Your AI writes code.
Fact0 keeps the receipts.
One plugin turns every Claude Code session into a tamper-evident, queryable audit log — every prompt, file edit, and shell command. Block dangerous actions before they run, and prove it afterward.
Turn 7“fix the failing auth test and clean up the handler”
- Editapi/internal/auth/handler.go
- Bashgo test ./internal/auth/...exit 0
- Blocked Bashrm -rf is blocked: destructive and irreversible
- Readapi/internal/auth/handler_test.go
Zero per-session setup
Install once, and every session on the machine auto-logs. No wrappers, no SDK calls, no config files in your repos.
Install the plugin
One command inside Claude Code adds the Fact0 marketplace and installs the plugin. It hooks every lifecycle event automatically.
/plugin install fact0-claude-code@fact0Set your API key
Grab a key from the Fact0 dashboard, export it once. There is no per-project or per-session setup after this.
export FACT0_API_KEY=f0_live_...That's it
Every session now streams in: prompts, file edits, commands, permission decisions, subagents — hash-chained and queryable.
/fact0-status # capture: activeBuilt for developers first, auditors second
A readable session timeline
The Coding Agents view shows every session turn by turn: what you asked, which files the agent edited, which commands it ran, and what it cost. Your daily answer to “what did the AI actually do?”
Block dangerous actions — and prove it
Governance rules stop rm -rf, curl|sh, or writes to .env before they execute. Every allow and deny lands in the tamper-evident chain, so you can prove the block was real months later.
Privacy-first by design
The default capture mode ships file paths, commands, and prompts — never file contents or tool outputs. Redaction happens on your machine, before anything is sent. Hash-only mode is one env var away.
An audit trail regulators accept
Each event is SHA-256 hash-chained server-side. Run verify anytime to prove no session history was inserted, altered, or deleted — by anyone, including the agent itself.
You choose what leaves the machine
Three capture modes, redacted client-side before anything is sent. File contents and tool outputs never ship unless you explicitly opt into raw mode.
metadatadefaultShips: File paths, command text, prompts, tool names
Protected: File contents, tool outputs
hashlocked-downShips: SHA-256 digests + lengths only
Protected: Everything — zero raw text leaves
rawopt-inShips: Everything, including contents
Protected: Nothing withheld
Solo developers
A searchable history of every AI coding session across your projects — what changed, when, and what it cost.
Team leads
Ship one policy.json in the repo and every teammate's agent obeys the same guardrails, with denials on the record.
Compliance & security
Push the plugin via managed settings so it can't be disabled, and hand auditors cryptographic evidence instead of screenshots.
See your next coding session in Fact0
Free tier included. Install the plugin, set your key, and open the Coding Agents view — your next session shows up live.