# I added real-time activity logging and security scoring to my Claude Code dashboard > Source: > Published: 2026-06-05 09:21:49+00:00 Knowing how much you spent is useful. But it's not enough. The real question is: **what is your AI actually doing?** Which files did it read? Which commands did it run? Is your environment even safe to run it in? I couldn't answer any of those. So I built the answers in. Claude Code logs everything via hooks. Every file read. Every command executed. Every API call. Risk-labeled. Timestamped. Live. Set it up once in `~/.claude/settings.json` : ``` { "hooks": { "PostToolUse": [{ "matcher": ".*", "hooks": [{ "type": "command", "command": "curl -sf -X POST http://localhost:3000/api/actions -H 'Content-Type: application/json' --data-binary @- 2>/dev/null || true" }] }] } } ``` Then open `http://localhost:3000/activity` . Watch your AI's actions stream in real-time. This is the audit layer AI agents have been missing. Scored out of 100. Checks 7 things: `Bash(sudo *)` in your allow list? (-20)`~/.ssh/**` in your deny list? (-20)`Bash(curl *)` unrestricted? (-15)`.env` files protected? (-15)`strictMode` enabled? (-10)`Bash(rm *)` restricted? (-10)I scored 90/100. What's yours? The point isn't to shame anyone. It's to make the invisible visible — so you can make informed decisions about what your AI is allowed to do. ``` npm install -g @notenkidev/claude-token-dashboard claude-token-dashboard ``` Open `http://localhost:3000` GitHub: [https://github.com/notenkitoclient-cpu/claude-token-dashboard](https://github.com/notenkitoclient-cpu/claude-token-dashboard) This started as a simple token counter. It's becoming something bigger — an observability layer for AI agents. More coming.