Yeah this is a risk, the jsonl format is not a documented api surface.

I have a similar project that started out as just a log viewer but is now a full session manager etc (https://github.com/kzahel/yepanywhere). My approach was to occasionally run zod schema validations against all my local sessions to make sure the frontend has a pretty faithful schema. I've noticed sometimes when I run claude cli it modifies some jsonl files, it might be doing some kind of cleanup or migration, I haven't looked too deeply into it (yepanywhere detects when files change so I see those sessions as "unread, externally tracked")