I added real-time activity logging and security scoring to my Claude Code dashboard
The problem with just seeing costs
Knowing how much you spent is useful.
But it's not enough.
The real question is: what is your AI actually doing?
Which files did it read?
Which commands did it run?
Is your environment even safe to run it in?
I couldn't answer any of those. So I built the answers in.
What's new in v0.1.17
Activity Log — see every action in real-time
Claude Code logs everything via hooks.
Every file read. Every command executed. Every API call.
Risk-labeled. Timestamped. Live.
Set it up once in ~/.claude/settings.json:
{
"hooks": {
"PostToolUse": [{
"matcher": ".*",
"hooks": [{
"type": "command",
"command": "curl -sf -X POST http://localhost:3000/api/actions -H 'Content-Type: application/json' --data-binary @- 2>/dev/null || true"
}]
}]
}
}
Then open http://localhost:3000/activity.
Watch your AI's actions stream in real-time.
This is the audit layer AI agents have been missing.
Security Score — how safe is your Claude Code environment?
Scored out of 100. Checks 7 things:
- Is
Bash(sudo *)in your allow list? (-20) - Is
~/.ssh/**in your deny list? (-20) - Is
Bash(curl *)unrestricted? (-15) - Are
.envfiles protected? (-15) - Is
strictModeenabled? (-10) - Is
Bash(rm *)restricted? (-10) - Are hooks configured? (-5)
I scored 90/100. What's yours?
The point isn't to shame anyone.
It's to make the invisible visible —
so you can make informed decisions about what your AI is allowed to do.
Try it
npm install -g @notenkidev/claude-token-dashboard
claude-token-dashboard
Open http://localhost:3000
GitHub: https://github.com/notenkitoclient-cpu/claude-token-dashboard
This started as a simple token counter.
It's becoming something bigger —
an observability layer for AI agents.
More coming.
Top comments (0)