Claude Code is one of the most capable AI coding agents available, which also means it's one of the most active on your machine. It reads files, runs shell commands, calls external APIs, and in agentic mode can chain multiple actions without stopping to ask for approval.
What activity does Claude Code generate?
Each Claude Code session produces several types of activity worth tracking.
Filesystem reads and writes are the most frequent. Claude Code reads source files, config files, and sometimes credential-adjacent files like .env when it needs context about your project. It may write or modify files as part of completing tasks.
Shell command execution follows from many tasks. Claude Code runs test runners, build scripts, git operations, and npm installs. In agentic mode, it may run sequences of commands without pausing between them.
API calls happen on every exchange. Each message sends a request to the Anthropic API that includes your prompt, any files Claude Code read as context, and the response. All of that is billed by token count.
Tool invocations are a layer below API calls. When Claude Code uses built-in tools (file read, bash, search), each invocation is a discrete logged action. MCP server connections extend this further by giving Claude Code access to additional tools over a separate channel.
Why monitor Claude Code specifically?
Claude Code's strength is also the reason monitoring matters. It operates with more autonomy than a standard chat interface. A single instruction like "refactor this module and update the tests" can trigger dozens of file reads, multiple shell commands, and several API round-trips, all without you watching.
Three things builders typically want to track:
Costs can grow quickly in agentic sessions, especially when Claude Code reads large files into context or loops through retry logic. Seeing per-session token counts makes it easier to tune how you use the tool.
Security events are easy to miss without monitoring. If Claude Code reads a credential file or sends a request that contains a secret, the default tooling doesn't alert on it.
Unexpected actions are rare but worth catching. Claude Code generally does what you ask, but mistakes happen. Command execution logs let you verify that the commands that ran were the ones you expected, especially for destructive operations.
How do I monitor Claude Code activity?
Claude.ai dashboard. The built-in usage dashboard at claude.ai shows aggregate token consumption and spend by billing period. It's useful for budget tracking but doesn't show what happened within a session. For per-session token analysis, see How to Monitor AI Agent Token Usage.
Local session logs. Claude Code writes activity to its session log directory. On macOS and Linux this is typically at ~/.claude/logs/. Logs include tool calls, file paths accessed, and commands run, in JSON format. These are complete but raw: you'll need to parse or search them manually.
# View recent Claude Code session logs
ls -lt ~/.claude/logs/ | head -10
# Search for file access events in the last session
cat ~/.claude/logs/<session-id>.jsonl | jq 'select(.type == "tool_use" and .name == "Read")'
Proxy-based monitoring. AgentGuard360 routes Claude Code's API traffic through a local proxy. This captures every request and response, runs content scanning on the payload (flagging credentials, prompt injection patterns, and unusual exfiltration-like content), and records token counts per session. The dashboard shows Claude Code's activity timeline alongside any other agents you're running.
For builders using Claude Code in professional or team contexts, proxy monitoring also provides a paper trail. You can show exactly what the agent sent to the API and what it received back.
What are common mistakes to avoid?
Relying only on the billing dashboard tells you costs are rising but not why. Session-level token counts point you to the sessions worth investigating.
Skipping agentic session log reviews is easy to do when nothing seems wrong. When Claude Code runs in agentic mode with broad permissions, reviewing what it did after the fact matters, especially for tasks involving production config or infrastructure files.
Ignoring MCP server traffic is a real gap. If you've connected Claude Code to MCP servers (filesystem, browser, database tools), that traffic flows outside the standard API log. Monitoring the MCP channel separately, or using a wrapper that captures it, closes that gap.
Having no alert for credential file access means you find out after the fact. Claude Code will read .env files when they're in your working directory and relevant to the task. That's usually fine. Setting up an alert when it happens means you find out, rather than assuming.
