Skip to content
CI/CD & Automation Intermediate

Audit Logging with Hooks

Log every tool call to a file using PostToolUse hooks for compliance and debugging

Command

"color:#9CA3AF;font-style:italic"># ."color:#7C5CFC">claude/settings.json
$ {
    "hooks": {
      "PostToolUse": [
        {
          "hooks": [{
            "type": "command",
            "command": "./.">claude/hooks/audit-log.sh"
          }]
        }
      ]
    }
  }

Response

# .claude/hooks/audit-log.sh
#!/bin/bash
INPUT=$(cat)
TOOL=$(echo "$INPUT" | jq -r '.tool_name')
echo "$(date -Iseconds) $TOOL" >> .claude/audit.log

Parsing Code

059669">">// Hook input arrives on stdin as JSON:
059669">">// { "tool_name059669">": "Bash059669">", "tool_input059669">": { "command059669">": "...059669">" }, "tool_result059669">": "...059669">" }
059669">">// Exit 0 = logged, no interference
// PostToolUse fires AFTER the tool ran (can't block it)

Gotchas

! PostToolUse fires AFTER the tool has already executed — use PreToolUse to block
! Hook input is JSON on stdin with tool_name, tool_input, and tool_result fields

Related Recipes

Block Dangerous Commands (Hooks) AI-Powered Command Validation