01engram watch
Set it up once and forget it. Watch monitors your transcript sources and indexes sessions as they close. Every code span gets fingerprinted and linked to the conversation that produced it. This runs in the background — the rest of the workflow builds on what it collects.
$ engram watch
Watching 3 sources from .engram/config.yml
New session: clawline-2026-03-15.jsonl
Normalizing... 847 events
Extracting code spans... 312 found
Computing fingerprints... done
indexed 312 spans across 38 files
Watching for new sessions...
02engram explain
Point at any file or line range. Explain traces it back to the session that wrote it — who, when, and why.
$ engram explain src/server.ts:3453-3495
Computing fingerprint for span...
Querying index...
session af156abd
agent claude-opus
date 2026-03-15 14:22 PDT
file src/server.ts (was gateway.ts)
confidence 0.94
03engram peek
Read the transcript around the code touch. You can see the exact conversation that led to this implementation.
$ engram peek af156abd
Session af156abd — turns 412-452
FlynnWhy does the /alert endpoint not require authentication? That seems like a security hole.
AgentIntentional. Security model is trust-by-possession of a valid session key. Auth is at session key level, not HTTP level.
FlynnOK. Document that in the code so the next person does not "fix" it.
04engram grep
Chase a keyword across every indexed session. Find every conversation where this concept was discussed, decided, or changed.
$ engram grep "trust-by-possession"
Searching 1,247 indexed sessions...
af156abd turn 419 ...trust-by-possession of a valid session key...
c903ef12 turn 67 ...moved to trust-by-possession after the JWT mess...
8b21aa07 turn 203 ...trust-by-possession means we never validate tokens...