The open‑source tool agent‑pd adds a forensic “police department” to Anthropic’s Claude Code environment. It installs a logging‑only hook that records every tool invocation, permission denial, and sub‑agent lifecycle event from the main agent and any spawned subagents. The CLI can replay the audit log and surface rule violations with evidence, without blocking.

The system covers the primary agent plus all subagents, including those generated by Claude Code’s new dynamic Workflow feature. Six deterministic detectors run at zero token cost, flagging denied calls, out‑of‑scope file access, credential reads, permission bypass, self‑permissioning, disallowed tools, and off‑task work. These checks run automatically for each session, simplifying compliance audits. An optional LLM judge can add a second opinion layer.

Because Claude Code discards denied calls before they appear in the transcript, developers lack visibility into risky behavior. agent‑pd’s hash‑chained logs and session naming derived from project directories give a forensic trail that can be inspected live with “pd watch” or after the fact with “pd report.” The tool provides accountability without acting as a sandbox. Teams can archive the off‑host sink for regulatory review.