Skip to main content

overwatch sessions

List and manage active approval sessions.

Usage

overwatch sessions <subcommand> [options]

Subcommands

SubcommandDescription
list (or ls)List all active sessions
revoke <id>Revoke a specific session

Options

OptionDescription
--allRevoke all sessions (with revoke)
--jsonOutput in JSON format

Examples

List Sessions

overwatch sessions list
Output: 
Active Sessions
===============

  abc123
    Tool: query
    Server: postgres
    Scope: exact
    Expires: 2026-01-09T11:30:00Z (in 14 minutes)

  def456
    Tool: read_*
    Server: filesystem
    Scope: tool
    Expires: 2026-01-09T15:00:00Z (in 4 hours)

2 active sessions

Revoke Session

overwatch sessions revoke abc123
Output: 
Revoked session abc123

Revoke All Sessions

overwatch sessions revoke --all
Output: 
Revoked 2 sessions

Session Types

ScopeDescriptionExample
exactExact tool name matchquery only
toolPattern matchread_* matches read_file, read_directory
serverAll tools on serverAll postgres tools

Session Durations

When approving a tool call, you choose a duration:
DurationLengthUse Case
Once~1 secondSingle operation
5 min5 minutesQuick tasks
15 min15 minutesModerate tasks
Session24 hoursFull work session

Session Persistence

Sessions are stored in SQLite (~/.overwatch/sessions.db) and persist across Overwatch restarts. Background cleanup removes expired sessions automatically.

Audit Trail

Each session includes audit information:
  • Who approved the session
  • What tool/pattern was approved
  • When it was created and expires
  • Usage count (how many times used)
  • Revocation details if revoked

Security Notes

  • Sessions are scoped to specific tools/servers
  • Expired sessions are automatically cleaned up
  • Revoking sessions takes effect immediately
  • Sessions include full audit trail