Hooks

Run code on tool calls, prompt submit, and stop events.

Hooks let the harness execute commands around Claude's tool calls. Use them for guardrails, automatic formatting, notifications, and policy enforcement.

All hooks questions (10)

How do I auto-format files after Claude edits them?

A PostToolUse hook on Edit/Write/MultiEdit reads the JSON envelope from stdin, pulls tool_input.file_path with jq, skips generated paths, and swallows formatter stderr so a syntax error during typing never feeds Claude noise.
How do I enable auto mode for my team without giving Claude my prod credentials?

Auto mode reads its `autoMode` config from user, project-local, and managed scopes; the classifier ignores `<repo>/.claude/settings.json`. Roll out via enterprise managed settings (the only layer developers cannot weaken) and write rules as prose, not as `Bash(...)` patterns.
How do I let Claude work autonomously without approving every command?

Auto mode replaces permission prompts with a background classifier that blocks anything dangerous and lets routine work through. It's narrower than bypassPermissions, available on Max/Team/Enterprise/API only, and quietly drops some of your existing allow rules on entry.
How do I run a hook around an MCP tool call without breaking the session?

Match `mcp__<server>__<tool>` on PreToolUse / PostToolUse, return structured JSON for clean permission decisions, and put logging or telemetry hooks in async mode so they never block the session.
How do I run untrusted `npm install` without my SSH keys leaking?

Claude Code's bash tool can run inside an OS-level sandbox (Seatbelt on macOS, bubblewrap on Linux/WSL2) that restricts filesystem and network access. Here's how to enable it, the configuration that matters, and the network-isolation footgun that catches people.
How do I stop Claude Code from leaking my .env to a tool call?

Deny rules in .claude/settings.json catch Read(.env*) and the obvious Bash escape hatches (env, printenv, cat .env*, git diff*); a PreToolUse hook adds belt-and-suspenders. Allowlists are cleaner long-term. Auto mode is the place this leaks first.
How do I watch a long-running build without burning prompt cache?

Use /loop with no interval to let Claude self-pace; Claude often picks the Monitor tool, which streams a background script's output line-by-line instead of re-running a prompt on a cron. That avoids the 5-minute prompt-cache cliff and the cron jitter you do not want.
Setup or SessionStart hook for my install script?

SessionStart fires on every session start, resume, `/clear`, and post-compaction, so it has to be fast. Setup fires only on explicit `claude --init-only`, `claude -p --init`, or `claude -p --maintenance`, which makes it the right home for slow one-time work like dependency installs or scheduled cleanup. Neither hook can block Claude from starting; for hard preconditions, gate the `claude` binary, not the hook.
Where should this scheduled work actually run?

Routines run in Anthropic's cloud (no machine needed); Desktop scheduled tasks run on your laptop without an open session; /loop runs in an open session. Pick by what the work needs to touch (cloud-only repos vs local files), whether your laptop is reliably on, and how often it fires.
Which hook event should I use? The full list, ranked.

Claude Code exposes 28 hook events across five categories: lifecycle, tool execution, turn control, agent teams, and context management. Exit code 2 blocks the action on blocking events. Non-blocking events show stderr but cannot prevent what already happened.