ArmorClaude
ArmorIQ intent-based security enforcement plugin for Claude Code and Claude Cowork. Enforces that an AI agent declares what it intends to do before doing it, and every action is checked against that declared intent.
How It Works
User Prompt ──► UserPromptSubmit hook ──► Intent plan captured ──► Signed token
│
Tool Call ──► PreToolUse hook ──► Policy check ──► Intent verification ──┘
│ │
deny/allow drift detected?
│
Tool Result ──► PostToolUse hook ──► Audit log sent to IAP
- Before the agent acts: Intercepts prompts, captures a structured plan (from Claude's built-in plan mode or an LLM fallback call), and sends it to ArmorIQ IAP for a signed intent token.
- On every tool call: Checks the tool against the approved plan, verifies the token hasn't expired, evaluates local policy rules (allow/deny by tool name, data classification like PCI/PII), and optionally verifies CSRG cryptographic proofs. Blocks execution if any check fails.
- After tool execution: Sends audit logs to ArmorIQ IAP for compliance tracking.
- Fail-closed: If planning fails, identity is missing, or the token is invalid — all tool calls are blocked by default.
Install
One-line install (recommended)
curl -fsSL https://armoriq.ai/install_armorclaude.sh | bash
This adds the armoriq Claude Code marketplace and installs the armorclaude plugin. Dependencies are installed automatically on first hook fire.
Manual install (Claude Code marketplace)
claude plugin marketplace add armoriq/armorClaude
claude plugin install armorclaude@armoriq
Verify
claude plugin list
# ❯ armorclaude@armoriq Status: ✔ enabled
claude mcp list | grep armorclaude
# plugin:armorclaude:armorclaude-policy: ... ✓ Connected
Update / disable / uninstall
claude plugin update armorclaude
claude plugin disable armorclaude # turn off without removing
claude plugin enable armorclaude
claude plugin uninstall armorclaude
Requirements
- Claude Code 2.x (
claude --version)
- Node.js >= 20
- (Optional) ArmorIQ API key for backend audit + CSRG proofs — get one at https://armoriq.ai
Structure
armorClaude/
├── .claude-plugin/
│ ├── plugin.json # Plugin manifest with userConfig
│ └── marketplace.json # Marketplace listing for `claude plugin install`
├── hooks/hooks.json # Hook registration (7 lifecycle events)
├── .mcp.json # MCP server for policy + intent tools
├── install_armorclaude.sh # Curl-able installer
├── scripts/
│ ├── bootstrap.mjs # Auto-installs npm deps on first run
│ ├── hook-router.mjs # Hook entrypoint (dispatches events)
│ ├── policy-mcp.mjs # MCP server (policy_read, register_intent_plan)
│ └── lib/
│ ├── engine.mjs # Main handlers for all hook events
│ ├── config.mjs # Configuration (env vars + userConfig)
│ ├── planner.mjs # Plan parsing (plan file + JSON block)
│ ├── intent.mjs # Intent token verification & CSRG proofs
│ ├── iap-service.mjs # IAP backend (verify-step, audit, CSRG)
│ ├── crypto-policy.mjs # Merkle tree policy binding (CSRG)
│ ├── policy.mjs # Policy evaluation & management
│ ├── runtime-state.mjs # Session & tool discovery tracking
│ ├── hook-output.mjs # Hook response formatters
│ ├── fs-store.mjs # JSON file I/O
│ └── common.mjs # Utilities (sanitize, HTTP, hashing)
└── tests/ # node:test test suite (48 tests)
Configuration
Plugin userConfig (recommended)
When installed as a Claude Code plugin, these values are prompted on enable:
| Key | Sensitive | Description |
|---|
api_key | Yes | ArmorIQ API key |
mode | No | enforce (default) or monitor |
intent_required | No | Require intent for all tools (default: true) |
crypto_policy_enabled | No | Enable Merkle tree policy binding |
use_production | No | Use production ArmorIQ endpoints |
Environment Variables
Core:
| Variable | Default | Description |
|---|
ARMORCLAUDE_MODE | enforce | enforce blocks on failure, monitor logs only |
ARMORCLAUDE_INTENT_REQUIRED | true | Block tool calls with no intent token |
ARMORCLAUDE_DATA_DIR | $CLAUDE_PLUGIN_DATA or ~/.claude/armorclaude | Data storage directory |
ARMORCLAUDE_DEBUG | false | Enable stderr debug logging |
