← c12c12 / wf1 - Inventory Deep Dive / Inventory / Sessions / Detail
Qpoint
QI
Inventory /Sessions/sess_01XFa9q...

Sessions Detail

A session detail page should read like one coherent execution story: who ran it, what it touched, where it went, and why it deserves review now.

The detail page should keep identity, touchpoints, and sequence close together so the reviewer can understand the session before dropping into every raw turn row.

Use This Page When Asking

Why does this run deserve attention now, and what exactly made it cross from routine into consequential?

Open c6 raw detail

Duration

58m

Long enough to accumulate context

Tool calls

84

Dense enough to matter

Sensitive files

2

Auth-adjacent paths

Outbound paths

2

One expected, one weaker fit

Why This Detail Matters

This detail should make one sessions story readable end to end before the reviewer drops into raw evidence tables.

Important Metadata

Identity should become clear before relationship context and sequence take over.

User

alice@company.com

acct_01Abc...

Agent

Claude Code v1.2.0

Node.js v22.1.0

Endpoint

alice-mbp.local

developer machine

Working Directory

/Users/alice/projects/api-refactor

API Key

sk-ant-...A3F2

shared org key

Status

ended

58m 44s

What This Detail Should Help Decide

The page should leave the reviewer with a concrete next move, not just more context.

Verify whether the shared key use was expected

The page should make it obvious when attribution is weakened by shared credentials even if the user is known.

Confirm the endpoint story before dismissing the run

If the host is weakly classified, the session should stay elevated even when the activity looks routine.

Replay the outbound segment only after the story is framed

The raw timeline remains useful, but the page should point to it after identity and context are understood.

Cost And Usage Shape

Session economics should be visible, but interpreted as part of work shape. Cost alone is not why this run matters; it matters because the spend sits beside sensitive context, dense tooling, and boundary crossings.

Use economics to understand work shape, not just spend.

Spend Pulse

The run grows more expensive as the work deepens

The c6 turn sample shows cost stepping up across the session rather than staying flat. That makes the spend a clue about changing work intensity, not just a billing number.

Token And Turn Density

Long enough and dense enough to accumulate real context

Fifty-eight minutes, thirty-one turns, and eighty-four tool calls suggest a session that built and reused substantial working context over time.

Interpretation

Economic weight should confirm consequence, not define it

This session deserves review because cost, auth-adjacent files, and outbound activity show up together. If the cost were isolated from those other signals, it would be much less important.

Session-Centered Topology

A session map should show who initiated it, what stack it ran on, and what it touched.

Useful per session: actor chain, execution context, touched assets, outbound calls, and the posture signals that make this session normal or suspicious.

Session

alice@company.com · active session

Claude Code v1.2.0 on alice-mbp.local using claude-sonnet-4-6 with sk-ant-...A3F2.

14m live · 8 turns · $0.43

Touched capabilities

filesystem · github · web-search

Files in scope

3 files · 1 sensitive

Outbound edges

2 hosts

Current posture

active · within normal band

Actor Chain

The primary “who ran this?” questions.

3 nodes
alice@company.comuser
Claude Code v1.2.0agent
alice-mbp.localendpoint

Execution Stack

The core runtime dependencies.

3 nodes
claude-sonnet-4-6model
sk-ant-...A3F2api key
filesystem MCPtool path

Touched Assets

What the session read or changed.

3 nodes
/src/auth.tsread
/src/routes.tsedited
api.github.comoutbound call

Risk Lens

What deserves review before drilling deeper.

3 nodes
sensitive file heuristicmatched auth.ts
cost slopestable
alert statenone open

Representative Event Chain

The page should show how the item participates in a readable sequence, not just a pile of supporting rows.

4 steps
  1. 1

    Start

    Known user opens a shared execution lane

    The session begins with a known operator on a developer endpoint using a credential lane shared with other work.

    alice@company.comalice-mbp.localsk-ant-...A3F2
  2. 2

    Context build

    File and tool activity concentrate around auth code

    Repeated file reads and edits move the session out of the background and into a sensitive company context cluster.

    /src/auth.ts.envfilesystem MCP
  3. 3

    Boundary hinge

    Outbound traffic appears after sensitive context is in scope

    The session becomes materially interesting when model traffic and secondary calls follow the sensitive file work in the same timeline.

    api.anthropic.comapi.github.com
  4. 4

    Next read

    Reviewer pivots into turns or related entities

    Once the story is clear, the raw turn ledger and connected entity pages become verification tools rather than the primary explanation.

    turn timelinekey detailendpoint detail

c6 Evidence Tables

These are verification surfaces after the story is understood, not the first read.

Turn Timeline

Model, token, tool, and latency sequence.

#ModelCostToolsLatency
1claude-sonnet-4-6$0.142980ms
18claude-sonnet-4-6$0.2641,380ms
31claude-sonnet-4-6$0.340700ms

Files And Calls

The c6 detail pairs accessed files and outbound destinations.

EvidenceKindCountPosture
/Users/alice/projects/api-refactor/.envfile read2sensitive
/Users/alice/projects/api-refactor/src/auth.tsfile edit5important
api.github.comsecondary call1expected

Return To Category

Compare this representative detail against the full category framing and drill targets.

Open Sessions overview

Open c6 Raw Detail

Use the original detail page for exact raw evidence after the c12 story framing.

Open c6 raw detail

Open c6 Raw List

Compare this item against the broader c6 entity ledger once the representative story is clear.

Open c6 raw list