gate-auditlisted

Mine Claude Code session logs for bash commands getting incorrect permission decisions. Find read-only commands that return "ask" when they should be "allow", unknown commands that need gates, and false categorizations. Triggers include "audit gates", "find missing gates", "edge cases", "false ask", "mine sessions".
camjac251/tool-gates · ★ 4 · AI & Automation · score 63

Install: claude install-skill camjac251/tool-gates

# Gate Audit Analyze Claude Code session logs to find bash commands getting incorrect permission decisions from tool-gates. ## Session File Locations Session transcripts live at: ``` ~/.claude/projects/<encoded-path>/<session-uuid>.jsonl ~/.claude/projects/<encoded-path>/<session-uuid>/subagents/agent-<id>.jsonl ``` The path is encoded by replacing all non-alphanumeric chars with `-` (lossy: hyphens in the original path also become `-`). ### JSONL Bash extraction Assistant entries contain tool calls in `.message.content[]` as `{"type": "tool_use", "name": "Bash", "input": {"command": "..."}}`. The jq filter used throughout this skill: ``` select(.type == "assistant") | .message.content[]? | select(.type == "tool_use" and .name == "Bash") | .input.command ``` ## Workflow ### 1. Resolve target project If `$ARGUMENTS` is provided, use it. Accept either: - A full path (e.g., `/home/user/projects/myapp`) - An already-encoded name (e.g., `-home-user-projects-myapp`) Convert paths to encoded form by replacing non-alphanumeric chars with `-`. If no argument, ask which project to audit. Verify the session directory exists: ```bash eza ~/.claude/projects/<encoded-path>/ ``` ### 2. Extract all unique bash commands Extract from ALL session files including subagents: ```bash fd -e jsonl . ~/.claude/projects/<encoded-path>/ -x \ jq -r 'select(.type == "assistant") | .message.content[]? | select(.type == "tool_use" and .name == "Bash") | .input.command' {} 2>/dev/