From plugin-dev
Develops Claude Code plugin hooks for event-driven automation, validating tool use with prompt-based, command, and agent types for events like PreToolUse, Stop, and SessionStart.
npx claudepluginhub sjnims/plugin-dev --plugin plugin-devThis skill uses the workspace's default tool permissions.
Hooks are event-driven automation scripts that execute in response to Claude Code events. Use hooks to validate operations, enforce policies, add context, and integrate external tools into workflows.
Creates isolated Git worktrees for feature branches with prioritized directory selection, gitignore safety checks, auto project setup for Node/Python/Rust/Go, and baseline verification.
Executes implementation plans in current session by dispatching fresh subagents per independent task, with two-stage reviews: spec compliance then code quality.
Dispatches parallel agents to independently tackle 2+ tasks like separate test failures or subsystems without shared state or dependencies.
Hooks are event-driven automation scripts that execute in response to Claude Code events. Use hooks to validate operations, enforce policies, add context, and integrate external tools into workflows.
Key capabilities:
Use LLM-driven decision making for context-aware validation:
{
"type": "prompt",
"prompt": "Evaluate if this tool use is appropriate: $TOOL_INPUT",
"timeout": 30
}
Supported events: Stop, SubagentStop, UserPromptSubmit, PreToolUse
Response format:
Prompt hooks must return:
{ "ok": true, "reason": "Explanation of decision" }
ok: true -- approve/allow the actionok: false -- block/deny the actionreason -- required when ok: false, fed back to ClaudeBenefits:
Execute bash commands for deterministic checks:
{
"type": "command",
"command": "bash ${CLAUDE_PLUGIN_ROOT}/scripts/validate.sh",
"timeout": 60
}
Use for:
Use an LLM agent for complex, multi-step verification that requires tool access:
{
"type": "agent",
"prompt": "Verify all generated code has tests and passes linting",
"timeout": 120
}
Supported events: Stop, SubagentStop
Agent hooks spawn a subagent that can use tools (Read, Bash, etc.) for thorough verification — useful when prompt hooks lack sufficient context or tool access. See references/advanced.md for patterns.
For plugin hooks in hooks/hooks.json, use wrapper format:
{
"description": "Brief explanation of hooks (optional)",
"hooks": {
"PreToolUse": [...],
"Stop": [...],
"SessionStart": [...]
}
}
Key points:
description field is optionalhooks field is required wrapper containing actual hook eventsExample:
{
"description": "Validation hooks for code quality",
"hooks": {
"PreToolUse": [
{
"matcher": "Write",
"hooks": [
{
"type": "command",
"command": "${CLAUDE_PLUGIN_ROOT}/hooks/validate.sh"
}
]
}
]
}
}
For user settings in .claude/settings.json, use direct format:
{
"PreToolUse": [...],
"Stop": [...],
"SessionStart": [...]
}
Key points:
Important: The examples below show the hook event structure that goes inside either format. For plugin hooks.json, wrap these in {"hooks": {...}}.
Execute before any tool runs. Use to approve, deny, or modify tool calls.
Example (prompt-based):
{
"PreToolUse": [
{
"matcher": "Write|Edit",
"hooks": [
{
"type": "prompt",
"prompt": "Validate file write safety. Check: system paths, credentials, path traversal, sensitive content. Return 'approve' or 'deny'."
}
]
}
]
}
Output for PreToolUse:
{
"hookSpecificOutput": {
"permissionDecision": "allow|deny|ask",
"updatedInput": { "field": "modified_value" }
},
"systemMessage": "Explanation for Claude"
}
Execute when user is shown a permission dialog. Use to automatically allow or deny permissions.
Example:
{
"PermissionRequest": [
{
"matcher": "Bash",
"hooks": [
{
"type": "command",
"command": "bash ${CLAUDE_PLUGIN_ROOT}/scripts/check-permission.sh"
}
]
}
]
}
Output for PermissionRequest:
{
"hookSpecificOutput": {
"decision": {
"behavior": "allow|deny",
"updatedInput": { "command": "modified command" },
"message": "Reason for denial",
"interrupt": false
}
}
}
behavior: "allow" to approve, "deny" to rejectupdatedInput: Optional modified tool parameters (only with "allow")message: Explanation shown to user (only with "deny")interrupt: If true with "deny", stops the current operationUse cases:
Execute after tool completes. Use to react to results, provide feedback, or log.
Example:
{
"PostToolUse": [
{
"matcher": "Edit",
"hooks": [
{
"type": "prompt",
"prompt": "Analyze edit result for potential issues: syntax errors, security vulnerabilities, breaking changes. Provide feedback."
}
]
}
]
}
Output behavior:
Execute when a tool fails after PostToolUse hooks have run. Use to handle errors or provide fallback actions.
Example:
{
"PostToolUseFailure": [
{
"matcher": "Edit",
"hooks": [
{
"type": "prompt",
"prompt": "Error occurred during edit. Provide fallback action or ask for user input."
}
]
}
]
}
Output behavior:
Execute when main agent considers stopping. Use to validate completeness.
Example:
{
"Stop": [
{
"matcher": "*",
"hooks": [
{
"type": "prompt",
"prompt": "Verify task completion: tests run, build succeeded, questions answered. Return 'approve' to stop or 'block' with reason to continue."
}
]
}
]
}
Decision output:
{
"decision": "approve|block",
"reason": "Explanation",
"systemMessage": "Additional context"
}
Execute when subagent considers stopping. Use to ensure subagent completed its task.
Similar to Stop hook, but for subagents.
Execute when a subagent is started. Use to initialize subagent state or perform setup.
Example:
{
"SubagentStart": [
{
"matcher": "mcp__subagent_name",
"hooks": [
{
"type": "command",
"command": "bash ${CLAUDE_PLUGIN_ROOT}/scripts/subagent-init.sh"
}
]
}
]
}
Execute when user submits a prompt. Use to add context, validate, or block prompts.
Example:
{
"UserPromptSubmit": [
{
"matcher": "*",
"hooks": [
{
"type": "prompt",
"prompt": "Check if prompt requires security guidance. If discussing auth, permissions, or API security, return relevant warnings."
}
]
}
]
}
Execute when Claude Code session begins. Use to load context and set environment.
Supported matchers: startup (first launch), resume (resuming session), clear (after /clear), compact (after context compaction).
Example:
{
"SessionStart": [
{
"matcher": "*",
"hooks": [
{
"type": "command",
"command": "bash ${CLAUDE_PLUGIN_ROOT}/scripts/load-context.sh"
}
]
}
]
}
Special capability: Persist environment variables using $CLAUDE_ENV_FILE:
echo "export PROJECT_TYPE=nodejs" >> "$CLAUDE_ENV_FILE"
See examples/load-context.sh for complete example.
Execute when session ends. Use for cleanup, logging, and state preservation.
Execute before context compaction. Use to add critical information to preserve.
Execute when Claude sends notifications. Use to react to user notifications.
{
"continue": true,
"suppressOutput": false,
"systemMessage": "Message for Claude"
}
continue: If false, halt processing (default true)suppressOutput: Hide output from transcript (default false)systemMessage: Message shown to Claude0 - Success (stdout shown in transcript)2 - Blocking error (stderr fed back to Claude)All hooks receive JSON via stdin with common fields:
{
"session_id": "abc123",
"transcript_path": "/path/to/transcript.txt",
"cwd": "/current/working/dir",
"permission_mode": "ask|allow",
"hook_event_name": "PreToolUse"
}
Event-specific fields:
tool_name, tool_input, tool_resultuser_promptreasonAccess fields in prompts using $TOOL_INPUT, $TOOL_RESULT, $USER_PROMPT, etc.
For comprehensive per-tool and per-event input schemas, see Hook Input Schemas.
Available in all command hooks:
$CLAUDE_PROJECT_DIR - Project root path$CLAUDE_PLUGIN_ROOT - Plugin directory (use for portable paths)$CLAUDE_ENV_FILE - SessionStart only: persist env vars here$CLAUDE_CODE_REMOTE - Set if running in remote contextAlways use ${CLAUDE_PLUGIN_ROOT} in hook commands for portability:
{
"type": "command",
"command": "bash ${CLAUDE_PLUGIN_ROOT}/scripts/validate.sh"
}
In plugins, define hooks in hooks/hooks.json using the plugin wrapper format described in Hook Configuration Formats:
{
"hooks": {
"PreToolUse": [
{
"matcher": "Write|Edit",
"hooks": [{ "type": "prompt", "prompt": "Validate file write safety" }]
}
],
"Stop": [
{
"matcher": "*",
"hooks": [{ "type": "prompt", "prompt": "Verify task completion" }]
}
],
"SessionStart": [
{
"matcher": "*",
"hooks": [
{
"type": "command",
"command": "bash ${CLAUDE_PLUGIN_ROOT}/scripts/load-context.sh",
"timeout": 10
}
]
}
]
}
}
Note: Plugin hooks use the {"hooks": {...}} wrapper format, not the direct settings format. Plugin hooks merge with user's hooks and run in parallel.
Beyond hooks.json (global) and settings (user-level), hooks can be defined directly in skill or agent YAML frontmatter. Scoped hooks activate only when that component is in use:
---
name: validated-writer
description: Write files with safety checks...
hooks:
PreToolUse:
- matcher: Write
hooks:
- type: command
command: "${CLAUDE_PLUGIN_ROOT}/scripts/validate-write.sh"
---
Supported events in frontmatter: PreToolUse, PostToolUse, Stop
Scoped hooks use the same event/matcher/hook structure but are lifecycle-bound — they activate when the skill loads and deactivate when it completes. This is ideal for skill-specific validation without affecting other workflows.
See references/advanced.md for detailed syntax and comparison with hooks.json.
Exact match:
"matcher": "Write"
Multiple tools:
"matcher": "Read|Write|Edit"
Wildcard (all tools):
"matcher": "*"
Regex patterns:
"matcher": "mcp__.*__delete.*" // All MCP delete tools
Note: Matchers are case-sensitive.
// All MCP tools
"matcher": "mcp__.*"
// Specific plugin's MCP tools
"matcher": "mcp__plugin_asana_.*"
// All file operations
"matcher": "Read|Write|Edit"
// Bash commands only
"matcher": "Bash"
Always validate inputs in command hooks:
#!/bin/bash
set -euo pipefail
input=$(cat)
tool_name=$(echo "$input" | jq -r '.tool_name')
# Validate tool name format
if [[ ! "$tool_name" =~ ^[a-zA-Z0-9_]+$ ]]; then
echo '{"decision": "deny", "reason": "Invalid tool name"}' >&2
exit 2
fi
Check for path traversal and sensitive files:
file_path=$(echo "$input" | jq -r '.tool_input.file_path')
# Deny path traversal
if [[ "$file_path" == *".."* ]]; then
echo '{"decision": "deny", "reason": "Path traversal detected"}' >&2
exit 2
fi
# Deny sensitive files
if [[ "$file_path" == *".env"* ]]; then
echo '{"decision": "deny", "reason": "Sensitive file"}' >&2
exit 2
fi
See examples/validate-write.sh and examples/validate-bash.sh for complete examples.
# GOOD: Quoted
echo "$file_path"
cd "$CLAUDE_PROJECT_DIR"
# BAD: Unquoted (injection risk)
echo $file_path
cd $CLAUDE_PROJECT_DIR
{
"type": "command",
"command": "bash script.sh",
"timeout": 10
}
Defaults: Command hooks (60s), Prompt hooks (30s)
All matching hooks run in parallel:
{
"PreToolUse": [
{
"matcher": "Write",
"hooks": [
{ "type": "command", "command": "check1.sh" }, // Parallel
{ "type": "command", "command": "check2.sh" }, // Parallel
{ "type": "prompt", "prompt": "Validate..." } // Parallel
]
}
]
}
Design implications:
Important: Hooks are loaded when Claude Code session starts. Changes to hook configuration require restarting Claude Code.
Cannot hot-swap hooks:
hooks/hooks.json won't affect current sessionclaude againTo test hook changes:
claudeclaude --debugHooks are validated when Claude Code starts:
Use /hooks command to review loaded hooks in current session.
claude --debug
Look for hook registration, execution logs, input/output JSON, and timing information.
For additional hook debugging output, use --verbose:
claude --verbose
This shows hook registration, event matching, and execution timing without the full debug output. Combine with --debug for maximum detail.
Test command hooks directly:
echo '{"tool_name": "Write", "tool_input": {"file_path": "/test"}}' | \
bash ${CLAUDE_PLUGIN_ROOT}/scripts/validate.sh
echo "Exit code: $?"
Ensure hooks output valid JSON:
output=$(./your-hook.sh < test-input.json)
echo "$output" | jq .
| Event | When | Use For |
|---|---|---|
| PreToolUse | Before tool | Validation, modification |
| PermissionRequest | Permission dialog | Auto-allow/deny |
| PostToolUse | After tool success | Feedback, logging |
| PostToolUseFailure | After tool fails | Error handling |
| UserPromptSubmit | User input | Context, validation |
| Stop | Agent stopping | Completeness check |
| SubagentStart | Subagent begins | Subagent setup |
| SubagentStop | Subagent done | Task validation |
| SessionStart | Session begins | Context loading |
| SessionEnd | Session ends | Cleanup, logging |
| PreCompact | Before compact | Preserve context |
| Notification | User notified | Logging, reactions |
| TeammateIdle | Teammate goes idle | Quality gates in teams |
| TaskCompleted | Task marked done | Completion verification |
Beyond type, timeout, and matcher, hook handlers support:
once (boolean): Run only once per session, then auto-removed. Useful for one-time initialization in scoped hooks.statusMessage (string): Display text shown in the UI while the hook runs.See references/advanced.md for detailed decision control output schemas and event-specific matchers.
DO:
DON'T:
For detailed patterns and advanced techniques, consult:
references/patterns.md - 10 proven patterns including temporarily active and configuration-driven hooksreferences/migration.md - Migrating from basic to advanced hooksreferences/advanced.md - Advanced use cases and techniquesWorking examples in examples/:
Note: After copying example scripts, make them executable:
chmod +x script.sh
validate-write.sh - File write validation examplevalidate-bash.sh - Bash command validation exampleload-context.sh - SessionStart context loading examplePrerequisites: These scripts require
jqfor JSON validation. See the main README for setup.
Development tools in scripts/:
validate-hook-schema.sh - Validate hooks.json structure and syntaxtest-hook.sh - Test hooks with sample input before deploymenthook-linter.sh - Check hook scripts for common issues and best practicesclaude --debug for detailed logsjq to validate hook JSON outputTo implement hooks in a plugin:
hooks/hooks.jsonscripts/validate-hook-schema.sh hooks/hooks.jsonscripts/test-hook.sh before deploymentclaude --debugFocus on prompt-based hooks for most use cases. Reserve command hooks for performance-critical or deterministic checks.