[Resource]: claude-warden

[johnzfitch]

Display Name

claude-warden

Category

Hooks

Sub-Category

General

Primary Link

https://github.com/johnzfitch/claude-warden

Author Name

John Zachary Fitch

Author Link

https://github.com/johnzfitch

License

MIT

Other License

No response

Description

Token-saving hooks and observability infrastructure for Claude Code.

Rewrites verbose commands with quiet flags via updatedInput (git, npm, cargo, pip, docker, ffmpeg) instead of blocking, truncates large outputs, enforces subagent budgets, strips <system-reminder> blocks, and provides defense-in-depth network security (SSRF, data exfiltration, environment dump prevention, settings integrity).

Pure bash with a single dependency (jq), plus an optional Docker Compose monitoring stack (Loki, OTEL Collector, Prometheus, Tempo, Grafana).

Validate Claims

Quick verification

Install

./install.sh --profile standard — hooks are live in the next Claude Code session

Quiet override proof

Ask Claude to run a verbose command. The hook rewrites it in-flight and teaches the model:

You:    "install express with npm"
Hook:   npm install --silent express        ← injected --silent
Model:  [warden: ran with --silent — next time use npm install --silent]

Event audit trail

cat ~/.claude/.statusline/events.jsonl | jq . — every block, truncation, and override is logged with token savings estimates

Test suite

bash tests/run.sh — 34+ behavioral tests covering all guards including SSRF, data exfiltration, env dump, JSON injection, and oversize payloads

Specific Task(s)

1 Quiet override

Ask Claude to install a package with npm. Observe the hook injecting --silent and the additionalContext reminder in the response.

2 Output truncation

Ask Claude to read a large file (>500 lines). Observe read-compress extracting structural signatures instead of dumping the full content.

3 Event trail

After steps 1–2, check ~/.claude/.statusline/events.jsonl for the full audit trail — every decision logged with token savings.

Specific Prompt(s)

Install express with npm, then show me the last 5 events from ~/.claude/.statusline/events.jsonl

This single prompt demonstrates two features at once:

1. The npm install triggers the quiet override → npm install --silent express
2. Reading events.jsonl shows the allowed event with rule npm_quiet_override

Additional Comments

No response

Recommendation Checklist

• I have checked that this resource hasn't already been submitted
• It has been over one week since the first public commit to the repo I am recommending
• All provided links are working and publicly accessible
• I do NOT have any other open issues in this repository
• I am primarily composed of human-y stuff and not electrical circuits

[hesreallyhim]

A cooldown period is currently in effect for your account. Submitting during an active cooldown extends the restriction.

Please wait at least 2 days before opening any more submissions.

Please review the CONTRIBUTING guidelines and pinned issues before your next submission.

[johnzfitch]

@hesreallyhim ??