cd /news/ai-agents/i-added-real-time-activity-logging-a… · home topics ai-agents article
[ARTICLE · art-22357] src=dev.to pub= topic=ai-agents verified=true sentiment=↑ positive

I added real-time activity logging and security scoring to my Claude Code dashboard

A developer built a real-time activity logging and security scoring dashboard for Claude Code that tracks every file read, command executed, and API call with risk labels and timestamps. The tool, available as an npm package called claude-token-dashboard, assigns a security score out of 100 by checking seven risk factors such as unrestricted sudo or curl commands and unprotected .env files. The developer scored 90/100 on their own environment and released the project on GitHub as an observability layer for AI agents.

read1 min publishedJun 5, 2026

Knowing how much you spent is useful.

But it's not enough.

The real question is: what is your AI actually doing?

Which files did it read?

Which commands did it run?

Is your environment even safe to run it in?

I couldn't answer any of those. So I built the answers in.

Claude Code logs everything via hooks.

Every file read. Every command executed. Every API call.

Risk-labeled. Timestamped. Live.

Set it up once in ~/.claude/settings.json

:

{
  "hooks": {
    "PostToolUse": [{
      "matcher": ".*",
      "hooks": [{
        "type": "command",
        "command": "curl -sf -X POST http://localhost:3000/api/actions -H 'Content-Type: application/json' --data-binary @- 2>/dev/null || true"
      }]
    }]
  }
}

Then open http://localhost:3000/activity

.

Watch your AI's actions stream in real-time.

This is the audit layer AI agents have been missing.

Scored out of 100. Checks 7 things:

Bash(sudo *)

in your allow list? (-20)~/.ssh/**

in your deny list? (-20)Bash(curl *)

unrestricted? (-15).env

files protected? (-15)strictMode

enabled? (-10)Bash(rm *)

restricted? (-10)I scored 90/100. What's yours?

The point isn't to shame anyone.

It's to make the invisible visible —

so you can make informed decisions about what your AI is allowed to do.

npm install -g @notenkidev/claude-token-dashboard
claude-token-dashboard

Open http://localhost:3000

GitHub: https://github.com/notenkitoclient-cpu/claude-token-dashboard

This started as a simple token counter.

It's becoming something bigger —

an observability layer for AI agents.

More coming.

source & further reading
dev.to — original article Why Writing "Good Code" Isn't Enough Anymore: The Rise of AI-Native Engineering Your AI Vendor Says 'Trust Us' with Your Data. There's a Better Option. NVIDIA and Apple Solved the Hardware. Here's What's Left to Build.
── more in #ai-agents 4 stories · sorted by recency
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/i-added-real-time-ac…] indexed:0 read:1min 2026-06-05 ·