krabb is an open-source, self-hosted Python tool for web access analytics and control in Claude Code. It logs every tool call to a local SQLite database, lets you block specific domains, and protects sensitive files from being modified.

Yes, krabb is completely free and open source under the MIT License.

Does krabb send data to external servers?

No. krabb is self-hosted and runs entirely on your machine. All data is stored in a local SQLite database and the dashboard runs on localhost:4242.

How does krabb integrate with Claude Code?

krabb integrates through Claude Code's PreToolUse hook system. Running krabb init registers a hook that intercepts tool calls before they execute.

Open Source · MIT License · Self-host

Access Control
for Claude Code

Name: krabb
Author: krabb

Log every tool call, block unwanted domains, and protect sensitive files. Self-hosted, runs entirely on your machine.

$ pip install krabb && krabb init

View on GitHub PyPI →

Self-host

MIT Licensed

Python 3.10+

What it does

krabb hooks into Claude Code and gives you visibility and control over what it accesses.

Tool Logging

Log every WebFetch, WebSearch, Bash, Read, Write, and Edit call to a local SQLite database.

Domain Blocklist

Block specific domains with exact match, wildcard patterns, or full regex support.

File Protection

Prevent Claude from modifying sensitive files using flexible glob patterns.

Dashboard

Web UI at localhost:4242 with live event monitoring, session tracking, and stats.

Filtering & Grouping

Search, filter by tool type or decision, and group events by session or domain.

CLI

Manage everything from the terminal — status, logs, blocklist, and configuration.

Use cases

How krabb helps you keep Claude Code in check.

Block suspicious domains

Prevent Claude Code from fetching content from untrusted or malicious websites.

evil-site.comblocked

*.phishing.netblocked

/tracking\.\w+\.com/blocked

Protect sensitive files

Stop Claude from reading or modifying credentials, environment variables, and secrets.

*.envblocked

*.pemblocked

credentials.jsonblocked

Audit web access

See exactly which URLs Claude is fetching and what search queries it runs.

WebFetchapi.example.com/users

allow

WebSearch"how to parse JSON"

allow

WebFetchsketchy-cdn.io/script.js

deny

Monitor tool usage

Track every Bash command, file read/write, and edit that Claude performs in your project.

Bashnpm install express

allow

Writesrc/config/db.ts

allow

Edit.env.local

deny

Getting started

terminal

# install

$ pip install krabb

# register hook and start daemon

$ krabb init

# open the dashboard

$ krabb dashboard

→ running at localhost:4242

Requires Python 3.10+. Full docs

Dashboard

Browse events, manage rules, and view stats at localhost:4242.

krabb dashboard — localhost:4242

krabb v0.1

Events Today

142

Blocked

Top Domain

github.com

Sessions

Recent Events

Time	Tool	Detail	Status
14:23:01	WebFetch	github.com/petricbranko/krabb	Allow
14:22:48	WebSearch	"react hooks best practices"	Allow
14:22:35	Bash	npm install lucide-react	Allow
14:21:59	WebFetch	evil-site.com/payload.js	Deny
14:21:44	WebFetch	docs.python.org/3/library	Allow

Installation

Requires Python 3.10+. Works on macOS and Linux.

terminal

# Install from PyPI

$ pip install krabb

# Initialize and start the daemon

$ krabb init

# Check status

$ krabb status

# Open the dashboard

$ krabb dashboard

Full documentation on GitHub

Frequently Asked Questions

Everything you need to know about krabb.

Access Controlfor Claude Code

What it does

Tool Logging

Domain Blocklist

File Protection

Dashboard

Filtering & Grouping

CLI

Use cases

Block suspicious domains

Protect sensitive files

Audit web access

Monitor tool usage

Getting started

Dashboard

Installation

Frequently Asked Questions

Access Control
for Claude Code