{"slug": "i-added-real-time-activity-logging-and-security-scoring-to-my-claude-code", "title": "I added real-time activity logging and security scoring to my Claude Code dashboard", "summary": "A developer built a real-time activity logging and security scoring dashboard for Claude Code that tracks every file read, command executed, and API call with risk labels and timestamps. The tool, available as an npm package called claude-token-dashboard, assigns a security score out of 100 by checking seven risk factors such as unrestricted sudo or curl commands and unprotected .env files. The developer scored 90/100 on their own environment and released the project on GitHub as an observability layer for AI agents.", "body_md": "Knowing how much you spent is useful.\n\nBut it's not enough.\n\nThe real question is: **what is your AI actually doing?**\n\nWhich files did it read?\n\nWhich commands did it run?\n\nIs your environment even safe to run it in?\n\nI couldn't answer any of those. So I built the answers in.\n\nClaude Code logs everything via hooks.\n\nEvery file read. Every command executed. Every API call.\n\nRisk-labeled. Timestamped. Live.\n\nSet it up once in `~/.claude/settings.json`\n\n:\n\n```\n{\n  \"hooks\": {\n    \"PostToolUse\": [{\n      \"matcher\": \".*\",\n      \"hooks\": [{\n        \"type\": \"command\",\n        \"command\": \"curl -sf -X POST http://localhost:3000/api/actions -H 'Content-Type: application/json' --data-binary @- 2>/dev/null || true\"\n      }]\n    }]\n  }\n}\n```\n\nThen open `http://localhost:3000/activity`\n\n.\n\nWatch your AI's actions stream in real-time.\n\nThis is the audit layer AI agents have been missing.\n\nScored out of 100. Checks 7 things:\n\n`Bash(sudo *)`\n\nin your allow list? (-20)`~/.ssh/**`\n\nin your deny list? (-20)`Bash(curl *)`\n\nunrestricted? (-15)`.env`\n\nfiles protected? (-15)`strictMode`\n\nenabled? (-10)`Bash(rm *)`\n\nrestricted? (-10)I scored 90/100. What's yours?\n\nThe point isn't to shame anyone.\n\nIt's to make the invisible visible —\n\nso you can make informed decisions about what your AI is allowed to do.\n\n```\nnpm install -g @notenkidev/claude-token-dashboard\nclaude-token-dashboard\n```\n\nOpen `http://localhost:3000`\n\nGitHub: [https://github.com/notenkitoclient-cpu/claude-token-dashboard](https://github.com/notenkitoclient-cpu/claude-token-dashboard)\n\nThis started as a simple token counter.\n\nIt's becoming something bigger —\n\nan observability layer for AI agents.\n\nMore coming.", "url": "https://wpnews.pro/news/i-added-real-time-activity-logging-and-security-scoring-to-my-claude-code", "canonical_source": "https://dev.to/notenkitoclientcpu/i-added-real-time-activity-logging-and-security-scoring-to-my-claude-code-dashboard-33nh", "published_at": "2026-06-05 09:21:49+00:00", "updated_at": "2026-06-05 09:42:20.109969+00:00", "lang": "en", "topics": ["ai-agents", "ai-tools", "ai-safety", "ai-products", "ai-infrastructure"], "entities": ["Claude Code", "NotenkiDev", "claude-token-dashboard", "GitHub"], "alternates": {"html": "https://wpnews.pro/news/i-added-real-time-activity-logging-and-security-scoring-to-my-claude-code", "markdown": "https://wpnews.pro/news/i-added-real-time-activity-logging-and-security-scoring-to-my-claude-code.md", "text": "https://wpnews.pro/news/i-added-real-time-activity-logging-and-security-scoring-to-my-claude-code.txt", "jsonld": "https://wpnews.pro/news/i-added-real-time-activity-logging-and-security-scoring-to-my-claude-code.jsonld"}}