claude-code-save/examples/save-state.json at main · andrew-shwetzer/claude-code-save · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
{
  "version": 1,
  "id": "save_1711152000000",
  "timestamp": "2025-03-23T14:30:00.000Z",
  "duration_minutes": 45,
  "project": {
    "slug": "my-app",
    "name": "My App",
    "path": "/Users/me/projects/my-app"
  },
  "cwd": "/Users/me/projects/my-app",
  "save_type": "manual",
  "git": {
    "branch": "feature/auth",
    "last_commit": "a1b2c3d Add login endpoint",
    "dirty_files": 3,
    "uncommitted_summary": [
      "M src/auth.ts",
      "A src/middleware/auth.ts",
      "?? src/auth.test.ts"
    ]
  },
  "intent": "Implementing JWT authentication for the API. Got the login endpoint working with RS256 signing, built the auth middleware, and started on token refresh.",
  "files_modified": [
    {
      "path": "src/auth.ts",
      "action": "modified",
      "description": "Added JWT token generation with RS256, login endpoint handler"
    },
    {
      "path": "src/middleware/auth.ts",
      "action": "created",
      "description": "Auth middleware that validates JWT on protected routes"
    },
    {
      "path": "src/auth.test.ts",
      "action": "created",
      "description": "Started unit tests for token validation (incomplete)"
    }
  ],
  "decisions": [
    "Used RS256 over HS256 for JWT signing because we need key rotation support without redeploying",
    "Put auth middleware in its own file rather than inline to keep route handlers clean"
  ],
  "next_steps": [
    "Implement the refresh token endpoint in src/auth.ts (rotation strategy: single-use refresh tokens)",
    "Finish the unit tests in src/auth.test.ts (need: expired token, invalid signature, missing header cases)",
    "Add rate limiting to the login endpoint (looked at express-rate-limit, seems like the right choice)",
    "Update the API docs in docs/auth.md with the new Authorization header format"
  ],
  "lessons": [
    {
      "title": "jsonwebtoken RS256 requires PEM format keys",
      "finding": "The jsonwebtoken library silently fails with an unhelpful error when you pass a base64-encoded key instead of PEM format for RS256.",
      "implication": "Always use PEM format for RS256 keys. Add a startup check that validates the key format before accepting requests."
    }
  ],
  "tags": ["auth", "jwt", "api", "security"],
  "machine": "MacBook-Pro",
  "session_id": "abc123def456"
}