Skip to content

Hooks Reference

Hooks are automated scripts that execute at specific events during Claude Code sessions. They enable validation, permission management, and context injection.

Hook Types

Command Hooks

Execute bash scripts with structured JSON input via stdin.

  • Fast and rule-based
  • Deterministic validation
  • Local operations

Prompt Hooks

Leverage an LLM (Haiku) for context-aware decisions.

  • Intelligent decisions
  • Context-aware
  • Supported events: Stop, SubagentStop, UserPromptSubmit, PreToolUse, PermissionRequest

Configuration

Add hooks to your Claude Code settings:

json
{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Edit|Write",
        "hooks": [
          {
            "type": "command",
            "command": "/path/to/validate-edit.sh",
            "timeout": 60
          }
        ]
      }
    ]
  }
}

Matcher Patterns

PatternMatches
EditEdit tool only
Edit|WriteEdit or Write tools
*All tools
mcp__memory__.*All memory server tools

Supported Events

EventPurposeMatcher
PreToolUseBefore tool executionYes
PostToolUseAfter tool completesYes
PermissionRequestPermission dialogsYes
NotificationSystem notificationsYes
UserPromptSubmitUser prompt validationNo
StopMain agent completionNo
SubagentStopSubagent completionNo
PreCompactBefore context compactingYes
SessionStartSession initializationYes
SessionEndSession cleanupNo

Hook Input

All hooks receive JSON via stdin:

json
{
  "session_id": "abc123",
  "transcript_path": "/path/to/transcript.json",
  "cwd": "/current/directory",
  "permission_mode": "default",
  "hook_event_name": "PreToolUse",
  "tool_name": "Edit",
  "tool_input": { "file_path": "..." }
}

Hook Output

Exit Codes

CodeMeaning
0Success (stdout processed)
2Blocking error (stderr shown)
OtherNon-blocking error

JSON Response

json
{
  "decision": "approve",
  "reason": "File path is safe",
  "continue": true,
  "systemMessage": "Validation passed",
  "suppressOutput": false
}

Common Use Cases

File Protection

Block writes to sensitive paths:

json
{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Edit|Write",
        "hooks": [{
          "type": "command",
          "command": "bash -c 'read input; echo $input | jq -e \".tool_input.file_path | test(\\\".env|secrets\\\") | not\" || (echo \"Blocked: sensitive file\" >&2; exit 2)'"
        }]
      }
    ]
  }
}

Code Quality

Run linting after edits:

json
{
  "hooks": {
    "PostToolUse": [
      {
        "matcher": "Edit",
        "hooks": [{
          "type": "command",
          "command": "npm run lint"
        }]
      }
    ]
  }
}

Context Injection

Add project context at session start:

json
{
  "hooks": {
    "SessionStart": [
      {
        "hooks": [{
          "type": "command",
          "command": "cat project-context.md"
        }]
      }
    ]
  }
}

Environment Variables

VariablePurpose
CLAUDE_PROJECT_DIRAbsolute project path
CLAUDE_ENV_FILEEnvironment file for SessionStart
CLAUDE_CODE_REMOTE"true" for remote execution

Debugging

Enable detailed logging:

bash
claude --debug

View registered hooks during session:

/hooks

Security Best Practices

WARNING

Hooks execute arbitrary shell commands. You're responsible for hook safety.

  • Validate and sanitize all inputs
  • Use absolute paths for scripts
  • Quote shell variables: "$VAR"
  • Block path traversal attempts
  • Avoid sensitive files (.env, .git)

Next Steps

Claude Code Documentation Hub