Templates
B

Bash Command Audit Log Hook

Records every Bash command Claude executes to a persistent log file for auditing and debugging. Essential for understanding what Claude did in a session, reproducing issues, and maintaining compliance in regulated environments.

HookAnthropicsecurityv1.0.0MIT
0 views0 copies

Hook Type

PostToolUse with Bash matcher -- Fires after every Bash command execution.

Description

This hook creates a complete audit trail of every shell command Claude executes. Each command is logged with a timestamp to a persistent file. This is invaluable for debugging ("what command broke things?"), compliance ("what did the AI agent do?"), and learning ("how did Claude solve this?").

Patterns/Rules

  • Triggers after every Bash tool use
  • Logs the raw command string to ~/.claude/command-log.txt
  • Appends (does not overwrite) for persistent history
  • Lightweight -- adds negligible overhead

Configuration

Basic Version

{
  "hooks": {
    "PostToolUse": [
      {
        "matcher": "Bash",
        "hooks": [
          {
            "type": "command",
            "command": "jq -r '.tool_input.command' >> ~/.claude/command-log.txt"
          }
        ]
      }
    ]
  }
}

Enhanced Version (with timestamps and working directory)

{
  "hooks": {
    "PostToolUse": [
      {
        "matcher": "Bash",
        "hooks": [
          {
            "type": "command",
            "command": "CMD=$(jq -r '.tool_input.command'); echo \"[$(date -u '+%Y-%m-%dT%H:%M:%SZ')] [$(pwd)] $CMD\" >> ~/.claude/command-log.txt"
          }
        ]
      }
    ]
  }
}

JSONL Version (machine-readable)

{
  "hooks": {
    "PostToolUse": [
      {
        "matcher": "Bash",
        "hooks": [
          {
            "type": "command",
            "command": "jq -c '{timestamp: (now | todate), command: .tool_input.command, cwd: env.PWD}' >> ~/.claude/command-log.jsonl"
          }
        ]
      }
    ]
  }
}

Action

After every Bash command:

  1. The hook receives the tool input JSON on stdin
  2. Extracts the command string using jq
  3. Appends the command (with optional metadata) to the log file
  4. The log persists across sessions for long-term auditing

Querying the Log

# View recent commands
tail -50 ~/.claude/command-log.txt

# Search for specific commands
grep "git push" ~/.claude/command-log.txt

# Count commands by type (JSONL version)
cat ~/.claude/command-log.jsonl | jq -r '.command' | cut -d' ' -f1 | sort | uniq -c | sort -rn
Community

Reviews

Write a review

No reviews yet. Be the first to review this template!

Similar Templates

~

Pre-Commit Security Scanner

Pre-commit hook that scans staged files for hardcoded secrets, API keys, passwords, and sensitive data patterns before allowing commits.

Hook
10
View ā†’
~

Agents Md Watcher

Streamline your workflow with this automatically, loads, agents, configuration. Includes structured workflows, validation checks, and reusable patterns for automation.

Hook
00
View ā†’
~

Automated Build Inspector

Boost productivity using this automatically, trigger, build, processes. Includes structured workflows, validation checks, and reusable patterns for automation.

Hook
00
View ā†’