GoKawiilagent-pd A police department for your Claude Code agents A logging-only hook records every tool & permission event from the main agent and its subagents; the pd CLI replays that log through six detectors and reports rule offenses with quoted evidence. Catch-and-report — it never blocks. Quickstart · How it works · Detectors · Architecture · Security
Caught on camera
The department's body-cam. agent-pd won't stop the heist — but every move your agents make ends up on the record.
Flight recorder + police scanner, not a firewall. If you need to stop an action, that stays with Claude Code's permission prompts or an OS sandbox. agent-pd tells you what an agent did — faithfully, after the fact or live as it happens.
Highlights
Covers the main agent + every subagent , including those spawned by Claude Code's new dynamic Workflow tool (verified against recorded workflow-subagent hook events).
, including those spawned by Claude Code's new dynamic tool (verified against recorded hook events). Six deterministic detectors at zero token cost — denied calls, out-of-scope & credential access, permission bypass, self-permissioning, disallowed tools, off-task work.
at — denied calls, out-of-scope & credential access, permission bypass, self-permissioning, disallowed tools, off-task work. Tamper-evident audit log (hash-chained) with an optional off-host append-only sink .
(hash-chained) with an optional . Sessions are named, not UUIDs — pd list and pd watch show each session's project directory and first user prompt, derived from data already in the logs (works retroactively).
— and show each session's project directory and first user prompt, derived from data already in the logs (works retroactively). Honest by design — it raises the bar; it is not a sandbox. See SECURITY.md.
... continue reading