claude-howto/06-hooks

Hooks

Hooks are automated scripts that execute in response to specific events during Claude Code sessions. They enable automation, validation, permission management, and custom workflows.

Overview

Hooks are automated actions (shell commands, HTTP webhooks, LLM prompts, or subagent evaluations) that execute automatically when specific events occur in Claude Code. They receive JSON input and communicate results via exit codes and JSON output.

Key features:

• Event-driven automation
• JSON-based input/output
• Support for command, prompt, HTTP, and agent hook types
• Pattern matching for tool-specific hooks

Configuration

Hooks are configured in settings files with a specific structure:

• ~/.claude/settings.json - User settings (all projects)
• .claude/settings.json - Project settings (shareable, committed)
• .claude/settings.local.json - Local project settings (not committed)
• Managed policy - Organization-wide settings
• Plugin hooks/hooks.json - Plugin-scoped hooks
• Skill/Agent frontmatter - Component lifetime hooks

Basic Configuration Structure

{
  "hooks": {
    "EventName": [
      {
        "matcher": "ToolPattern",
        "hooks": [
          {
            "type": "command",
            "command": "your-command-here",
            "timeout": 60
          }
        ]
      }
    ]
  }
}

Key fields:

Field	Description	Example
matcher	Pattern to match tool names (case-sensitive)	"Write", "Edit|Write", "*"
hooks	Array of hook definitions	[{ "type": "command", ... }]
type	Hook type: "command" (bash), "prompt" (LLM), "http" (webhook), or "agent" (subagent)	"command"
command	Shell command to execute	"$CLAUDE_PROJECT_DIR/.claude/hooks/format.sh"
timeout	Optional timeout in seconds (default 60)	30
once	If true, run the hook only once per session	true

Matcher Patterns

Pattern	Description	Example
Exact string	Matches specific tool	"Write"
Regex pattern	Matches multiple tools	"Edit|Write"
Wildcard	Matches all tools	"*" or ""
MCP tools	Server and tool pattern	"mcp__memory__.*"

InstructionsLoaded matcher values:

Matcher Value	Description
session_start	Instructions loaded at session startup
nested_traversal	Instructions loaded during nested directory traversal
path_glob_match	Instructions loaded via path glob pattern matching

Hook Types

Claude Code supports four hook types:

Command Hooks

The default hook type. Executes a shell command and communicates via JSON stdin/stdout and exit codes.

{
  "type": "command",
  "command": "python3 \"$CLAUDE_PROJECT_DIR/.claude/hooks/validate.py\"",
  "timeout": 60
}

HTTP Hooks

Added in v2.1.63.

Remote webhook endpoints that receive the same JSON input as command hooks. HTTP hooks POST JSON to the URL and receive a JSON response. HTTP hooks are routed through the sandbox when sandboxing is enabled. Environment variable interpolation in URLs requires an explicit allowedEnvVars list for security.

{
  "hooks": {
    "PostToolUse": [{
      "type": "http",
      "url": "https://my-webhook.example.com/hook",
      "matcher": "Write"
    }]
  }
}

Key properties:

• "type": "http" -- identifies this as an HTTP hook
• "url" -- the webhook endpoint URL
• Routed through sandbox when sandbox is enabled
• Requires explicit allowedEnvVars list for any environment variable interpolation in the URL

Prompt Hooks

LLM-evaluated prompts where the hook content is a prompt that Claude evaluates. Primarily used with Stop and SubagentStop events for intelligent task completion checking.

{
  "type": "prompt",
  "prompt": "Evaluate if Claude completed all requested tasks.",
  "timeout": 30
}

The LLM evaluates the prompt and returns a structured decision (see Prompt-Based Hooks for details).

Agent Hooks

Subagent-based verification hooks that spawn a dedicated agent to evaluate conditions or perform complex checks. Unlike prompt hooks (single-turn LLM evaluation), agent hooks can use tools and perform multi-step reasoning.

{
  "type": "agent",
  "prompt": "Verify the code changes follow our architecture guidelines. Check the relevant design docs and compare.",
  "timeout": 120
}

Key properties:

• "type": "agent" -- identifies this as an agent hook
• "prompt" -- the task description for the subagent
• The agent can use tools (Read, Grep, Bash, etc.) to perform its evaluation
• Returns a structured decision similar to prompt hooks

Hook Events

Claude Code supports 26 hook events:

Event	When Triggered	Matcher Input	Can Block	Common Use
SessionStart	Session begins/resumes/clear/compact	startup/resume/clear/compact	No	Environment setup
InstructionsLoaded	After CLAUDE.md or rules file loaded	(none)	No	Modify/filter instructions
UserPromptSubmit	User submits prompt	(none)	Yes	Validate prompts
PreToolUse	Before tool execution	Tool name	Yes (allow/deny/ask)	Validate, modify inputs
PermissionRequest	Permission dialog shown	Tool name	Yes	Auto-approve/deny
PermissionDenied	User denies a permission prompt	Tool name	No	Logging, analytics, policy enforcement
PostToolUse	After tool succeeds	Tool name	No	Add context, feedback
PostToolUseFailure	Tool execution fails	Tool name	No	Error handling, logging
Notification	Notification sent	Notification type	No	Custom notifications
SubagentStart	Subagent spawned	Agent type name	No	Subagent setup
SubagentStop	Subagent finishes	Agent type name	Yes	Subagent validation
Stop	Claude finishes responding	(none)	Yes	Task completion check
StopFailure	API error ends turn	(none)	No	Error recovery, logging
TeammateIdle	Agent team teammate idle	(none)	Yes	Teammate coordination
TaskCompleted	Task marked complete	(none)	Yes	Post-task actions
TaskCreated	Task created via TaskCreate	(none)	No	Task tracking, logging
ConfigChange	Config file changes	(none)	Yes (except policy)	React to config updates
CwdChanged	Working directory changes	(none)	No	Directory-specific setup
FileChanged	Watched file changes	(none)	No	File monitoring, rebuild
PreCompact	Before context compaction	manual/auto	No	Pre-compact actions
PostCompact	After compaction completes	(none)	No	Post-compact actions
WorktreeCreate	Worktree being created	(none)	Yes (path return)	Worktree initialization
WorktreeRemove	Worktree being removed	(none)	No	Worktree cleanup
Elicitation	MCP server requests user input	(none)	Yes	Input validation
ElicitationResult	User responds to elicitation	(none)	Yes	Response processing
SessionEnd	Session terminates	(none)	No	Cleanup, final logging

PreToolUse

Runs after Claude creates tool parameters and before processing. Use this to validate or modify tool inputs.

Configuration:

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [
          {
            "type": "command",
            "command": "$CLAUDE_PROJECT_DIR/.claude/hooks/validate-bash.py"
          }
        ]
      }
    ]
  }
}

Common matchers: Task, Bash, Glob, Grep, Read, Edit, Write, WebFetch, WebSearch

Output control:

• permissionDecision: "allow", "deny", or "ask"
• permissionDecisionReason: Explanation for decision
• updatedInput: Modified tool input parameters

PostToolUse

Runs immediately after tool completion. Use for verification, logging, or providing context back to Claude.

Configuration:

{
  "hooks": {
    "PostToolUse": [
      {
        "matcher": "Write|Edit",
        "hooks": [
          {
            "type": "command",
            "command": "$CLAUDE_PROJECT_DIR/.claude/hooks/security-scan.py"
          }
        ]
      }
    ]
  }
}

Output control:

• "block" decision prompts Claude with feedback
• additionalContext: Context added for Claude

UserPromptSubmit

Runs when user submits a prompt, before Claude processes it.

Configuration:

{
  "hooks": {
    "UserPromptSubmit": [
      {
        "hooks": [
          {
            "type": "command",
            "command": "$CLAUDE_PROJECT_DIR/.claude/hooks/validate-prompt.py"
          }
        ]
      }
    ]
  }
}

Output control:

• decision: "block" to prevent processing
• reason: Explanation if blocked
• additionalContext: Context added to prompt

Stop and SubagentStop

Run when Claude finishes responding (Stop) or a subagent completes (SubagentStop). Supports prompt-based evaluation for intelligent task completion checking.

Additional input field: Both Stop and SubagentStop hooks receive a last_assistant_message field in their JSON input, containing the final message from Claude or the subagent before stopping. This is useful for evaluating task completion.

Configuration:

{
  "hooks": {
    "Stop": [
      {
        "hooks": [
          {
            "type": "prompt",
            "prompt": "Evaluate if Claude completed all requested tasks.",
            "timeout": 30
          }
        ]
      }
    ]
  }
}

SubagentStart

Runs when a subagent begins execution. The matcher input is the agent type name, allowing hooks to target specific subagent types.

Configuration:

{
  "hooks": {
    "SubagentStart": [
      {
        "matcher": "code-review",
        "hooks": [
          {
            "type": "command",
            "command": "$CLAUDE_PROJECT_DIR/.claude/hooks/subagent-init.sh"
          }
        ]
      }
    ]
  }
}

SessionStart

Runs when session starts or resumes. Can persist environment variables.

Matchers: startup, resume, clear, compact

Special feature: Use CLAUDE_ENV_FILE to persist environment variables (also available in CwdChanged and FileChanged hooks):

#!/bin/bash
if [ -n "$CLAUDE_ENV_FILE" ]; then
  echo 'export NODE_ENV=development' >> "$CLAUDE_ENV_FILE"
fi
exit 0

SessionEnd

Runs when session ends to perform cleanup or final logging. Cannot block termination.

Reason field values:

• clear - User cleared the session
• logout - User logged out
• prompt_input_exit - User exited via prompt input
• other - Other reason

Configuration:

{
  "hooks": {
    "SessionEnd": [
      {
        "hooks": [
          {
            "type": "command",
            "command": "\"$CLAUDE_PROJECT_DIR/.claude/hooks/session-cleanup.sh\""
          }
        ]
      }
    ]
  }
}

Notification Event

Updated matchers for notification events:

• permission_prompt - Permission request notification
• idle_prompt - Idle state notification
• auth_success - Authentication success
• elicitation_dialog - Dialog shown to user

Component-Scoped Hooks

Hooks can be attached to specific components (skills, agents, commands) in their frontmatter:

In SKILL.md, agent.md, or command.md:

---
name: secure-operations
description: Perform operations with security checks
hooks:
  PreToolUse:
    - matcher: "Bash"
      hooks:
        - type: command
          command: "./scripts/check.sh"
          once: true  # Only run once per session
---

Supported events for component hooks: PreToolUse, PostToolUse, Stop

This allows defining hooks directly in the component that uses them, keeping related code together.

Hooks in Subagent Frontmatter

When a Stop hook is defined in a subagent's frontmatter, it is automatically converted to a SubagentStop hook scoped to that subagent. This ensures that the stop hook only fires when that specific subagent completes, rather than when the main session stops.

---
name: code-review-agent
description: Automated code review subagent
hooks:
  Stop:
    - hooks:
        - type: prompt
          prompt: "Verify the code review is thorough and complete."
  # The above Stop hook auto-converts to SubagentStop for this subagent
---

PermissionRequest Event

Handles permission requests with custom output format:

{
  "hookSpecificOutput": {
    "hookEventName": "PermissionRequest",
    "decision": {
      "behavior": "allow|deny",
      "updatedInput": {},
      "message": "Custom message",
      "interrupt": false
    }
  }
}

Hook Input and Output

JSON Input (via stdin)

All hooks receive JSON input via stdin:

{
  "session_id": "abc123",
  "transcript_path": "/path/to/transcript.jsonl",
  "cwd": "/current/working/directory",
  "permission_mode": "default",
  "hook_event_name": "PreToolUse",
  "tool_name": "Write",
  "tool_input": {
    "file_path": "/path/to/file.js",
    "content": "..."
  },
  "tool_use_id": "toolu_01ABC123...",
  "agent_id": "agent-abc123",
  "agent_type": "main",
  "worktree": "/path/to/worktree"
}

Common fields:

Field	Description
session_id	Unique session identifier
transcript_path	Path to the conversation transcript file
cwd	Current working directory
hook_event_name	Name of the event that triggered the hook
agent_id	Identifier of the agent running this hook
agent_type	Type of agent ("main", subagent type name, etc.)
worktree	Path to the git worktree, if the agent is running in one

Exit Codes

Exit Code	Meaning	Behavior
0	Success	Continue, parse JSON stdout
2	Blocking error	Block operation, stderr shown as error
Other	Non-blocking error	Continue, stderr shown in verbose mode

JSON Output (stdout, exit code 0)

{
  "continue": true,
  "stopReason": "Optional message if stopping",
  "suppressOutput": false,
  "systemMessage": "Optional warning message",
  "hookSpecificOutput": {
    "hookEventName": "PreToolUse",
    "permissionDecision": "allow",
    "permissionDecisionReason": "File is in allowed directory",
    "updatedInput": {
      "file_path": "/modified/path.js"
    }
  }
}

Environment Variables

Variable	Availability	Description
CLAUDE_PROJECT_DIR	All hooks	Absolute path to project root
CLAUDE_ENV_FILE	SessionStart, CwdChanged, FileChanged	File path for persisting env vars
CLAUDE_CODE_REMOTE	All hooks	"true" if running in remote environments
${CLAUDE_PLUGIN_ROOT}	Plugin hooks	Path to plugin directory
${CLAUDE_PLUGIN_DATA}	Plugin hooks	Path to plugin data directory
CLAUDE_CODE_SESSIONEND_HOOKS_TIMEOUT_MS	SessionEnd hooks	Configurable timeout in milliseconds for SessionEnd hooks (overrides default)

Prompt-Based Hooks

For Stop and SubagentStop events, you can use LLM-based evaluation:

{
  "hooks": {
    "Stop": [
      {
        "hooks": [
          {
            "type": "prompt",
            "prompt": "Review if all tasks are complete. Return your decision.",
            "timeout": 30
          }
        ]
      }
    ]
  }
}

LLM Response Schema:

{
  "decision": "approve",
  "reason": "All tasks completed successfully",
  "continue": false,
  "stopReason": "Task complete"
}

Examples

Example 1: Bash Command Validator (PreToolUse)

File: .claude/hooks/validate-bash.py

#!/usr/bin/env python3
import json
import sys
import re

BLOCKED_PATTERNS = [
    (r"\brm\s+-rf\s+/", "Blocking dangerous rm -rf / command"),
    (r"\bsudo\s+rm", "Blocking sudo rm command"),
]

def main():
    input_data = json.load(sys.stdin)

    tool_name = input_data.get("tool_name", "")
    if tool_name != "Bash":
        sys.exit(0)

    command = input_data.get("tool_input", {}).get("command", "")

    for pattern, message in BLOCKED_PATTERNS:
        if re.search(pattern, command):
            print(message, file=sys.stderr)
            sys.exit(2)  # Exit 2 = blocking error

    sys.exit(0)

if __name__ == "__main__":
    main()

Configuration:

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [
          {
            "type": "command",
            "command": "python3 \"$CLAUDE_PROJECT_DIR/.claude/hooks/validate-bash.py\""
          }
        ]
      }
    ]
  }
}

Example 2: Security Scanner (PostToolUse)

File: .claude/hooks/security-scan.py

#!/usr/bin/env python3
import json
import sys
import re

SECRET_PATTERNS = [
    (r"password\s*=\s*['\"][^'\"]+['\"]", "Potential hardcoded password"),
    (r"api[_-]?key\s*=\s*['\"][^'\"]+['\"]", "Potential hardcoded API key"),
]

def main():
    input_data = json.load(sys.stdin)

    tool_name = input_data.get("tool_name", "")
    if tool_name not in ["Write", "Edit"]:
        sys.exit(0)

    tool_input = input_data.get("tool_input", {})
    content = tool_input.get("content", "") or tool_input.get("new_string", "")
    file_path = tool_input.get("file_path", "")

    warnings = []
    for pattern, message in SECRET_PATTERNS:
        if re.search(pattern, content, re.IGNORECASE):
            warnings.append(message)

    if warnings:
        output = {
            "hookSpecificOutput": {
                "hookEventName": "PostToolUse",
                "additionalContext": f"Security warnings for {file_path}: " + "; ".join(warnings)
            }
        }
        print(json.dumps(output))

    sys.exit(0)

if __name__ == "__main__":
    main()

Example 3: Auto-Format Code (PostToolUse)

File: .claude/hooks/format-code.sh

#!/bin/bash

# Read JSON from stdin
INPUT=$(cat)
TOOL_NAME=$(echo "$INPUT" | python3 -c "import sys, json; print(json.load(sys.stdin).get('tool_name', ''))")
FILE_PATH=$(echo "$INPUT" | python3 -c "import sys, json; print(json.load(sys.stdin).get('tool_input', {}).get('file_path', ''))")

if [ "$TOOL_NAME" != "Write" ] && [ "$TOOL_NAME" != "Edit" ]; then
    exit 0
fi

# Format based on file extension
case "$FILE_PATH" in
    *.js|*.jsx|*.ts|*.tsx|*.json)
        command -v prettier &>/dev/null && prettier --write "$FILE_PATH" 2>/dev/null
        ;;
    *.py)
        command -v black &>/dev/null && black "$FILE_PATH" 2>/dev/null
        ;;
    *.go)
        command -v gofmt &>/dev/null && gofmt -w "$FILE_PATH" 2>/dev/null
        ;;
esac

exit 0

Example 4: Prompt Validator (UserPromptSubmit)

File: .claude/hooks/validate-prompt.py

#!/usr/bin/env python3
import json
import sys
import re

BLOCKED_PATTERNS = [
    (r"delete\s+(all\s+)?database", "Dangerous: database deletion"),
    (r"rm\s+-rf\s+/", "Dangerous: root deletion"),
]

def main():
    input_data = json.load(sys.stdin)
    prompt = input_data.get("user_prompt", "") or input_data.get("prompt", "")

    for pattern, message in BLOCKED_PATTERNS:
        if re.search(pattern, prompt, re.IGNORECASE):
            output = {
                "decision": "block",
                "reason": f"Blocked: {message}"
            }
            print(json.dumps(output))
            sys.exit(0)

    sys.exit(0)

if __name__ == "__main__":
    main()

Example 5: Intelligent Stop Hook (Prompt-Based)

{
  "hooks": {
    "Stop": [
      {
        "hooks": [
          {
            "type": "prompt",
            "prompt": "Review if Claude completed all requested tasks. Check: 1) Were all files created/modified? 2) Were there unresolved errors? If incomplete, explain what's missing.",
            "timeout": 30
          }
        ]
      }
    ]
  }
}

Example 6: Context Usage Tracker (Hook Pairs)

Track token consumption per request using UserPromptSubmit (pre-message) and Stop (post-response) hooks together.

File: .claude/hooks/context-tracker.py

#!/usr/bin/env python3
"""
Context Usage Tracker - Tracks token consumption per request.

Uses UserPromptSubmit as "pre-message" hook and Stop as "post-response" hook
to calculate the delta in token usage for each request.

Token Counting Methods:
1. Character estimation (default): ~4 chars per token, no dependencies
2. tiktoken (optional): More accurate (~90-95%), requires: pip install tiktoken
"""
import json
import os
import sys
import tempfile

# Configuration
CONTEXT_LIMIT = 128000  # Claude's context window (adjust for your model)
USE_TIKTOKEN = False    # Set True if tiktoken is installed for better accuracy


def get_state_file(session_id: str) -> str:
    """Get temp file path for storing pre-message token count, isolated by session."""
    return os.path.join(tempfile.gettempdir(), f"claude-context-{session_id}.json")


def count_tokens(text: str) -> int:
    """
    Count tokens in text.

    Uses tiktoken with p50k_base encoding if available (~90-95% accuracy),
    otherwise falls back to character estimation (~80-90% accuracy).
    """
    if USE_TIKTOKEN:
        try:
            import tiktoken
            enc = tiktoken.get_encoding("p50k_base")
            return len(enc.encode(text))
        except ImportError:
            pass  # Fall back to estimation

    # Character-based estimation: ~4 characters per token for English
    return len(text) // 4


def read_transcript(transcript_path: str) -> str:
    """Read and concatenate all content from transcript file."""
    if not transcript_path or not os.path.exists(transcript_path):
        return ""

    content = []
    with open(transcript_path, "r") as f:
        for line in f:
            try:
                entry = json.loads(line.strip())
                # Extract text content from various message formats
                if "message" in entry:
                    msg = entry["message"]
                    if isinstance(msg.get("content"), str):
                        content.append(msg["content"])
                    elif isinstance(msg.get("content"), list):
                        for block in msg["content"]:
                            if isinstance(block, dict) and block.get("type") == "text":
                                content.append(block.get("text", ""))
            except json.JSONDecodeError:
                continue

    return "\n".join(content)


def handle_user_prompt_submit(data: dict) -> None:
    """Pre-message hook: Save current token count before request."""
    session_id = data.get("session_id", "unknown")
    transcript_path = data.get("transcript_path", "")

    transcript_content = read_transcript(transcript_path)
    current_tokens = count_tokens(transcript_content)

    # Save to temp file for later comparison
    state_file = get_state_file(session_id)
    with open(state_file, "w") as f:
        json.dump({"pre_tokens": current_tokens}, f)


def handle_stop(data: dict) -> None:
    """Post-response hook: Calculate and report token delta."""
    session_id = data.get("session_id", "unknown")
    transcript_path = data.get("transcript_path", "")

    transcript_content = read_transcript(transcript_path)
    current_tokens = count_tokens(transcript_content)

    # Load pre-message count
    state_file = get_state_file(session_id)
    pre_tokens = 0
    if os.path.exists(state_file):
        try:
            with open(state_file, "r") as f:
                state = json.load(f)
                pre_tokens = state.get("pre_tokens", 0)
        except (json.JSONDecodeError, IOError):
            pass

    # Calculate delta
    delta_tokens = current_tokens - pre_tokens
    remaining = CONTEXT_LIMIT - current_tokens
    percentage = (current_tokens / CONTEXT_LIMIT) * 100

    # Report usage
    method = "tiktoken" if USE_TIKTOKEN else "estimated"
    print(f"Context ({method}): ~{current_tokens:,} tokens ({percentage:.1f}% used, ~{remaining:,} remaining)", file=sys.stderr)
    if delta_tokens > 0:
        print(f"This request: ~{delta_tokens:,} tokens", file=sys.stderr)


def main():
    data = json.load(sys.stdin)
    event = data.get("hook_event_name", "")

    if event == "UserPromptSubmit":
        handle_user_prompt_submit(data)
    elif event == "Stop":
        handle_stop(data)

    sys.exit(0)


if __name__ == "__main__":
    main()

Configuration:

{
  "hooks": {
    "UserPromptSubmit": [
      {
        "hooks": [
          {
            "type": "command",
            "command": "python3 \"$CLAUDE_PROJECT_DIR/.claude/hooks/context-tracker.py\""
          }
        ]
      }
    ],
    "Stop": [
      {
        "hooks": [
          {
            "type": "command",
            "command": "python3 \"$CLAUDE_PROJECT_DIR/.claude/hooks/context-tracker.py\""
          }
        ]
      }
    ]
  }
}

How it works:

1. UserPromptSubmit fires before your prompt is processed - saves current token count
2. Stop fires after Claude responds - calculates delta and reports usage
3. Each session is isolated via session_id in the temp filename

Token Counting Methods:

Method	Accuracy	Dependencies	Speed
Character estimation	~80-90%	None	<1ms
tiktoken (p50k_base)	~90-95%	pip install tiktoken	<10ms

Note: Anthropic hasn't released an official offline tokenizer. Both methods are approximations. The transcript includes user prompts, Claude's responses, and tool outputs, but NOT system prompts or internal context.

Example 7: Seed Auto-Mode Permissions (One-Time Setup Script)

A one-time setup script that seeds ~/.claude/settings.json with ~67 safe permission rules equivalent to Claude Code's auto-mode baseline — without any hook, without remembering future choices. Run it once; safe to re-run (skips rules already present).

File: 09-advanced-features/setup-auto-mode-permissions.py

# Preview what would be added
python3 09-advanced-features/setup-auto-mode-permissions.py --dry-run

# Apply
python3 09-advanced-features/setup-auto-mode-permissions.py

What gets added:

Category	Examples
Built-in tools	Read(*), Edit(*), Write(*), Glob(*), Grep(*), Agent(*), WebSearch(*)
Git read	Bash(git status:*), Bash(git log:*), Bash(git diff:*)
Git write (local)	Bash(git add:*), Bash(git commit:*), Bash(git checkout:*)
Package managers	Bash(npm install:*), Bash(pip install:*), Bash(cargo build:*)
Build & test	Bash(make:*), Bash(pytest:*), Bash(go test:*)
Common shell	Bash(ls:*), Bash(cat:*), Bash(find:*), Bash(cp:*), Bash(mv:*)
GitHub CLI	Bash(gh pr view:*), Bash(gh pr create:*), Bash(gh issue list:*)

What is intentionally excluded (never added by this script):

• rm -rf, sudo, force push, git reset --hard
• DROP TABLE, kubectl delete, terraform destroy
• npm publish, curl | bash, production deploys

Plugin Hooks

Plugins can include hooks in their hooks/hooks.json file:

File: plugins/hooks/hooks.json

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [
          {
            "type": "command",
            "command": "${CLAUDE_PLUGIN_ROOT}/scripts/validate.sh"
          }
        ]
      }
    ]
  }
}

Environment Variables in Plugin Hooks:

• ${CLAUDE_PLUGIN_ROOT} - Path to the plugin directory
• ${CLAUDE_PLUGIN_DATA} - Path to the plugin data directory

This allows plugins to include custom validation and automation hooks.

MCP Tool Hooks

MCP tools follow the pattern mcp__<server>__<tool>:

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "mcp__memory__.*",
        "hooks": [
          {
            "type": "command",
            "command": "echo '{\"systemMessage\": \"Memory operation logged\"}'"
          }
        ]
      }
    ]
  }
}

Security Considerations

Disclaimer

USE AT YOUR OWN RISK: Hooks execute arbitrary shell commands. You are solely responsible for:

• Commands you configure
• File access/modification permissions
• Potential data loss or system damage
• Testing hooks in safe environments before production use

Security Notes

• Workspace trust required: The statusLine and fileSuggestion hook output commands now require workspace trust acceptance before they take effect.
• HTTP hooks and environment variables: HTTP hooks require an explicit allowedEnvVars list to use environment variable interpolation in URLs. This prevents accidental leakage of sensitive environment variables to remote endpoints.
• Managed settings hierarchy: The disableAllHooks setting now respects the managed settings hierarchy, meaning organization-level settings can enforce hook disablement that individual users cannot override.

Best Practices

Do	Don't
Validate and sanitize all inputs	Trust input data blindly
Quote shell variables: "$VAR"	Use unquoted: $VAR
Block path traversal (..)	Allow arbitrary paths
Use absolute paths with $CLAUDE_PROJECT_DIR	Hardcode paths
Skip sensitive files (.env, .git/, keys)	Process all files
Test hooks in isolation first	Deploy untested hooks
Use explicit allowedEnvVars for HTTP hooks	Expose all env vars to webhooks

Debugging

Enable Debug Mode

Run Claude with debug flag for detailed hook logs:

claude --debug

Verbose Mode

Use Ctrl+O in Claude Code to enable verbose mode and see hook execution progress.

Test Hooks Independently

# Test with sample JSON input
echo '{"tool_name": "Bash", "tool_input": {"command": "ls -la"}}' | python3 .claude/hooks/validate-bash.py

# Check exit code
echo $?

Complete Configuration Example

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [
          {
            "type": "command",
            "command": "python3 \"$CLAUDE_PROJECT_DIR/.claude/hooks/validate-bash.py\"",
            "timeout": 10
          }
        ]
      }
    ],
    "PostToolUse": [
      {
        "matcher": "Write|Edit",
        "hooks": [
          {
            "type": "command",
            "command": "\"$CLAUDE_PROJECT_DIR/.claude/hooks/format-code.sh\"",
            "timeout": 30
          },
          {
            "type": "command",
            "command": "python3 \"$CLAUDE_PROJECT_DIR/.claude/hooks/security-scan.py\"",
            "timeout": 10
          }
        ]
      }
    ],
    "UserPromptSubmit": [
      {
        "hooks": [
          {
            "type": "command",
            "command": "python3 \"$CLAUDE_PROJECT_DIR/.claude/hooks/validate-prompt.py\""
          }
        ]
      }
    ],
    "SessionStart": [
      {
        "matcher": "startup",
        "hooks": [
          {
            "type": "command",
            "command": "\"$CLAUDE_PROJECT_DIR/.claude/hooks/session-init.sh\""
          }
        ]
      }
    ],
    "Stop": [
      {
        "hooks": [
          {
            "type": "prompt",
            "prompt": "Verify all tasks are complete before stopping.",
            "timeout": 30
          }
        ]
      }
    ]
  }
}

Hook Execution Details

Aspect	Behavior
Timeout	60 seconds default, configurable per command
Parallelization	All matching hooks run in parallel
Deduplication	Identical hook commands deduplicated
Environment	Runs in current directory with Claude Code's environment

Troubleshooting

Hook Not Executing

• Verify JSON configuration syntax is correct
• Check matcher pattern matches the tool name
• Ensure script exists and is executable: chmod +x script.sh
• Run claude --debug to see hook execution logs
• Verify hook reads JSON from stdin (not command args)

Hook Blocks Unexpectedly

• Test hook with sample JSON: echo '{"tool_name": "Write", ...}' | ./hook.py
• Check exit code: should be 0 for allow, 2 for block
• Check stderr output (shown on exit code 2)

JSON Parsing Errors

• Always read from stdin, not command arguments
• Use proper JSON parsing (not string manipulation)
• Handle missing fields gracefully

Installation

Step 1: Create Hooks Directory

mkdir -p ~/.claude/hooks

Step 2: Copy Example Hooks

cp 06-hooks/*.sh ~/.claude/hooks/
chmod +x ~/.claude/hooks/*.sh

Step 3: Configure in Settings

Edit ~/.claude/settings.json or .claude/settings.json with the hook configuration shown above.

Related Concepts

• Checkpoints and Rewind - Save and restore conversation state
• Slash Commands - Create custom slash commands
• Skills - Reusable autonomous capabilities
• Subagents - Delegated task execution
• Plugins - Bundled extension packages
• Advanced Features - Explore advanced Claude Code capabilities

Additional Resources

• Official Hooks Documentation - Complete hooks reference
• CLI Reference - Command-line interface documentation
• Memory Guide - Persistent context configuration

---

Last Updated: April 16, 2026 Claude Code Version: 2.1.112 Sources:

• https://docs.anthropic.com/en/docs/claude-code/hooks
• https://www.anthropic.com/news/claude-opus-4-7
• https://support.claude.com/en/articles/12138966-release-notes Compatible Models: Claude Sonnet 4.6, Claude Opus 4.7, Claude Haiku 4.5