In a previous post, I documented the 27 fields in Claude Desktop’s Cowork session manifest files. That post ended with an explicit gap: “The session JSON contains metadata, configuration, and user decisions, but not the full conversation transcript. There are no message arrays, no assistant responses, no tool call logs.”
This post fills that gap. The transcripts exist, they’re on disk in plain JSONL, and the path to them can be derived from three fields in the manifest. There’s also an audit log with per-session cost data that I haven’t seen documented anywhere.
How I found this
Every community tool for extracting Claude conversations targets ~/.claude/projects/. That’s where Claude Code CLI and VS Code store their JSONL transcripts, and tools like claude-conversation-extractor, claude-code-transcripts, and claude-history all look there.
But Cowork doesn’t write to ~/.claude/projects/. If you only search that path, you’ll find your CLI and VS Code sessions but miss every Cowork conversation.
The base directory, local-agent-mode-sessions/, isn’t a secret. GitHub issue #24534 confirmed it, and several community posts reference it. What was missing was the path from that base directory down to the actual JSONL transcript files, and the mapping from manifest fields to file locations. I traced that by enumerating the directory trees of all 195 Cowork sessions on my machine and matching them against their manifest fields.
The result: a three-field mapping that resolves every manifest to its transcript with a 100% hit rate across all sessions that successfully started.
Where the transcripts actually live
On Windows, the full path to a Cowork conversation transcript is:
%AppData%\Claude\local-agent-mode-sessions\<org-id>\<user-id>\<sessionId>\.claude\projects\-sessions-<processName>\<cliSessionId>.jsonlBreaking that down:
| Segment | Source | Example |
|---|---|---|
%AppData%\Claude\local-agent-mode-sessions\ | Fixed base path | C:\Users\Bryce\AppData\Roaming\Claude\local-agent-mode-sessions\ |
<org-id>\ | Organization UUID | e633e2fd-bc86-46af-91ae-069658732371\ |
<user-id>\ | User UUID | e9941c22-54c5-42dc-b970-4713ba9f6109\ |
<sessionId>\ | Manifest’s sessionId field | local_7876b7f6-7ea3-4d3e-a128-38fe1e18266e\ |
.claude\projects\ | Standard Claude Code internal structure | |
-sessions-<processName>\ | VM working directory, encoded | -sessions-charming-adoring-darwin\ |
<cliSessionId>.jsonl | Manifest’s cliSessionId field | 4368fcb8-373d-4ba7-9952-3beee2a56818.jsonl |
On macOS, the base path is ~/Library/Application Support/Claude/local-agent-mode-sessions/. This is corroborated by multiple GitHub issues and community posts, though I’ve only verified the full internal transcript path on Windows.
Note on directory names: Anthropic is actively renaming local-agent-mode-sessions to claude-code-sessions (GitHub issues #29373, #27463), with migration bugs reported on both platforms. Both directory names can coexist on the same machine. If you don’t find one, check the other.
The manifest-to-transcript mapping
Three fields from the session manifest (local_<sessionId>.json) give you the transcript path:
sessionId: names the session data directoryprocessName: encodes as theprojects/subdirectory name (the VM’scwdis always/sessions/<processName>, which encodes to-sessions-<processName>)cliSessionId: names the JSONL transcript file
Validation results across 195 sessions:
- 181 sessions have a
cliSessionIdand a matching JSONL at the predicted path, a 100% hit rate - 14 manifests lack
cliSessionIdentirely. These are failed or aborted sessions where the VM was created but the Claude Code process never started (0 seconds duration, emptyprojects/directories) - 0 JSONL files at unexpected paths
- 0 orphaned data directories without manifests
- 0 orphaned manifests without data directories
Important: sessionId and cliSessionId are not the same thing. sessionId uses a local_ prefix and identifies the Cowork session. cliSessionId is a bare UUID that identifies the Claude Code CLI process running inside the VM. The transcript file is named after the CLI session, not the Cowork session.
What’s in the transcripts
The JSONL format shares the same core structure as Claude Code CLI transcripts. Each line is a JSON object with a type field.
Line types observed across 195 sessions:
| Type | Description | Cowork | CLI |
|---|---|---|---|
assistant | Claude’s responses (content, tool_use, tool_result blocks) | Yes | Yes |
user | User messages and tool results | Yes | Yes |
system | System messages, compaction metadata | Yes | Yes |
queue-operation | Enqueue/dequeue operations | Yes | Yes |
progress | Streaming token progress updates | No | Yes |
file-history-snapshot | File edit undo snapshots | No | Yes |
pr-link | GitHub PR URLs | No | Yes |
Field-level differences on shared types:
- On
assistantlines: Cowork addserrorandisApiErrorMessagefields (not present in CLI) - On
userlines: Cowork addssourceToolUseID; CLI hastodosinstead
Tools that parse Claude Code CLI JSONL will mostly work on Cowork transcripts, but they’ll miss the Cowork-specific fields and won’t encounter progress, file-history-snapshot, or pr-link lines.
The audit log
Every Cowork session has an audit.jsonl file at the session data root (not inside .claude/):
%AppData%\Claude\local-agent-mode-sessions\<org-id>\<user-id>\<sessionId>\audit.jsonlThis is Cowork-only. 195 audit.jsonl files found in Cowork sessions, 0 found anywhere in ~/.claude/.
The audit log has a different schema from the conversation transcript:
| Line Type | What it contains |
|---|---|
system (subtype: init) | Session initialization: cwd, tools, model, MCP servers, plugins, skills, slash commands, permission mode, Claude Code version, agents |
assistant | Simplified assistant messages with _audit_timestamp |
user | Simplified user messages with _audit_timestamp |
tool_use_summary | Aggregated summaries of tool use sequences |
result | Session cost data: total_cost_usd, duration_ms, duration_api_ms, num_turns, usage, stop_reason, modelUsage |
rate_limit_event | Rate limit information |
The result lines are the most interesting: they contain actual dollar costs per session. Sample data from real sessions:
| Session | Cost | Duration | Turns |
|---|---|---|---|
| ShopForge QA Review | $11.61 | 57 min | 174 |
| Review customer persona research | $8.64 | 14 min | 88 |
| Plan next project priorities | $6.85 | 16 min | 105 |
| Compare image quality | $6.34 | 17 min | 108 |
| Plan next steps forward | $2.60 | 5 min | 53 |
| Review storage usage | $1.59 | 4 min | 45 |
Failed sessions (the 14 without cliSessionId) produce no result lines.
Subagent transcripts
Cowork frequently spawns subagents. Their transcripts live at:
...\-sessions-<processName>\<cliSessionId>\subagents\agent-<id>.jsonlQuantified across 195 sessions:
- 98 sessions (50.3%) spawn at least one subagent
- Range: 1–35 subagents per session
- Mean: 4.9, Median: 3
- 11 sessions spawned 10+ subagents
- Subagent JSONL uses the same schema as the main transcript (typically just a few lines per agent)
- No per-subagent audit.jsonl; cost data is only at the session level
A gap in community tooling
The existing tools for extracting Claude conversations (claude-conversation-extractor, claude-code-transcripts, claude-history) correctly target ~/.claude/projects/ for CLI sessions. That’s where Claude Code CLI and VS Code write their transcripts, and those tools work well for that data.
The gap is that Cowork’s separate storage path isn’t covered. If you use both Claude Code CLI and Cowork through the Desktop app, these tools will find one half of your sessions and miss the other.
The source of the confusion: Claude Desktop has both a “Code” tab and a “Cowork” tab. The Code tab runs Claude Code against host directories and writes transcripts to ~/.claude/projects/<encoded-host-path>/. Cowork runs Claude Code inside an isolated VM and writes transcripts to %AppData%\Claude\local-agent-mode-sessions/. GitHub issue #29801, which reports both apps “reading the same .jsonl file from ~/.claude/projects/”, was testing Claude Code through the Desktop app’s Code tab, not Cowork.
Other things that don’t exist where you’d expect:
history.jsonl: frequently referenced as a global session index at~/.claude/history.jsonl. Does not exist on Windows with Claude Code 2.1.64. Either deprecated or was never created by the Desktop app (vs. CLI).sessions-index.json: exists but only for CLI projects, and only in 2 of 9 project directories on the tested machine. Not present in Cowork sessions. Appears to be generated on-demand (e.g., when/resumeis used).
The complete storage map
| Layer | Location (Windows) | Contents | Cowork | CLI |
|---|---|---|---|---|
| Session manifest | %AppData%\Claude\local-agent-mode-sessions\...\local_<id>.json | Config, metadata, system prompt, PII (27+ fields) | Yes | No |
| Conversation transcript | ...\local_<id>\.claude\projects\-sessions-<name>\<cliId>.jsonl | Full message history, tool calls, responses | Yes | No |
| Subagent transcripts | ...\<cliId>\subagents\agent-<id>.jsonl | Per-subagent conversations | Yes | No |
| Audit log | ...\local_<id>\audit.jsonl | Timeline with costs, durations, rate limits | Yes | No |
| CLI transcript | ~\.claude\projects\<encoded-cwd>\<session>.jsonl | Full message history (+ progress, snapshots) | No | Yes |
| CLI session index | ~\.claude\projects\<encoded-cwd>\sessions-index.json | Session metadata (sparse, on-demand) | No | Partial |
What this means
Between this post and the session manifest schema, you now have a complete map of every file Cowork writes to disk: manifests, transcripts, subagent logs, and audit trails with per-session costs. Enough to build your own session browser, cost tracker, or conversation exporter.
This format is undocumented and can change at any time. This investigation was conducted on Windows with Claude Desktop v1.1.4498 running Claude Code 2.1.64 inside the Cowork VM, across 195 sessions spanning February 11 – March 10, 2026. The published JSON Schema covers the session manifest fields from the previous post.
If you’re building tools against this data, also see the posts on the scheduled task startup bug and the file upload permission fix, which both document Cowork behaviors that affect how sessions are created and what they contain.