Open Source · by Laboratório Hacker

Armor for
AI-Powered
Development

See everything your AI coding agents do. Block what they shouldn't. Open-source observability for every agent action, secret scan, and compliance signal — deploy it on your infra, audit every line of code.

View on GitHub See the Platform →
Apache 2.0 Licensed
0
Security hooks included
0
Compliance frameworks
0
Lifecycle events covered
0
Open source, self-hostable
What Tatu Does

Complete visibility into AI agent behavior

Claude Code hooks generate the telemetry. Tatu is the open-source brain that ingests, correlates, and acts on it — running on your own infrastructure.

Real-Time Threat Feed

Every blocked command, leaked secret, and PII detection surfaces instantly. Filter by severity, hook, developer, or repository.

Hook Telemetry

Trigger counts, block rates, intervention patterns — know exactly which hooks are catching issues and which need tuning.

Compliance Posture

Automatic control mapping to SOC2, GDPR, LGPD, CPS234, and ISO 27001. Generate audit-ready evidence from every session.

Developer Insights

Risk profiles per developer based on block frequency and session behavior. Spot patterns before they become incidents.

Tamper-Evident Audit Trail

Every agent action logged as structured JSON. Export to CSV, JSON, or forward directly to your SIEM.

Self-Hosted & Open Source

Deploy on your own infrastructure. Inspect every line of code. No data leaves your network. Apache 2.0 licensed — fork it, extend it, own it.

The Platform

Built for security teams, not just developers

One self-hosted dashboard for CISOs, GRC analysts, and DevSecOps engineers to see what AI agents are doing across every repository. Your data stays on your infrastructure.

localhost:3800/dashboard
EVENTS OBSERVED
7,209
THREATS BLOCKED
103
LIVE AGENTS
5
SECRETS INTERCEPTED
34
AGENT ACTIVITY TIMELINE
THREAT FEED
AWS key detected in config.py
rm -rf / blocked in prod branch
CPF pattern in test fixtures
tatu — audit trail
FULL OBSERVABILITY TRAIL
TIMESTAMP DEV HOOK EVENT RESULT
14:58:23 carlos.m Secrets Leak AWS key in config.py DENY
14:52:01 ana.r Cmd Blocker rm -rf / in infra-tf DENY
14:46:14 pedro.s PII Detector CPF in tests/ DENY
14:37:42 maria.l Dep Vuln CVE-2026-1847 WARN
14:29:18 julio.df Scope Check nmap validated PASS
Export CSV Export JSON Send to SIEM
tatu — compliance posture
SOC2 79%
GDPR 85%
LGPD 88%
CPS234 83%
ISO 27001 78%
CONTROL MAPPING
Session Audit Logger SOC2 CC7.2 · CPS234 · GDPR Art.30
Secrets Prevention SOC2 CC6.1 · LGPD Art.46 · GDPR Art.32
PII Detector LGPD Art.37/46 · GDPR Art.25 · SOC2 CC6.5
How It Works

Three lines of config. Full observability.

01

Clone and deploy

git clone, docker compose up. Tatu runs on your infrastructure — your data never leaves your network. One command to start.

02

Point your hooks

Add Tatu's local ingestion endpoint to .claude/settings.json. Every PreToolUse, PostToolUse, and lifecycle event streams to your instance in real time.

03

Observe, block, prove

Your dashboard lights up. Threats get blocked. Compliance evidence accumulates automatically. Export for auditors or forward to your SIEM.

// .claude/settings.json { "hooks": { "PreToolUse": [{ "matcher": "Bash|Write|Edit", "hooks": [{ "type": "http", "url": "http://localhost:3800/ingest" }] }] } }
Compliance Ready

Your auditor's favorite dashboard

Tatu automatically maps hook activity to compliance controls. Evidence generation isn't a quarterly scramble — it's continuous. And since it's open source, your auditors can verify the tooling itself.

SOC2

CC6.1, CC7.2, CC7.3, CC8.1 — access controls, monitoring, change management

GDPR

Articles 5, 25, 30, 32 — data protection by design, processing records, security of processing

LGPD

Articles 37, 46 — processing records, technical security measures, DPO evidence

CPS234

Information asset controls, logging requirements, change management obligations

ISO 27001

A.9.4, A.12.4, A.12.6, A.14.2 — access, logging, vulnerability management

Your AI agents write code.
Tatu watches every line.

Free, open source, self-hosted. Built by Laboratório Hacker for teams that take AI security seriously. Deploy in minutes.

$ git clone github.com/laboratoriohacker-com/tatu && docker compose up

View on GitHub Read the Docs