Audit trails, enforced boundaries, and compliance tooling for Claude Code Agent Teams.

Khoregos is the governance layer for Claude Code Agent Teams. Audit trails. Enforced boundaries. Compliance tooling. Uses Claude Code's public hooks and MCP — zero patching, zero changes to how your agents work.

$ npm install -g khoregos
$ k6s init
$ k6s team start "your objective"
View on GitHub → npm · khoregos

What Agent Teams leave ungoverned

Native Agent Teams handles coordination. Not this.

No audit trail You can't prove what your agents did or why
No session persistence Tomorrow, the context is gone
No human gates Agents modify any file, add any dependency
No enforced boundaries Specialization is advisory, not structural
No resource limits Agents run unbounded with zero attribution
No compliance reporting You can't pass a security review
No sensitive change detection Secrets, auth files, and infrastructure configs modified without notice

Governance Layer

Make your Agent Team audit-ready for SOC 2 and ISO 27001

Dual-audit architecture: cooperative MCP tools for agents that comply, non-cooperative hooks as a safety net for everything else.

01

Governed sessions

A governed session wraps your Agent Team invocation. Start one on Monday, keep working through Friday — every action captured in a single audit trail. SQLite-backed, survives restarts. k6s export --format git commits governance state to your repo. k6s team resume picks up where you left off.

02

Cryptographic audit trail

HMAC-SHA256 hash chain across 26 event types. Every agent action: who, what, why, when. RFC 3161 external timestamping. JSON/CSV export for SIEM ingestion. k6s audit verify --exit-code in CI.

03

Human-in-the-loop gates

Configurable gate rules match file patterns (.env*, *.pem, package.json) and flag sensitive changes for human review. Gate events surface in k6s audit show --type gate_triggered and fire webhooks to Slack, PagerDuty, or your approval system.

04

Enforced agent boundaries

allowed_paths / forbidden_paths per agent via picomatch globs. Advisory mode logs violations; strict mode triggers git-backed revert. Path traversal and symlink exfiltration hardening built in.

05

Resource limits and attribution

Per-agent resource limits (max_tool_calls_per_session) cap runaway agents. Session attribution tracks which agent did what. Tool duration metrics feed Prometheus.

06

Full observability stack

OpenTelemetry traces and metrics with OTLP export. Prometheus endpoint at :9090/metrics. HMAC-signed webhook dispatcher with event filtering and retry backoff. Ships to Grafana, Jaeger, LangFuse, Datadog.

07

Claude Code plugin

Four Claude Code hooks (PostToolUse, SubagentStart, SubagentStop, Stop), MCP server with 8 governance tools, SKILL injection for agent context, and slash commands (/k6s start, /k6s status, /k6s audit, /k6s stop).

Built for regulated environments

SOC 2 and ISO 27001 report templates included. Six configuration presets: minimal, security-strict, compliance-soc2, compliance-iso27001, monorepo, microservices.

Domain Khoregos capability
Change management k6s audit report --standard soc2|iso27001 · strict boundary enforcement · plugin hooks · CI/CD gating via --exit-code
Supply chain security Automatic dependency diff detection on package.json · k6s export --format git for PR review
Audit integrity HMAC-SHA256 hash chain · RFC 3161 timestamping · k6s audit verify --from-export in CI
Data classification Four-level file tags: public / internal / confidential / restricted · severity auto-classification
Access control Per-agent boundaries · allowed_paths / forbidden_paths · max_tool_calls_per_session · exclusive file locks
Compliance reporting k6s compliance checkpoint --json --exit-code · attestation records · JSON/CSV export for SIEM
Data retention Configurable retention per dimension: audit_retention_days, session_retention_days, context_retention_days

Zero to governed in five minutes

1

Install

$ npm install -g khoregos
2

Initialize your project

$ cd your-project
$ k6s init
# Or start with a preset:
# k6s init --preset compliance-soc2
# k6s init --list-presets
3

Start a governed session

$ k6s team start "implement user authentication"
# Then run Claude Code as normal. Khoregos captures every action.
# Or combine: k6s team start --run "your prompt"
4

Prove what happened

$ k6s audit show

+----------+-----+-----------+------+------------------------+----------------------------------+ | Time | Seq | Agent | Sev | Type | Action | +----------+-----+-----------+------+------------------------+----------------------------------+ | 14:02:03 | 1 | system | info | session_start | session started | | 14:02:15 | 2 | backend | info | tool_use | write -- src/auth/session.ts | | 14:02:18 | 3 | backend | info | tool_use | write -- src/auth/middleware.ts | | 14:02:21 | 4 | backend | warn | sensitive_needs_review | .env modified -- awaiting review | | 14:02:30 | 5 | frontend | info | tool_use | read -- src/auth/session.ts | | 14:02:33 | 6 | frontend | crit | boundary_violation | blocked from src/db/* | +----------+-----+-----------+------+------------------------+----------------------------------+

$ k6s audit verify
✓ Hash chain intact — 6 events, 0 tampered
$ k6s audit report --standard soc2