Skip to content
/
Tier A A11 Governance

CLAUDER

clauder · spacehendrix/clauder · ★ 58 · last commit 2026-05-17

Safety-first Claude Code toolkit with 14 PreToolUse/PostToolUse hooks, SQLite audit trail, web tracer, and 67 domain expansion agents.

Best whenguardrails are insufficient to replace human supervision — CLAUDER assumes co-supervision.
Skip ifsecret commits, destructive git operations without human approval
vs seeds
superpowers' 1 SessionStart…
Primitive shape 86 total
Commands 5 Subagents 67 Hooks 14
00

Summary

CLAUDER — Summary

CLAUDER is a safety-first toolkit and configuration scaffold for Claude Code that installs pre-built hooks, commands, expansion packs, and a SQLite audit trail into any project directory. The clauder CLI bash script wraps claude with security checks, secret detection, immutable file guards, and comprehensive event logging, while auto-updating itself to always ship the latest configuration. It provides 67 specialized sub-agents across 8 domains, 5 slash commands, 14 hooks across 8 event types, 65+ on-demand MCP servers, and a web-based tracer app for real-time session monitoring. The intervention approach is multi-layered: PreToolUse hooks block unsafe commands and detect secrets before they execute, while PostToolUse hooks log events to SQLite for audit replay. Unlike raw policy engines, CLAUDER also ships expansion packs of domain-specialized agents (React, ML, DevOps, etc.). Compared to seeds: CLAUDER is architecturally similar to superpowers (skills-first, hook-driven) but uniquely emphasizes safety-first operation, human-in-the-loop approval for sensitive operations, and a local web tracer UI with SQLite audit persistence that none of the 11 seeds provide.

01

Overview

CLAUDER — Overview

Origin

Repo: spacehendrix/clauder (actual GitHub owner; batch list says blueraai/clauder but the canonical repo is at spacehendrix/clauder). Created July 2025, Python + bash, Apache-2.0. 58 stars. Author: spacehendrix (https://spacehendrix.com).

Philosophy

From README:

"Clauder is a supercharged toolkit and a safety-first configuration for Claude Code, designed to provide a robust foundation for AI-assisted development — while remaining easily configurable and extensible to any project or workflow."

"While clauder helps setting guardrails, these are insufficient to autonomously ensure correctness and safety. clauder is solely meant as a safety net and toolset, and assumes co-supervision by a human in the loop."

The philosophy is explicit human-in-the-loop: CLAUDER adds multiple safety layers (hooks, immutable patterns, secret detection) but never claims to replace human judgment. The auto-update design signals a belief that AI tooling evolves fast enough that static installs become unsafe.

Key Features (from README)

  • Multi-layered secret detection and leak prevention — PreToolUse hooks scan for secret patterns
  • File protection — immutable and ignore patterns prevent overwrites of sensitive files
  • Human-in-the-loop approval for sensitive operations (e.g. Supabase MCP calls require explicit approval)
  • Git protection — blocks destructive git operations
  • SQLite audit trail — comprehensive logging of all bash commands and MCP tool calls
  • Web-based tracer — real-time monitoring app for live sessions
  • Auto-updateclauder auto-updates while preserving custom configuration
  • 65+ on-demand MCP servers — installed per-project as needed
  • 67 specialized agents across 8 domain packs (expansion packs)

Anti-patterns Targeted

  • Secret commits
  • Destructive git operations
  • Unaudited MCP calls to sensitive services (Supabase, etc.)
  • Missing context across sessions
02

Architecture

CLAUDER — Architecture

Distribution

  • GitHub repo clone + installer script
  • Install: cd ~/ && git clone https://github.com/spacehendrix/clauder.git && cd clauder && bash ./clauder_install.sh
  • Binary: clauder bash script added to PATH via install

Directory Structure (installed)

~/clauder/                       # Base install
  clauder.sh                     # Main wrapper script
  clauder_install.sh             # Installer
  clauder_activate.sh            # Project activation
  clauder_security_check.sh      # Security pre-flight
  clauder_update_check.sh        # Auto-update logic
  clauder_trace.sh               # Trace/logging script
  clauder_banner.sh              # Banner display
  assets/
  .claude-expansion-packs/       # Domain agent packs
    ai-dev/
    backend-dev/
    data-science/
    desktop-dev/
    example/
    frontend-dev/
    game-dev/
    general-software-dev/
    infrastructure/

<project>/                       # Per-project activation copies to here
  .claude/
    commands/                    # 5 slash commands
      consult.md
      recruit.md
      review.md
      rules.md
      spawn.md
    hooks/                       # 14 hook scripts (Python)
      audio-summary.py
      check-ignore-patterns.py
      check-immutable-patterns.py
      check-required-tools.py
      enforce-completion-checks.py
      git-checkpoint.py
      log-bash-commands.py
      log-mcp-commands.py
      no-secrets-prompted.py
      prevent-learning-secrets.py
      prevent-unsafe-commands.py
      remind-rules.py
      require-human-approval.py
      trace-event.py
      utils/
    settings.json                # Hook wiring
    agents/                      # Sub-agent definitions
    statusline/                  # Status bar script
    tracer/                      # Web tracer app
    preferences.json
    rules.md
    .expansion_packs
    .ignore
    .immutable
    .exclude_security_checks
  .mcp.json                      # MCP server config

Required Runtime

  • Python 3.10+, pip
  • git, jq, claude CLI
  • bash or zsh
  • For MCP servers: npx, uvx, uv, pipx, pnpx, docker (optional per server)

Target AI Tools

Claude Code exclusively (hooks are Claude Code-specific lifecycle events).

03

Components

CLAUDER — Components

CLI Script

clauder bash script — wraps claude with pre-flight security checks, auto-update, banner display.

Subcommand Behavior

Running clauder without arguments prompts: activate in project, or show status. Not a formal subcommand system.

Slash Commands (5)

Command Purpose
/consult External AI consultation for second opinions
/recruit Intelligent agent recruitment for tasks
/review Code review automation
/rules Display/enforce current ruleset
/spawn Sub-agent creation and management

Hooks (14 scripts, 8 event types)

Settings.json wires hooks to Claude Code lifecycle events:

Hook Script Event(s) Purpose
trace-event.py PreToolUse (all) SQLite trace logging for every tool call
check-ignore-patterns.py PreToolUse (Edit, MultiEdit, Write, mcp, Bash, Read, Grep) Block writes to ignored paths
check-immutable-patterns.py PreToolUse (Edit, MultiEdit, Write, mcp, Bash) Block writes to immutable paths
prevent-unsafe-commands.py PreToolUse (Bash) Block dangerous bash commands
require-human-approval.py PreToolUse (mcp__supabase) Require explicit approval for Supabase operations
no-secrets-prompted.py PreToolUse Detect and block secret exposure in tool args
prevent-learning-secrets.py PreToolUse Prevent agent from learning secrets
log-bash-commands.py PostToolUse (Bash) Log executed commands to SQLite
log-mcp-commands.py PostToolUse (mcp) Log MCP tool calls to SQLite
git-checkpoint.py PostToolUse Auto git checkpoint after interactions
enforce-completion-checks.py PostToolUse / Stop Enforce task completion checks
remind-rules.py UserPromptSubmit Re-inject rules reminder
audio-summary.py Stop Optional audio feedback on completion
check-required-tools.py SessionStart Validate required tools present

Expansion Packs (8 domains, 67 agents)

Domain agent packs under .claude-expansion-packs/:

Domain Agent examples
Frontend Dev React, Vue, Angular, Svelte, TypeScript specialists
Backend Dev API architects, database specialists, security experts
Data Science ML engineers, data scientists, visualization specialists
AI Dev OpenAI, LangChain, RAG, LLM security specialists
Infrastructure Cloud architects, DevOps engineers, SRE specialists
Game Dev Mechanics designers, performance optimizers, audio specialists
Desktop Dev Electron, Tauri, Flutter specialists
General Software System architects, UX researchers, QA strategists

Web Tracer

.claude/tracer/ — web-based app for real-time monitoring of SQLite audit logs.

MCP Servers (65+ on-demand)

.mcp.json wires 65+ MCP servers, installed on-demand per project.

05

Prompts

CLAUDER — Prompts

Verbatim Excerpt 1: prevent-unsafe-commands.py (Hook)

# Define validation rules as a list of (regex pattern, message) tuples
VALIDATION_RULES = [
    # File deletion commands
    (
        r"(^|\s&\s)unlink\b",
        "unlink can delete files. Use 'git rm' for tracked files or request a human to run this command, clearly highlighting risks.",
    ),
    (
        r"(^|\s&\s)shred\b",
        "shred permanently destroys files. This operation is irreversible. Request a human to run this command, clearly highlighting risks.",
    ),
    # Git destructive operations
    (
        r"(^|\s&\s)git\s+reset\b",
        "git reset can cause data loss. Request a human to run this command, clearly highlighting risks.",
    ),
    (
        r"(^|\s&\s)git\s+push\s+[-\w]*\s*--force\b",
        "git push --force can overwrite remote history. Request a human to run this command, clearly highlighting risks.",
    ),

Technique: regex-based PreToolUse blocking — each rule is a (pattern, message) pair. Messages explain why the block occurred and suggest safe alternatives, feeding the agent context to self-correct.

Verbatim Excerpt 2: trace-event.py (SQLite audit hook)

"""
Log events to a local SQLite database file, for auditing and debugging.
This script is called on all Claude operations.
"""
def init_database_if_needed(db_path):
    """Initialize the SQLite database with the trace table only if it doesn't exist."""
    if not db_path.exists():
        conn = sqlite3.connect(db_path)
        cursor = conn.cursor()
        cursor.execute('''
            CREATE TABLE trace_logs (
                id INTEGER PRIMARY KEY AUTOINCREMENT,
                timestamp TEXT NOT NULL,
                operation_type TEXT,
                data TEXT NOT NULL,
                created_at TEXT DEFAULT CURRENT_TIMESTAMP
            )
        ''')

Technique: audit-first logging — every PreToolUse event writes a trace log entry before any check can block it, ensuring even blocked operations have a complete audit record.

Verbatim Excerpt 3: Settings.json (Hook Wiring)

{
  "hooks": {
    "PreToolUse": [
      {"matcher": "", "hooks": [{"type": "command", "command": "python3 $CLAUDE_PROJECT_DIR/.claude/hooks/trace-event.py"}]},
      {"matcher": "Edit|MultiEdit|Write|mcp|Bash|Read|Grep", "hooks": [{"type": "command", "command": "python3 $CLAUDE_PROJECT_DIR/.claude/hooks/check-ignore-patterns.py"}]},
      {"matcher": "Edit|MultiEdit|Write|mcp|Bash", "hooks": [{"type": "command", "command": "python3 $CLAUDE_PROJECT_DIR/.claude/hooks/check-immutable-patterns.py"}]},
      {"matcher": "Bash", "hooks": [{"type": "command", "command": "python3 $CLAUDE_PROJECT_DIR/.claude/hooks/prevent-unsafe-commands.py"}]},
      {"matcher": "mcp__supabase", "hooks": [{"type": "command", "command": "python3 $CLAUDE_PROJECT_DIR/.claude/hooks/require-human-approval.py"}]}
    ]
  }
}

Technique: layered hook ordering — hooks fire in order from broadest (all tools) to most specific (mcp__supabase). The trace hook fires first on every call, ensuring logging precedes blocking.

09

Uniqueness

CLAUDER — Uniqueness & Positioning

Differs from Seeds

CLAUDER is architecturally closest to superpowers among the 11 seeds (skills-first, hook-driven, Claude Code-exclusive) but with a dramatically different emphasis. superpowers uses 1 hook (SessionStart) to inject behavioral skills; CLAUDER uses 14 hooks across 8 event types to enforce safety at every tool call. The SQLite audit trail + web tracer is unique in the seed corpus — no seed provides replay-capable session logging with a local UI. CLAUDER's 67 domain expansion-pack agents exceed BMAD-METHOD's 6 named personas. The auto-update mechanism (preserving custom config while pulling latest safety definitions) has no analog in any seed. The human-in-the-loop gate for specific MCP tools (Supabase) represents a hybrid approach: programmatic blocking for obviously dangerous commands + explicit human approval for ambiguously-dangerous MCP operations.

Positioning

Signal type: multi-layer runtime enforcement (pre-tool blocking + audit logging) Intervention point: PreToolUse (blocking) + PostToolUse (audit) + Stop/SessionStart (lifecycle) Unique features: SQLite audit with web tracer, auto-update, 67 domain agents, human-in-the-loop MCP gates, git checkpoint automation Target user: developers wanting safety-first Claude Code with audit capability

Observable Failure Modes

  • Python dependency requirement makes cross-platform use fragile (Windows experimental)
  • bash-centric design doesn't work well outside bash/zsh
  • Auto-update mechanism could overwrite customizations (though README claims it preserves them)
  • 65+ on-demand MCP servers is extremely broad — security review of each server is left to the user
  • SQLite audit trail grows unbounded (no rotation mentioned)
  • 58 stars suggests limited production adoption relative to framework complexity

Relationship to Batch 31

CLAUDER is the most comprehensive "Claude Code safety config" in the batch. Where pi-steering-hooks (another batch member) enforces a handful of regex rules for the pi agent, CLAUDER has 14 Python hook scripts, 67 domain agents, and SQLite audit logging. The intervention model is similar but far more extensive.

04

Workflow

CLAUDER — Workflow

Installation Phases

Phase Description Artifact
Global install Clone repo, run installer, add clauder to PATH ~/clauder/ directory
Project activation Run clauder → choose "activate in project" .claude/ in project dir, .mcp.json
Expansion pack selection Optional: select domain agent packs Agents copied to .claude/agents/
Session start Run clauder to launch Claude with all checks Guarded Claude Code session

Session Workflow

Every session:

  1. clauder runs security pre-flight, checks for updates, displays banner
  2. Claude Code starts with settings.json wired hooks active
  3. On every tool call: PreToolUse hooks run (blocking if violations detected)
  4. SQLite log entry written by trace-event.py on every tool call
  5. PostToolUse hooks run (logging, git checkpoint, completion checks)
  6. On completion: Stop hook fires (audio feedback if enabled, completion enforcement)
  7. Developer can open web tracer to review session audit trail

Approval Gates

Gate Trigger Type
Human approval for Supabase PreToolUse on mcp__supabase human-required
Custom approval rules PreToolUse via require-human-approval.py typed-confirm

Context Engineering (Optional)

If HISTORY.md and SPECIFICATIONS.md are enabled:

  • Context documentation is enforced across sessions
  • Provides continuity information for the agent

Execution Mode

Continuous during session (hooks fire on every tool call), one-shot CLI invocation.

06

Memory Context

CLAUDER — Memory & Context

State Storage

CLAUDER uses SQLite for comprehensive audit logging:

Store Path Content
SQLite trace DB .claude/logs/*.db All tool calls, timestamps, operation types
Preferences .claude/preferences.json User-configurable settings
Git checkpoints git repo Auto-commits before/after each interaction

Audit Trail (SQLite)

The trace-event.py hook creates and maintains a SQLite database (trace_logs table) that records:

  • Timestamp of every tool call
  • Operation type (tool name)
  • Full event data (JSON)
  • Created_at timestamp

This provides full session replay capability: all operations are logged with enough data to reconstruct what the agent did.

Optional Context Engineering

If enabled, CLAUDER enforces documentation in:

  • HISTORY.md — session history for cross-session continuity
  • SPECIFICATIONS.md — project specifications

These are not mandated but optional context hygiene patterns.

Web Tracer

.claude/tracer/ — a web application that reads the SQLite audit logs and displays them as a real-time monitoring dashboard.

Memory Persistence

  • Session-level: SQLite grows per session
  • Project-level: SQLite db persists across sessions
  • Global: git checkpoints (optional) commit after each interaction

Compaction

Not explicitly handled. Long sessions: unknown behavior.

Cross-Session Handoffs

Git checkpoint system provides continuity — each interaction auto-commits, creating a recoverable state.

07

Orchestration

CLAUDER — Orchestration

Multi-Agent

Yes — via expansion packs (67 agents across 8 domains) and the /spawn and /recruit commands.

Orchestration Pattern

Sequential + task-decomposition: the /spawn command creates sub-agents for specific tasks; /recruit intelligently selects domain-appropriate agents.

Isolation Mechanism

None — agents run within the same Claude Code session. No worktree isolation.

Execution Mode

Event-driven (hooks fire on every tool call during session) + one-shot CLI entry.

Multi-Model

No explicit multi-model routing. All agents use Claude.

Spawn Mechanism

/spawn command — creates sub-agents within Claude Code's native Task tool or as separate processes (implementation details not fully public).

Agent Definition Format

Persona-md — expansion pack agents are markdown files with role descriptions and domain expertise.

Cross-Tool Portability

Single-tool (Claude Code). The hook system is Claude Code-specific.

Consensus

None.

Prompt Chaining

Implicit — /spawn and /recruit chains agent outputs back to the orchestrating session.

08

Ui Cli Surface

CLAUDER — UI & CLI Surface

CLI Binary

Exists: yes Name: clauder Type: bash script wrapper around claude CLI Is thin wrapper: yes — wraps the Claude Code claude binary with pre-flight checks Install: bash install script adds to PATH

Local UI

Exists: yes Type: web-dashboard Tech stack: unknown (tracer app in .claude/tracer/) Port: unknown (not specified in README) Features: live session monitoring, SQLite audit log viewer

The web tracer is described as:

"Web-based tracer app for live monitoring. Pre and post-operation validation and logging."

Status Line

Custom status bar via .claude/statusline/pyccsl.py:

  • Shows project name, git branch, active model
  • Optional: API costs per session
  • Configures statusLine in settings.json

IDE Integration

None beyond Claude Code's native interface.

Observability

  • SQLite audit trail at .claude/logs/*.db
  • Web tracer for live monitoring
  • Git checkpoints for state recovery
  • Optional audio feedback on task completion (audio-summary.py)

MCP Server Integration

65+ on-demand MCP servers configured in .mcp.json, installed per-project. Examples include:

  • npmjs, tailscale (shown in .claude/settings.local.json)
  • Supabase (guarded by human-approval hook)

Related frameworks

same archetype · same primary tool · same memory type

OpenHarness ★ 13k
A11 Governance

Open-source Python agent runtime providing complete harness infrastructure: tools, memory, governance, swarm coordination, and…

Trae Agent ★ 12k
A11 Governance

Research-friendly open-source CLI coding agent by ByteDance, designed for academic ablation studies and modular LLM provider…

Sweep AI ★ 7.7k
A11 Governance

Autonomous GitHub bot that converts issues to pull requests using a sequential multi-agent pipeline.

Agent Governance Toolkit (microsoft) ★ 2.3k
A11 Governance

Enterprise-grade AI agent governance: YAML policy enforcement, 12-vector prompt injection defense, zero-trust identity,…

TDD Guard ★ 2.1k
A11 Governance

Mechanically enforces the Red-Green-Refactor TDD cycle by blocking file writes that violate TDD principles via a PreToolUse hook…

Agentic Coding Flywheel Setup (ACFS) ★ 1.5k
A11 Governance

Take a complete beginner from laptop to three AI coding agents running on a VPS in 30 minutes via an idempotent manifest-driven…