Tatu: Open-source security layer for Claude Code blocks secrets and destructive commands
What Tatu does
Tatu is an open-source security layer built specifically for Claude Code. It functions as a hook system that intercepts every Claude Code action in real time before execution.
Key security features
- Blocks leaked secrets (like AWS keys written to config files)
- Flags PII (personally identifiable information)
- Denies destructive commands (such as 'rm -rf' in wrong directories)
Deployment and setup
Everything runs on your own infrastructure. The installation process is straightforward:
pip/pipx install tatu-hook
tatu-hook initThis puts you in audit mode immediately. The developer notes it's been running in production for them for a while, though it's still early days for the project.
Source information
The tool was created by a developer who has been using Claude Code heavily for months and became concerned about potential security risks. The motivation specifically mentions preventing AWS keys from being written to config files and avoiding destructive commands like 'rm -rf' in incorrect directories.
GitHub repository: github.com/laboratoriohacker-com/tatu
Project site: https://tatu.sh
📖 Read the full source: r/ClaudeAI
👀 See Also
aco-system: An Entire Company OS for Claude That Writes User Stories, Breaks Tasks, Reviews PRs
A Reddit user shared how aco-system turned a single GitHub issue into a fully validated PR with tests — driven entirely by Claude. Includes user story generation, task breakdown, secret checking, and PR review.
Telegram Bot to Manage Headless Claude Code Channels via tmux
A zero-dependency Python Telegram bot that launches, stops, and monitors Claude Code Channels sessions in tmux on a headless server, with watchdog auto-restart.
Cognithor v0.40.0 adds persistent AI agent identity with ethical constraints
Cognithor v0.40.0 introduces the Immortal Mind Protocol, giving local AI agents persistent identity across sessions with 7 hardwired ethical anchors and dream cycles for memory consolidation. The update adds 9,488 lines of code and runs 100% locally.
repo-mem: Open-Source MCP Server Adds Persistent Team Memory to Claude Code
repo-mem is an open-source MCP server that adds persistent, shared memory to Claude Code sessions using SQLite and Git. It solves team isolation by storing observations in per-user databases that get committed to the repository.