.
claude-devtools does not wrap, modify, or interfere with Claude Code. It reads session logs that already exist on your machine. Works with sessions from the terminal, IDEs, or any tool that uses Claude Code.
Run without Electron — in Docker, on a remote server, or anywhere Node.js runs.
docker compose up
# Open http://localhost:3456
Or manually:
docker build -t claude-devtools .
docker run -p 3456:3456 -v ~/.claude:/data/.claude:ro claude-devtools
| Variable | Default | Description |
|----------|---------|-------------|
| CLAUDE_ROOT | ~/.claude | Path to the .claude data directory |
| HOST | 0.0.0.0 | Bind address |
| PORT | 3456 | Listen port |
The standalone server has zero outbound network calls. For maximum isolation: docker run --network none -p 3456:3456 -v ~/.claude:/data/.claude:ro claude-devtools. See SECURITY.md.
Prerequisites: Node.js 20+, pnpm 10+
git clone https://github.com/matt1398/claude-devtools.git
cd claude-devtools
pnpm install
pnpm dev
| Command | Description |
|---------|-------------|
| pnpm dev | Development with hot reload |
| pnpm build | Production build |
| pnpm typecheck | TypeScript type checking |
| pnpm test | Run all tests |
| pnpm check | Full quality gate (types + lint + test + build) |
See CONTRIBUTING.md for guidelines. Please read our Code of Conduct.
IPC handlers validate all inputs with strict path containment checks. File reads are constrained to the project root and ~/.claude. See SECURITY.md.