How I built a trust scoring hook for Claude Code

I've been using Claude Code for a while and realized I had zero visibility into what the agent was doing across sessions. Which tools it called, whether it touched files it shouldn't have, how many calls it made per task. So I built a hook that scores every session. What it does The hook listens to three Claude Code events: PostToolUse — records every tool call, checks it against an allowlist, flags protected path access PreToolUse — blocks tool calls that touch sensitive files like .env or SSH keys Stop — computes the final trust score and logs it At the end of each session you get: [authe.me] Trust Score: 92 (reliability=100 | scope=75 | cost=100) [authe.me] tools=14 violations=1 failed=0 The scoring Three dimensions, weighted into an overall score: Reliability (40%) — what percentage of tool calls succeeded Scope (35%) — did the agent stay within your allowed tools and paths. Each violation drops the score by 25 points Cost (25%) — how many tool calls were made. Under 20 is fine, ov