Claude Code adapter

Adds under 1 ms p95 per Claude Code tool call (measured on a developer laptop, loopback). Policy authoring, audit log, and dashboard are shared with your production-agent setup.

Install

Requires Node.js 22+ on macOS or Linux.

npm i -g @rubric-app/claude-code
rubric init

rubric init is interactive and prompts for two values:

Prompt	Value
Agent name	How this install shows in the dashboard. Suggestion: `claude-code-<hostname>`.
Enrollment token	The `enr_…` string from the dashboard’s Enrollment page.

The Rubric API URL defaults to https://api.rubric-app.com. Override with the RUBRIC_API_URL env var if you’ve been given a different URL. After init completes, every Claude Code tool call on this machine flows through your policies. No code change, no harness change.

Scripted installs

Skip prompts with flags:

npm i -g @rubric-app/claude-code
rubric init \
  --agent-name claude-code-laptop \
  --enrollment-token "$RUBRIC_ENROLLMENT_TOKEN"

Or via env vars: RUBRIC_AGENT_NAME, RUBRIC_ENROLLMENT_TOKEN, RUBRIC_API_URL. init will also install a launchd LaunchAgent (macOS) or systemd-user unit (Linux) so the daemon survives logout and reboot.

Verify

rubric doctor

Six checks must pass:

✓ config files present
✓ daemon process alive
✓ daemon /healthz < 200ms
✓ identity refresh works
✓ settings.json has hooks
✓ bundle non-empty + fresh

Each failure prints an actionable next step. The most common failure on a fresh install is bundle non-empty + fresh — you need to author at least one policy in the dashboard and scope it to this agent.

Writing policies

Policies are authored in the dashboard exactly like the production adapters. Fields available to Claude Code policies:

Field	Example values
`tool_name`	`Bash`, `Read`, `Edit`, `Write`, `MultiEdit`, `WebFetch`, `WebSearch`
`input.command`	`rm -rf /tmp/foo` (for `Bash`)
`input.file_path`	`/Users/dev/.ssh/id_rsa` (for file IO tools)
`input.url`	`https://example.com/api` (for `WebFetch` / `WebSearch`)
`session_id`	Claude Code session id
`agent_id`	Rubric-assigned id for this install

Example — block reads of common secret files:

apiVersion: agent-governance.io/v1
kind: Policy
metadata:
  name: block-secret-files-claude-code
spec:
  defaultEffect: allow
  rules:
    - id: deny-secret-file-access
      effect: deny
      conditions:
        - field: tool_name
          operator: in
          value: [Read, Edit, Write, MultiEdit]
        - field: input.file_path
          operator: matches
          value: '(?i)(\.env(\.|$)|\.pem$|/\.ssh/|/\.aws/credentials|id_rsa)'

The deny reason shows verbatim in the developer’s Claude Code terminal:

Rubric denied this call: policy block-secret-files-claude-code (rule deny-secret-file-access) matched.

CLI reference

rubric init       Interactive enrollment + filesystem setup + daemon start.
rubric doctor     Run six sanity checks against the local install.
rubric status     Concise overview: config path, pid, port, healthz, log file.
rubric stop       Stop the daemon and wait for graceful shutdown.
rubric logs       Pretty-print the daemon log with optional filters.
rubric uninstall  Stop daemon, unpatch settings.json, remove config.

`rubric init` flags

--api-url <url>             Override the API URL (defaults to https://api.rubric-app.com).
--agent-name <name>         Skip the prompt.
--enrollment-token <token>  Skip the prompt.
--no-start                  Don't spawn the daemon at the end of init.
--no-settings-patch         Leave ~/.claude/settings.json alone.
--force                     Re-run init even if a config already exists.

`rubric logs` filters

--decision <allow|deny>      Show only PreToolUse decisions of this kind.
--tool <name>                Events with tool=<name> (Bash, Read, ...).
--since <duration>           Only entries newer than this (30s, 5m, 2h, 1d).
-f, --follow                 Keep tailing as new lines arrive.

rubric logs --decision deny --since 1h
rubric logs --tool Bash --follow

`rubric stop` flags

--force        Fall back to raw SIGTERM if the daemon doesn't respond to the
               authenticated shutdown request.

`rubric uninstall` flags

--purge        Also remove the log file (default: preserved).
--keep-daemon  Don't stop the daemon (useful in scripted teardown).

Where things live on disk

Path	What’s there
`~/.config/rubric/config.json`	API URL, agent name, enrollment token. Mode `0600`.
`~/.config/rubric/daemon.token`	64-char hex bearer token gating the loopback daemon. Mode `0600`.
`~/.config/rubric/daemon.pid`	Daemon process id.
`~/.config/rubric/daemon.port`	Bound port (defaults to 47821; falls back to OS-assigned).
`~/.claude/settings.json`	Patched with three Rubric hook entries (PreToolUse, PostToolUse, SessionStart). User-authored entries are preserved.
`~/Library/Logs/rubric/claude-code.log` (macOS)	Daemon log.
`~/.local/state/rubric/claude-code.log` (Linux)	Daemon log.
`~/Library/LaunchAgents/dev.rubric.claude-code.plist` (macOS)	Service definition.
`~/.config/systemd/user/rubric-claude-code.service` (Linux)	Service definition.

Uninstall

rubric uninstall          # leaves logs for postmortem
rubric uninstall --purge  # also removes the log file

User-authored entries in ~/.claude/settings.json are preserved — only entries pointing at the local daemon URL are stripped.

​Install

​Scripted installs

​Verify

​Writing policies

​CLI reference

​rubric init flags

​rubric logs filters

​rubric stop flags

​rubric uninstall flags

​Where things live on disk

​Uninstall