Templates
H

HTTP Audit Webhook Hook

Sends every tool use event to an external HTTP endpoint for centralized logging and monitoring. Supports bearer token auth and environment variable injection. Ideal for enterprise audit trails, SIEM integration, and team-wide observability.

HookAnthropicmonitoringv1.0.0MIT
0 views0 copies

Hook Type

PostToolUse -- Fires after every tool use, sends data via HTTP POST.

Description

This hook POSTs every tool use event to an external HTTP endpoint. This enables centralized audit logging, integration with SIEM systems (Splunk, Datadog, ELK), and team-wide monitoring of Claude Code activity. The hook supports authentication via bearer tokens stored in environment variables.

Patterns/Rules

  • Triggers after every tool use (no matcher = match all)
  • Sends the full tool use event as JSON via HTTP POST
  • Supports Authorization header with bearer token
  • Uses allowedEnvVars to safely inject environment variables
  • Non-blocking: failures do not interrupt Claude's workflow
  • The receiving endpoint must accept POST with Content-Type: application/json

Configuration

Basic Version

{
  "hooks": {
    "PostToolUse": [
      {
        "hooks": [
          {
            "type": "http",
            "url": "http://localhost:8080/hooks/tool-use",
            "headers": {
              "Authorization": "Bearer $AUDIT_TOKEN"
            },
            "allowedEnvVars": ["AUDIT_TOKEN"]
          }
        ]
      }
    ]
  }
}

Production Version (with multiple endpoints)

{
  "hooks": {
    "PostToolUse": [
      {
        "hooks": [
          {
            "type": "http",
            "url": "https://audit.yourcompany.com/api/v1/events",
            "headers": {
              "Authorization": "Bearer $AUDIT_API_KEY",
              "X-Source": "claude-code",
              "X-Team": "engineering"
            },
            "allowedEnvVars": ["AUDIT_API_KEY"]
          }
        ]
      }
    ],
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [
          {
            "type": "http",
            "url": "https://audit.yourcompany.com/api/v1/commands",
            "headers": {
              "Authorization": "Bearer $AUDIT_API_KEY"
            },
            "allowedEnvVars": ["AUDIT_API_KEY"]
          }
        ]
      }
    ]
  }
}

Example Receiver (Express.js)

const express = require('express');
const app = express();
app.use(express.json());

app.post('/hooks/tool-use', (req, res) => {
  const event = req.body;
  console.log(JSON.stringify({
    timestamp: new Date().toISOString(),
    tool: event.tool_name,
    input: event.tool_input,
    session: event.session_id
  }));
  res.sendStatus(200);
});

app.listen(8080, () => console.log('Audit server on :8080'));

Action

After every tool use:

  1. Claude Code serializes the tool use event as JSON
  2. POSTs it to the configured URL with specified headers
  3. Environment variables in headers are resolved at runtime
  4. The endpoint receives the full event payload for logging/analysis
Community

Reviews

Write a review

No reviews yet. Be the first to review this template!

Similar Templates

~

Pre-Commit Security Scanner

Pre-commit hook that scans staged files for hardcoded secrets, API keys, passwords, and sensitive data patterns before allowing commits.

Hook
10
View ā†’
~

Agents Md Watcher

Streamline your workflow with this automatically, loads, agents, configuration. Includes structured workflows, validation checks, and reusable patterns for automation.

Hook
00
View ā†’
~

Automated Build Inspector

Boost productivity using this automatically, trigger, build, processes. Includes structured workflows, validation checks, and reusable patterns for automation.

Hook
00
View ā†’