Add checkpoint viewer prototype

[gtrrz-victor]

What this does

This adds a lightweight checkpoint viewer prototype — a single Go binary (stdlib only) that serves a local web dashboard for inspecting checkpoint and session data stored in git.

It's meant as a debugging aid while developing, so you can quickly see what's being tracked without digging through git branches manually.

Features

• Three tabs: Tracked Sessions, Checkpoints, and Shadow Branches
• Branch-scoped checkpoints: only shows commits on your current branch (not all history)
• Worktree-filtered shadow branches: only shows shadow branches relevant to your working directory
• Inline file browser: click any file (transcripts, prompts, context) to view its content directly
• Auto-refresh: polls every 3 seconds, dark theme, expandable cards with full metadata

Screenshots

Tracked Sessions

Lists session state files from .git/entire-sessions/, sorted by phase (active, idle, ended).

Session Detail

Expanding a session shows all stored fields — token usage, files touched, prompt attributions, and more.

Checkpoints

Only commits from the current branch are shown (uses git log main..HEAD).

Checkpoint Detail

Expanding a checkpoint shows root metadata, per-session metadata, token usage, attribution, and file paths.

Inline Blob Viewer

Clicking a file in the file browser loads its content inline — handy for reading transcripts or prompts.

How to run

cd prototype
go run main.go
# → Listening on http://localhost:8080

Should be run from within a git repository with Entire enabled.

Test plan

• cd prototype && go run main.go builds and starts correctly
• Tracked Sessions tab shows session state files from .git/entire-sessions/
• Checkpoints tab only shows commits on the current branch
• Shadow Branches tab only shows branches for the current worktree
• Expanding a checkpoint and clicking a file loads its content inline

🤖 Generated with Claude Code

[cursor]

PR Summary

Medium Risk
Adds a new local HTTP server that shells out to git and serves raw repository metadata/blobs; main risk is exposing unintended file content via the blob endpoints or mishandling path sanitization, though it is a prototype scoped to local use.

Overview
Adds a new prototype/ checkpoint viewer: a single-stdlib Go HTTP server with an embedded HTML UI to browse tracked sessions, checkpoint metadata and shadow branches, including inline file/blob viewing from entire/checkpoints/v1 and auto-refreshing the dashboard every 3 seconds.

Also simplifies CLI shutdown handling in cmd/entire/main.go by replacing the custom signal channel/cancel goroutine with signal.NotifyContext for interrupt-driven context cancellation.

^{Written by Cursor Bugbot for commit 2719db6. Configure here.}

[Copilot]

Pull request overview

This PR adds a standalone web dashboard for debugging checkpoint and session data, plus a minor refactoring of signal handling in the main CLI.

Changes:

• Adds a prototype checkpoint viewer web dashboard as a separate Go binary (stdlib only)
• Implements three-tab UI (Tracked Sessions, Checkpoints, Shadow Branches) with auto-refresh
• Refactors main CLI signal handling to use signal.NotifyContext (Go 1.16+ idiom)

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 9 comments.

Show a summary per file

File	Description
prototype/main.go	New single-file web server implementing REST API for checkpoint/session data inspection with concurrent fetching and git operations
prototype/index.html	New single-page web UI with dark theme, expandable cards, inline file browser, and raw JSON viewer
prototype/go.mod	New Go module definition for standalone prototype tool
prototype/.gitignore	Ignores built binary
cmd/entire/main.go	Refactors signal handling to use signal.NotifyContext instead of manual channel setup

[Copilot]

The path traversal check using strings.Contains(path, "..") is insufficient. An attacker could potentially bypass this with URL-encoded sequences like %2e%2e or other variations. Consider using filepath.Clean and checking if the cleaned path starts with an expected prefix, or validate against a whitelist of allowed characters. Additionally, since branch names are user-controlled input passed to git commands, consider validating that branch names match expected patterns (e.g., refs/heads/entire/*) to prevent potential command injection.

[Copilot]

The path traversal check using strings.Contains(path, "..") is insufficient. An attacker could potentially bypass this with URL-encoded sequences like %2e%2e or other variations. Consider using filepath.Clean and checking if the cleaned path starts with an expected prefix, or validate against a whitelist of allowed characters. Additionally, since branch names are user-controlled input passed to git commands, consider validating that branch names match expected patterns (e.g., refs/heads/entire/*) to prevent potential command injection.

[Copilot]

The path traversal check using strings.Contains(path, "..") is insufficient. An attacker could potentially bypass this with URL-encoded sequences like %2e%2e or other variations. Consider using filepath.Clean and checking if the cleaned path starts with an expected prefix, or validate against a whitelist of allowed characters. Additionally, since branch names are user-controlled input passed to git commands, consider validating that branch names match expected patterns (e.g., refs/heads/entire/*) to prevent potential command injection.

[Copilot]

The return value of w.Write should be checked or explicitly ignored. While this is a minor issue in an HTTP handler (write errors are typically logged by the HTTP server), for consistency with Go best practices, either check the error or use a blank identifier if intentionally ignoring.

Suggested change

	w.Write(data)
	if _, err := w.Write(data); err != nil {
	log.Printf("handleBlob: failed to write response: %v", err)
	}

[Copilot]

The return value of w.Write should be checked or explicitly ignored. While this is a minor issue in an HTTP handler (write errors are typically logged by the HTTP server), for consistency with Go best practices, either check the error or use a blank identifier if intentionally ignoring.

[Copilot]

The return value of w.Write should be checked or explicitly ignored. While this is a minor issue in an HTTP handler (write errors are typically logged by the HTTP server), for consistency with Go best practices, either check the error or use a blank identifier if intentionally ignoring.

[Copilot]

The return value of w.Write should be checked or explicitly ignored. While this is a minor issue in an HTTP handler (write errors are typically logged by the HTTP server), for consistency with Go best practices, either check the error or use a blank identifier if intentionally ignoring.

Suggested change

	w.Write(data)
	if _, err := w.Write(data); err != nil {
	log.Printf("error writing index.html response: %v", err)
	return
	}

[Copilot]

The HTTP server lacks timeout configurations which could make it vulnerable to slowloris-style attacks or resource exhaustion. Consider setting ReadTimeout, WriteTimeout, and IdleTimeout on the http.Server. For a local debugging tool this is low priority, but it's a best practice. Example: srv := &http.Server{Addr: addr, ReadTimeout: 30time.Second, WriteTimeout: 30time.Second, IdleTimeout: 120*time.Second}; log.Fatal(srv.ListenAndServe())

[Copilot]

Consider adding a README.md in the prototype directory to document what this tool is, how to build and run it, and its intended purpose. This would help other developers understand the tool and how to use it for debugging checkpoint data. The PR description provides a good starting point for this documentation.