session-search
Session Search & Retrieval
Multiple ways to search and retrieve past session data, from high-level plugin tools to raw database queries. Pick the right approach based on what you need.
Decision Tree
Need conversation content from a specific session?
→ session_get (compressed, structured)
Need to browse/filter sessions by title?
→ session_list (quick metadata scan)
Need to search INSIDE message content across sessions?
→ grep/ripgrep on legacy JSON, or SQL LIKE on messages table
Need to find sessions by semantic meaning (not exact keyword)?
→ lss over the storage directory
Need cost/token stats or complex joins?
→ Direct SQLite queries
Need to check what's running right now?
→ REST API: GET /session/status
1. Plugin Tools (Recommended First Choice)
Two tools provided by kortix-sys-oc-plugin (the unified Kortix system plugin).
session_list
Browse sessions with metadata. No content, just IDs/titles/timestamps/stats.
session_list() # 20 most recent
session_list({ search: "auth" }) # filter by title
session_list({ limit: 50 }) # more results
Returns per session: ID (ses_*), title, created/updated timestamps, file change stats (files/additions/deletions), parent ID if subtask, plus storage paths for raw access.
session_get
Retrieve a session's full conversation, compressed via TTC bear-1.2.
session_get({ session_id: "ses_abc123" }) # default aggressiveness 0.3
session_get({ session_id: "ses_abc123", aggressiveness: 0.1 }) # light, most detail kept
session_get({ session_id: "ses_abc123", aggressiveness: 0.7 }) # heavy, just the essence
| Aggressiveness | Token reduction | When to use |
|---|---|---|
| 0.1 | ~10% | Recent/important sessions, need full detail |
| 0.3 | ~16% | Default — balanced |
| 0.5 | ~22% | Older sessions, broad strokes |
| 0.7+ | ~31%+ | Scanning many sessions, just need the gist |
Returns: metadata header (never compressed) + compressed conversation + tool call summaries + compression stats.
Requires TTC_API_KEY env var. If missing, returns uncompressed.
2. Raw SQLite Queries
The authoritative data store. Best for complex queries, aggregations, cost analysis.
Database: /workspace/.local/share/opencode/opencode.db
Common Queries
# List recent sessions
sqlite3 /workspace/.local/share/opencode/opencode.db \
"SELECT id, title, created_at FROM session ORDER BY created_at DESC LIMIT 10;"
# Find sessions by title keyword
sqlite3 /workspace/.local/share/opencode/opencode.db \
"SELECT id, title FROM session WHERE title LIKE '%auth%';"
# Session cost summary (most expensive first)
sqlite3 /workspace/.local/share/opencode/opencode.db \
"SELECT m.session_id, s.title, SUM(m.cost) as total_cost
FROM message m JOIN session s ON m.session_id = s.id
GROUP BY m.session_id ORDER BY total_cost DESC LIMIT 10;"
# Find sessions with the most tool calls
sqlite3 /workspace/.local/share/opencode/opencode.db \
"SELECT m.session_id, s.title, COUNT(*) as tool_count
FROM part p JOIN message m ON p.message_id = m.id JOIN session s ON m.session_id = s.id
WHERE p.type = 'tool'
GROUP BY m.session_id ORDER BY tool_count DESC LIMIT 10;"
# Total tokens used per session
sqlite3 /workspace/.local/share/opencode/opencode.db \
"SELECT session_id, s.title, SUM(tokens) as total_tokens
FROM message m JOIN session s ON m.session_id = s.id
GROUP BY session_id ORDER BY total_tokens DESC LIMIT 10;"
# Find sessions that modified a specific file
sqlite3 /workspace/.local/share/opencode/opencode.db \
"SELECT DISTINCT m.session_id, s.title
FROM part p JOIN message m ON p.message_id = m.id JOIN session s ON m.session_id = s.id
WHERE p.type = 'tool' AND p.tool = 'Write' AND p.input LIKE '%session.ts%';"
Tip: Always use read-only mode when exploring: sqlite3 -readonly /workspace/.local/share/opencode/opencode.db
3. REST API
Direct HTTP access to the OpenCode session API. Use via Kortix Master proxy (port 8000) or directly (port 4096).
# List all sessions
curl http://localhost:8000/session
# Get session metadata
curl http://localhost:8000/session/SESSION_ID
# Get session messages (raw, uncompressed)
curl http://localhost:8000/session/SESSION_ID/message
# Check what's running right now
curl http://localhost:8000/session/status
# Delete a session
curl -X DELETE http://localhost:8000/session/SESSION_ID
4. Grep/Ripgrep on Legacy JSON
Best for searching INSIDE message content across all sessions when you need exact keyword matches. Legacy JSON files mirror the SQLite data.
Storage layout:
/workspace/.local/share/opencode/storage/
├── session/global/ses_*.json # Session metadata (id, title, timestamps)
├── message/ses_*/msg_*.json # Messages per session (role, cost, tokens)
├── part/msg_*/prt_*.json # Content parts per message (text, tool calls, output)
└── todo/ses_*.json # Todo lists per session
Search Examples
# Find sessions mentioning "JWT" in their title
grep -rl '"title".*JWT' /workspace/.local/share/opencode/storage/session/global/
# Find which sessions used the Write tool
grep -rl '"tool":"Write"' /workspace/.local/share/opencode/storage/part/ | head -20
# Find tool calls that wrote to a specific file
grep -rl 'middleware/auth.ts' /workspace/.local/share/opencode/storage/part/
# Find sessions where an error occurred
grep -rl '"status":"error"' /workspace/.local/share/opencode/storage/part/
# Search message text content across all sessions
grep -rl 'database migration' /workspace/.local/share/opencode/storage/part/
# Count tool calls per session (rough)
for dir in /workspace/.local/share/opencode/storage/part/msg_*/; do
session=$(basename "$dir" | sed 's/msg_//')
count=$(grep -l '"type":"tool"' "$dir"prt_*.json 2>/dev/null | wc -l)
[ "$count" -gt 0 ] && echo "$count tool calls - $session"
done | sort -rn | head -10
When to use grep vs SQL: Use grep when you need to search inside raw tool outputs or message text that might not be indexed in SQLite columns. Use SQL for structured queries (costs, counts, joins).
5. Semantic Search (lss)
Use lss for meaning-based search when you don't know the exact keywords. lss combines BM25 full-text + embedding similarity.
# Search session files semantically
lss "authentication middleware implementation" -p /workspace/.local/share/opencode/storage/ -k 10 --json
# Scope to just session metadata
lss "database refactoring" -p /workspace/.local/share/opencode/storage/session/ -k 5 --json
# Scope to message parts (where the actual content lives)
lss "error handling for websockets" -p /workspace/.local/share/opencode/storage/part/ -k 10 --json
# Only search JSON files
lss "deployment config" -p /workspace/.local/share/opencode/storage/ -e .json -k 10 --json
When to use lss vs grep:
| Use lss | Use grep |
|---|---|
| Don't know exact keywords | Know the exact string |
| Conceptual search ("auth stuff") | Literal match ("tool":"Write") |
| Want ranked results by relevance | Want all matches |
| Searching natural language content | Searching structured JSON fields |
Storage Quick Reference
| What | Path |
|---|---|
| SQLite DB (primary) | /workspace/.local/share/opencode/opencode.db |
| Legacy JSON root | /workspace/.local/share/opencode/storage/ |
| Session metadata | storage/session/global/ses_*.json |
| Messages | storage/message/ses_*/msg_*.json |
| Parts (text, tool calls) | storage/part/msg_*/prt_*.json |
| Todos | storage/todo/ses_*.json |
| lss index | /workspace/.lss/ |
Combining Approaches
A typical deep session search workflow:
- session_list — scan titles to find candidate sessions
- session_get at 0.7 — quick compressed overview of each candidate
- session_get at 0.1 — full detail on the most relevant one
- grep on parts — find specific tool calls or outputs you need verbatim
- SQL — pull cost/token stats or cross-session aggregations
- lss — when you're not finding it by keyword, search by meaning