Feature Request: Scheduled Actions in Claude Code
Summary
In learning about Claude Code I have been asking it what it can do regarding scheduling, and asking it to add features related to OWASP top-10 or ISO 27001 compliance, and not finding anything like this, so, I'd like to request the feature of scheduling recurring tasks and actions within Claude Code, enabling automated security checks, dependency reviews, and other periodic maintenance tasks. Of course, I asked it to summarize what we discussed, into a document for this request, and then edited it.
Problem Statement
Currently, Claude Code operates in a reactive mode - it only performs actions when explicitly requested by the user. This means important maintenance and compliance tasks like security audits, dependency updates, and compliance checks must be manually initiated each time. For development teams following security best practices (OWASP, ISO 27001, NIST), this creates several challenges:
- Human Memory Dependency: Critical security checks rely on developers remembering to request them
- Inconsistent Timing: Reviews happen irregularly, potentially missing time-sensitive vulnerabilities
- Repetitive Requests: Users must repeatedly type similar requests for routine checks
- Compliance Gaps: Regular audits required for compliance frameworks may be missed
Proposed Solution
Implement a scheduled actions feature that allows Claude Code to proactively perform configured tasks at specified intervals.
Core Features
- Schedule Configuration
- Cron-style scheduling (e.g., "0 9 MON" for weekly Monday 9am)
- Human-readable intervals (e.g., "daily", "weekly", "monthly")
- Time zone support for global teams
- Action Types
- Security audits (OWASP Top 10 compliance checks)
- Dependency vulnerability scans
- Code quality reports
- License compliance checks
- Custom user-defined actions
- Notification System
- Desktop notifications when scheduled tasks complete
- Summary reports of findings
- Option to auto-create GitHub issues for problems found
- Configuration Storage
- Project-level
.claude/scheduled-actions.json - User-level defaults in Claude settings
- Team-shared configurations (for Claude Team users)
Use Cases
1. Weekly Security Audit
{
"name": "OWASP Security Check",
"schedule": "0 9 * * MON",
"action": "security:owasp-audit",
"options": {
"severity": "medium",
"autoFix": false,
"createIssues": true
}
}
2. Daily Dependency Check
{
"name": "Dependency Vulnerabilities",
"schedule": "daily at 10:00",
"action": "dependencies:check-vulnerabilities",
"options": {
"ecosystems": ["npm", "deno", "cargo"],
"ignoreDev": false
}
}
3. Monthly Compliance Report
{
"name": "ISO 27001 Compliance",
"schedule": "0 0 1 * *",
"action": "compliance:iso27001-report",
"options": {
"outputPath": "./reports/compliance/",
"emailTo": "security@company.com"
}
}
4. Custom Action for Dependabot PRs
{
"name": "Review Dependabot PRs",
"schedule": "every 3 days",
"action": "custom",
"command": "Review all open Dependabot PRs, check for breaking changes, run tests, and provide a summary with recommendations",
"options": {
"autoMerge": "patch-only",
"requireTests": true
}
}
Implementation Considerations
User Interface
- Command Palette Commands
Claude: Schedule New ActionClaude: View Scheduled ActionsClaude: Run Scheduled Action NowClaude: Disable/Enable Schedule
- Status Bar Integration
- Icon showing next scheduled action
- Click to view all schedules
- Visual indicator when action is running
- Settings UI
- Dedicated section for scheduled actions
- Visual schedule builder (not just JSON)
- Test/preview functionality
Technical Requirements
- Background Execution
- Actions run even when Claude Code UI is minimized
- Efficient resource usage during idle times
- Respect system sleep/wake cycles
- Persistence
- Schedules survive app restarts
- Sync across devices (for same user/team)
- Backup/restore capability
- Error Handling
- Retry failed actions with backoff
- Clear error notifications
- Audit log of all scheduled runs
- Security
- Scheduled actions run with same permissions as manual requests
- No elevated privileges
- Audit trail for compliance
Benefits
- Proactive Security: Catch vulnerabilities before they're exploited
- Compliance Automation: Meet regulatory requirements consistently
- Time Savings: Eliminate repetitive manual requests
- Better Coverage: Ensure nothing falls through the cracks
- Team Coordination: Shared schedules ensure consistent practices
Alternatives Considered
- External Schedulers: Using OS-level cron/Task Scheduler
- Cons: Platform-specific, no Claude integration, complex setup
- CI/CD Integration: GitHub Actions/GitLab CI scheduled workflows
- Cons: Requires repository access, limited to git operations
- Third-party Tools: Separate security scanning services
- Cons: Additional cost, integration complexity, context switching
Success Metrics
- Reduction in security vulnerabilities reaching production
- Increased frequency of security audits
- Time saved on routine maintenance tasks
- User satisfaction with automation features
- Compliance audit pass rates
Mockup Example
Claude Code Status Bar:
[🤖 Claude] [📅 Next: Security Audit in 2h] [✓ Last run: 9:00 AM]
Scheduled Actions Panel:
┌─────────────────────────────────────────────┐
│ 📅 Scheduled Actions │
├─────────────────────────────────────────────┤
│ ✓ OWASP Security Check │
│ Weekly on Monday 9:00 AM │
│ Last run: 3 days ago ✓ │
│ │
│ ✓ Dependency Vulnerabilities │
│ Daily at 10:00 AM │
│ Last run: Today 10:00 AM ⚠️ 2 issues │
│ │
│ ⏸️ ISO 27001 Compliance (Paused) │
│ Monthly on 1st at 12:00 AM │
│ Last run: Nov 1, 2024 ✓ │
│ │
│ [+ Add New Schedule] │
└─────────────────────────────────────────────┘
Request for Comments
This feature would significantly enhance Claude Code's value proposition for security-conscious development teams. Key questions for the community:
- What scheduling intervals would be most useful for your workflows?
- Which automated actions would provide the most value?
- How should scheduled actions handle authentication for external services?
- Should there be limits on schedule frequency to prevent resource abuse?
- What notification preferences would work best for your team?
Note: This feature request emphasizes security and compliance use cases as these represent high-value scenarios where automation provides significant benefits. However, the scheduling system should be flexible enough to support any recurring task that users need to automate.
This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗