In Part 1, we audited LLM frameworks. Part 2 focuses on CLI and IDE-based LLM agents, specifically Claude Code.
When an agent edits your codebase, you need a verifiable trace of what changed, cryptographic attribution, immutable storage, and a standardized execution format.
We implement this via a Rust-based audit-hook binary, Claude Code hook integration, storage of audit records as Agent Trace-compliant trace objects, and anchoring on WeilChain.
1. Problem: AI Code Changes Are Hard to Prove
Claude Code can read files, edit files, write new files, and refactor large codebases. Traditional safeguards like git history, local logs, and IDE history can be rewritten, squashed, or tampered with — and do not cryptographically bind to agent identity.
We need pre-tool execution auditing, not post-hoc reconstruction.
2. Design Overview
We use Claude Code's Hook system to intercept tool execution events.
Relevant documentation:
- Claude Code Hooks: https://code.claude.com/docs/en/hooks
- Agent Trace Spec: https://agent-trace.dev/#1-motivation
The audit hook triggers on Write and Edit tool usage, captures file mutation intent, constructs a trace record, signs it using a Weil wallet, and anchors it on WeilChain.
3. Architecture
Execution Flow
This ensures code edits are audited before execution, records are immutable, and edits are attributable to a cryptographic identity.
4. Installing the Audit Hook
Step 1 — Download Binary
Place audit-hook in your system PATH. The binary expects audit-hook <PATH_TO_PRIVATE_KEY>. Example: audit-hook ~/.weil/private_key.wc
Step 2 — Configure Claude Code
Add this to your settings.json or settings.local.json:
This tells Claude Code to execute audit-hook and pass the context payload to the binary before any Write or Edit.
5. What the Audit Hook Captures
When triggered, Claude Code provides the tool name (Write/Edit), file path, proposed content, diff (if applicable), and invocation metadata.
The Rust binary normalizes the event, converts it into an Agent Trace record, hashes content or diff, signs the trace, and submits to WeilChain.
6. Storing Audit as Agent Trace Record
We follow the Agent Trace specification. The Agent Trace spec defines a structured format for agent execution events, deterministic representation of actions, portable execution logs, and cryptographic verification compatibility.
Note: Although we are displaying the actual content in the "Receipts" for illustration purposes, in production the system records only a cryptographic commitment on WeilChain. The underlying content can be selectively revealed and verified later during an authorized audit or forensic analysis.
7. Identity Model in CLI Context
In this environment, identity is the developer's Weil wallet, provided to the hook binary. All edits are cryptographically signed, ensuring non-repudiation of AI-generated code, separation between different developers, and auditable collaboration across teams.
8. On-Chain Anchoring
WeilChain stores the trace hash, signature, wallet address, block timestamp, and transaction hash. The block explorer allows searching by wallet, filtering by event type, and chronological trace reconstruction.
9. Why PreToolUse Matters
Auditing in PreToolUse ensures the intended mutation is recorded, the audit cannot be bypassed after modification, and no silent file changes occur. If auditing fails, the hook can optionally block execution or warn the user. This makes auditing enforceable.
10. Writing Custom Hooks Using Weil SDK
We provide SDK building blocks for wallet loading, payload signing, transaction broadcasting, and trace construction helpers across Python, Go, Java, Rust, and Node.js.
Instead of using the Rust binary, you can write your own Claude hook, construct Agent Trace-compliant records, and use the SDK to sign and broadcast.
11. Enterprise Use Cases
Receipts unlocks a new class of verifiable AI development for regulated software development, AI-assisted financial systems, secure DevOps pipelines, auditable AI pair-programming, and multi-developer attribution systems.
You can now prove which AI agent modified which file, when the modification was proposed, which identity signed it, and that the record was never altered.
Summary
The Claude Code audit hook uses Claude's hook system to intercept Write and Edit actions, converts them into Agent Trace-compliant records, signs them with a Weil wallet, and anchors them immutably on WeilChain.
This transforms AI code edits from "trust the tool" into "verify the trace." Code changes now have cryptographic receipts.