Skip to content
BSWEN
Blog

How to Set Up Alerts for Sensitive File Access in Claude Code

Cowrie
Cowrie
Dev @ Bswen

I was working on a project with Claude Code the other day, and I started getting paranoid. Claude had been reading through my codebase for hours, and I suddenly wondered: has it touched my .env file? What about my AWS credentials stored in that config file?

The problem is, Claude Code reads files to understand context - but that context can include sensitive data. And without any monitoring, you have zero visibility into what files Claude is actually accessing.

# This is what I wanted to know:
# - Did Claude read my .env files?
# - Did it access any credential files?
# - What exactly is Claude doing with my files?

I needed a way to get notified when sensitive files get accessed. Here’s what I found.

What I Tried First

My first thought was to check the permissions settings. Claude Code has a permission system that should block access to sensitive files, right?

But permissions alone don’t give you visibility. Even if Claude asks for permission to read a file, you might just click “allow” without thinking during a long coding session. And once a file is in context, it stays there.

I also looked at the session logs. Sure, there’s a history of what Claude did, but scrolling through hundreds of tool calls to find if .env was accessed is tedious and error-prone.

What I needed was proactive alerts - notifications that trigger the moment a sensitive file gets touched.

The Solution: claude-devtools

After some research, I found claude-devtools - a community-built monitoring tool specifically designed for this problem. It provides custom notifications when specific files are accessed, when tool execution errors occur, or when token usage spikes.

Here’s how I set it up.

Step 1: Install claude-devtools

Installing claude-devtools
git clone https://github.com/matt1398/claude-devtools.git
cd claude-devtools
npm install
npm run build

Step 2: Configure Sensitive File Patterns

The key is defining regex patterns for the files you want to monitor. I created a configuration file with patterns for common sensitive files:

claude-devtools-config.json
{
  "alerts": {
    "fileAccess": {
      "enabled": true,
      "patterns": [
        ".*\\.env$",
        ".*\\.env\\..*$",
        ".*credentials.*$",
        ".*secrets.*$",
        ".*\\.pem$",
        ".*\\.key$"
      ],
      "notifyOn": "read"
    },
    "tokenUsage": {
      "enabled": true,
      "threshold": 100000,
      "notifyOn": "exceed"
    },
    "toolErrors": {
      "enabled": true,
      "notifyOn": "error"
    }
  }
}

Let me break down what each pattern catches:

Regex patterns explained
# Environment files
.*\.env$           # Matches .env exactly
.*\.env\..*$       # Matches .env.local, .env.production, etc.


# Credentials and secrets
.*credentials.*$   # Matches any file with "credentials" in the name
.*secrets.*$       # Matches any file with "secrets" in the name


# Certificate and key files
.*\.pem$           # Matches .pem certificate files
.*\.key$           # Matches .key private key files

Step 3: Run the Monitor

Starting the monitor
npm run start --config claude-devtools-config.json

Now when Claude accesses any file matching these patterns, I get an immediate notification.

What Actually Happened

After setting this up, I went back to work with Claude Code. About 20 minutes later, I got an alert:

Alert notification
ALERT: Sensitive file accessed
File: /home/user/project/.env
Tool: Read
Time: 2026-03-24 10:30:15

It turns out Claude had tried to read my .env file to understand the project configuration. Without the alert, I would never have known. Now I could take action - either let it slide since it was legitimate, or be more careful about what context I’m loading.

I also got a token usage alert:

Token spike alert
ALERT: Token usage spike
Current: 125,000 tokens
Threshold: 100,000 tokens
Context: Large file loaded into session

This helped me realize Claude was loading too much context, including files I didn’t actually need it to read.

Why This Matters

The key insight here is that AI coding assistants need to read files to work - but that creates a security blind spot. When you’re in flow state, coding rapidly with AI assistance, you might not notice:

  1. Context accumulation: Files get loaded into context and stay there
  2. Permission fatigue: You keep clicking “allow” without reading
  3. Silent access: Once permission is granted, subsequent reads are invisible

Proactive monitoring with alerts lets you catch these issues early, before sensitive data accidentally ends up in logs, prompts, or worse - shared with someone else.

Common Mistakes I Almost Made

When setting this up, I made a few mistakes you should avoid:

Mistake 1: Too broad patterns

BAD: Too broad
.*$              # This matches EVERYTHING - useless

Mistake 2: Too narrow patterns

BAD: Too narrow
\.env$           # Missing the leading .*, won't match full paths

Mistake 3: Forgetting about config files

I initially only watched .env files, forgetting that config.json and settings.json often contain API keys too. Add patterns for any file that might hold secrets.

Going Further

Once you have basic file access alerts working, you can extend this to:

  • Tool execution errors: Get notified when Claude’s tools fail, which might indicate it’s trying something it shouldn’t
  • Rate limiting alerts: Know when you’re approaching API limits
  • Session duration warnings: Remind yourself to review what’s in context after long sessions

You can also integrate with desktop notification systems:

Desktop notifications config
{
  "notifications": {
    "desktop": true,
    "sound": true,
    "terminal": true
  }
}

Summary

In this post, I showed how I set up alerts for sensitive file access in Claude Code using claude-devtools. The key is configuring regex patterns for your sensitive files and running the monitor in the background. Now I get immediate notifications when Claude touches .env files, credentials, or any other protected data - giving me the visibility I need to maintain security during AI-assisted development.

The setup takes about 5 minutes, but the peace of mind is worth hours of potential security headaches.

Final Words + More Resources

My intention with this article was to help others share my knowledge and experience. If you want to contact me, you can contact by email: Email me

Here are also the most important links from this article along with some further resources that will help you in this scope:

Oh, and if you found these resources useful, don’t forget to support me by starring the repo on GitHub!

Comments

Tags: