"How to See Everything Claude Code Does (Audit Trail Hook)"

You close your laptop, come back an hour later, and Claude Code has made 200 tool calls. Which files did it touch? What commands did it run? Did it read your .env ? There's no built-in way to answer these questions. Claude Code doesn't keep a structured log of what it did. session-log fixes that. It's a PostToolUse hook that appends one JSON line per tool call to a daily log file. Every Read, Write, Edit, Bash, Grep, and WebSearch call gets recorded with a timestamp and the key parameter. What it captures Each entry is one line of JSON: { "ts" : "2026-03-07T22:15:00Z" , "session" : "abc123" , "tool" : "Read" , "detail" : "/src/main.rs" , "cwd" : "/project" } { "ts" : "2026-03-07T22:15:01Z" , "session" : "abc123" , "tool" : "Bash" , "detail" : "cargo test" , "cwd" : "/project" } { "ts" : "2026-03-07T22:15:05Z" , "session" : "abc123" , "tool" : "Write" , "detail" : "/src/lib.rs" , "cwd" : "/project" } Fields: ts -- UTC timestamp session -- session identifier (groups tool calls by session