- Distinguish soft instructions from mandatory controls.
- Design hooks for commands, tests, logs, and branch protection.
- Use hooks without turning every action into a maintenance trap.
When to use hooks
- Block direct `git push` to `main`.
- Run lint or tests after editing critical files.
- Log sensitive commands.
- Prevent reading `.env` files, keys, or private dumps.
- Require human approval for deploys, deletions, or migrations.
{
"hooks": {
"PreToolUse": [
{
"matcher": "Bash",
"hooks": [
{
"type": "command",
"command": "$CLAUDE_PROJECT_DIR/.claude/hooks/deny-dangerous.sh"
}
]
}
],
"PostToolUse": [
{
"matcher": "Edit",
"hooks": [
{
"type": "command",
"command": "npm run lint"
}
]
}
]
}
}