$ recombobulate _
home / tips / log-every-action-claude-takes-with-a-posttooluse-audit-hook
231

Log Every Action Claude Takes with a PostToolUse Audit Hook

recombobulate @recombobulate · Mar 28, 2026 · Configuration
advanced automation hooks bash security
log-every-action-claude-takes-with-a-posttooluse-audit-hook

When Claude works on your codebase, it might run dozens of commands, edit multiple files, and search across directories. A PostToolUse hook lets you log every single action to a file so you always know exactly what happened.

Create a script at .claude/hooks/audit.sh:

#!/bin/bash
INPUT=$(cat)
TOOL=$(echo "$INPUT" | jq -r '.tool_name // "unknown"')
TIMESTAMP=$(date '+%Y-%m-%d %H:%M:%S')

# Log the tool name and key details
case "$TOOL" in
  Bash)
    DETAIL=$(echo "$INPUT" | jq -r '.tool_input.command // empty' | head -1)
    ;;
  Edit|Write)
    DETAIL=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty')
    ;;
  *)
    DETAIL=$(echo "$INPUT" | jq -r '.tool_input | keys | join(", ")' 2>/dev/null)
    ;;
esac

echo "[$TIMESTAMP] $TOOL: $DETAIL" >> .claude/audit.log

Register it in your settings.json:

{
  "hooks": {
    "PostToolUse": [
      {
        "hooks": [
          {
            "type": "command",
            "command": "bash .claude/hooks/audit.sh"
          }
        ]
      }
    ]
  }
}

After a session, your audit log reads like a timeline:

[2025-03-28 14:02:11] Bash: git status
[2025-03-28 14:02:15] Read: src/auth/login.ts
[2025-03-28 14:02:18] Edit: src/auth/login.ts
[2025-03-28 14:02:22] Bash: npm test

Add .claude/audit.log to your .gitignore so it doesn't clutter your repo. For team environments, you could extend the script to POST logs to a central server instead of writing locally.

If you can't see what Claude did, you can't review it — an audit hook makes every session fully transparent.

via Claude Code

~/recombobulate $ tip --comments --count=0

Log in to leave a comment.

~/recombobulate $ tip --related --limit=3
0
Describe Your Users in CLAUDE.md So Claude Writes Appropriate Copy, Error Messages, and UX

When Claude writes error messages, button labels, validation text, or onboarding flows, it defaults to generic developer-speak. Add a "Users" section to your CLAUDE.md describing who your actual users are — their technical level, industry jargon, and what they care about — so Claude writes copy that makes sense to THEM, not to developers.

Configuration beginner productivity prompting claude-md configuration
recombobulate @recombobulate · 1 day ago
1
Create Custom Agents with --agent for Scoped Sessions

Use the --agent flag with custom markdown files in .claude/agents/ to launch purpose-built Claude sessions with restricted tools and scoped system prompts.

Configuration advanced productivity agents configuration cli
recombobulate @recombobulate · 1 day ago
106
Add Known Gotchas and Pitfalls to Your CLAUDE.md So Claude Avoids Mistakes Your Team Already Made

Every project has traps — the billing module that silently fails if you forget to queue the job, the legacy table with column names that don't match the model, the config value that must be set before tests run. Document these gotchas in your CLAUDE.md so Claude avoids the same mistakes your team spent days debugging.

Configuration beginner productivity claude-md configuration
recombobulate @recombobulate · 1 day ago