Claude Code Hooks: How to Make Your AI Agent Follow Rules It Cannot Ignore
There is a gap between what you tell Claude Code to do and what it actually does. You write "always format with Prettier" in CLAUDE.md. It follows that instruction most of the time. You write "never touch .env files." It respects that until the one time it does not.
CLAUDE.md is a suggestion. Claude reads it and follows it roughly 80% of the time. Hooks are different. They are shell scripts that fire automatically every time Claude edits a file, runs a command, or finishes a task. They cannot be ignored because they run outside the model entirely.
The difference matters. A suggestion in CLAUDE.md relies on the model remembering. A hook runs regardless of what the model decides to do.
How Hooks Work
Hooks are configured in .claude/settings.json in your project root. That file gets committed to git, so your entire team gets the same hooks automatically.
There are two hooks you will use for almost everything:
PreToolUse runs before Claude does something. It receives the action as JSON on stdin. If your script exits with code 2, the action is blocked and your error message gets sent back to Claude so it can try a different approach. Think of it as a bouncer.
PostToolUse runs after Claude does something. It cannot block the action (it already happened) but it can run cleanup, formatting, tests, or logging. Think of it as quality control on the assembly line.
There is also Stop, which runs when Claude finishes responding. Useful for auto-commits and cleanup.
Exit codes: 0 means proceed. 2 means block the action and tell Claude why. Anything else logs a warning but does not block.
Full docs at docs.anthropic.com/en/docs/claude-code/hooks.
1. Auto-Format Every File Claude Touches
Claude writes correct code that violates your formatting rules. You can tell it to run Prettier in CLAUDE.md and it will remember most of the time. Or you can make it automatic.
{
"hooks": {
"PostToolUse": [
{
"matcher": "Write|Edit",
"hooks": [
{
"type": "command",
"command": "jq -r '.tool_input.file_path' | xargs npx prettier --write 2>/dev/null; exit 0"
}
]
}
]
}
}Every time Claude writes or edits a file, Prettier runs on it. Swap npx prettier --write for black (Python), gofmt (Go), or rustfmt (Rust). Same pattern, different formatter.
This should probably be the default for every project. No more "Claude forgot to format" commits.
2. Block Dangerous Commands
Claude can run rm -rf, git reset --hard, DROP TABLE, or pipe curl output into bash. It probably will not. But "probably" is not a production-grade guarantee.
Create .claude/hooks/block-dangerous.sh:
#!/usr/bin/env bash
set -euo pipefail
cmd=$(jq -r '.tool_input.command // ""')
dangerous_patterns=(
"rm -rf"
"git reset --hard"
"git push.*--force"
"DROP TABLE"
"DROP DATABASE"
"curl.*|.*sh"
"wget.*|.*bash"
)
for pattern in "${dangerous_patterns[@]}"; do
if echo "$cmd" | grep -qiE "$pattern"; then
echo "Blocked: matches dangerous pattern '$pattern'. Use a safer alternative." >&2
exit 2
fi
done
exit 0{
"hooks": {
"PreToolUse": [
{
"matcher": "Bash",
"hooks": [
{ "type": "command", "command": ".claude/hooks/block-dangerous.sh" }
]
}
]
}
}Exit code 2 blocks the command and sends your message back to Claude. It will try a safer approach instead of running the dangerous one. Add any patterns your team cares about to the array.
3. Protect Sensitive Files
Claude can read and edit any file in your project. That includes .env, lock files, SSL keys, and anything else you would rather it left alone.
Create .claude/hooks/protect-files.sh:
#!/usr/bin/env bash
set -euo pipefail
file=$(jq -r '.tool_input.file_path // .tool_input.path // ""')
protected=(
".env*"
".git/*"
"package-lock.json"
"yarn.lock"
"*.pem"
"*.key"
"secrets/*"
)
for pattern in "${protected[@]}"; do
if echo "$file" | grep -qiE "^${pattern//\*/.*}$"; then
echo "Blocked: '$file' is protected." >&2
exit 2
fi
done
exit 0{
"hooks": {
"PreToolUse": [
{
"matcher": "Edit|Write",
"hooks": [
{ "type": "command", "command": ".claude/hooks/protect-files.sh" }
]
}
]
}
}4. Run Tests After Every Edit
Claude makes a change, says "done," and you discover 20 minutes later that the tests are broken. With a PostToolUse hook, tests run automatically after every code change. If they fail, Claude sees the failure output and can fix it immediately.
{
"hooks": {
"PostToolUse": [
{
"matcher": "Write|Edit",
"hooks": [
{
"type": "command",
"command": "npm run test --silent 2>&1 | tail -5; exit 0"
}
]
}
]
}
}The tail -5 keeps output short. You want Claude to see "3 tests failed" not the full 200-line test output. Boris Cherny (creator of Claude Code) says giving Claude a feedback loop like this improves output quality significantly. Instead of writing code and hoping, Claude writes code, sees results, and fixes failures on its own.
5. Require Passing Tests Before PR Creation
Claude finishes a feature and immediately creates a pull request. Tests are failing. Your reviewer sees red CI and sends it back.
Create .claude/hooks/require-tests-for-pr.sh:
#!/usr/bin/env bash
set -euo pipefail
if npm run test --silent; then
exit 0
else
echo "Tests are failing. Fix all failures before creating a PR." >&2
exit 2
fi{
"hooks": {
"PreToolUse": [
{
"matcher": "mcp__github__create_pull_request",
"hooks": [
{ "type": "command", "command": ".claude/hooks/require-tests-for-pr.sh" }
]
}
]
}
}Hard gate. No green tests, no PR. Claude will fix the failures first because exit code 2 tells it exactly what went wrong.
6. Auto-Lint and Fix
Chain this with hook #1. Prettier formats first, ESLint catches everything else. By the time you look at the code, it is formatted and lint-clean.
{
"hooks": {
"PostToolUse": [
{
"matcher": "Write|Edit",
"hooks": [
{
"type": "command",
"command": "npx eslint --fix $(jq -r '.tool_input.file_path') 2>&1 | tail -10; exit 0"
}
]
}
]
}
}7. Log Every Command for Audit
If something goes wrong three sessions from now, you want to know exactly what Claude ran and when.
Create .claude/hooks/log-commands.sh:
#!/usr/bin/env bash
set -euo pipefail
cmd=$(jq -r '.tool_input.command // ""')
printf '%s %s\n' "$(date -Is)" "$cmd" >> .claude/command-log.txt
exit 0{
"hooks": {
"PreToolUse": [
{
"matcher": "Bash",
"hooks": [
{ "type": "command", "command": ".claude/hooks/log-commands.sh" }
]
}
]
}
}Timestamped audit trail of every command. Add .claude/command-log.txt to .gitignore.
8. Auto-Commit When Claude Finishes
Claude finishes a task and you forget to commit. Then it starts another task and now you have two unrelated changes mixed together. The Stop hook runs when Claude finishes responding.
Create .claude/hooks/auto-commit.sh:
#!/usr/bin/env bash
set -euo pipefail
git add -A
if ! git diff --cached --quiet; then
git commit -m "chore(ai): apply Claude edit"
fi
exit 0{
"hooks": {
"Stop": [
{
"matcher": "",
"hooks": [
{ "type": "command", "command": ".claude/hooks/auto-commit.sh" }
]
}
]
}
}Every time Claude finishes, changes get committed automatically. Combine with claude -w feature-branch (worktrees) for isolated, auto-committed feature branches per task.
The Complete settings.json
Everything combined into one file:
{
"hooks": {
"PreToolUse": [
{
"matcher": "Bash",
"hooks": [
{ "type": "command", "command": ".claude/hooks/block-dangerous.sh" },
{ "type": "command", "command": ".claude/hooks/log-commands.sh" }
]
},
{
"matcher": "Edit|Write",
"hooks": [
{ "type": "command", "command": ".claude/hooks/protect-files.sh" }
]
},
{
"matcher": "mcp__github__create_pull_request",
"hooks": [
{ "type": "command", "command": ".claude/hooks/require-tests-for-pr.sh" }
]
}
],
"PostToolUse": [
{
"matcher": "Write|Edit",
"hooks": [
{ "type": "command", "command": "jq -r '.tool_input.file_path' | xargs npx prettier --write 2>/dev/null; exit 0" },
{ "type": "command", "command": "npx eslint --fix $(jq -r '.tool_input.file_path') 2>&1 | tail -10; exit 0" }
]
}
],
"Stop": [
{
"matcher": "",
"hooks": [
{ "type": "command", "command": ".claude/hooks/auto-commit.sh" }
]
}
]
}
}Copy this into .claude/settings.json, create the hook scripts in .claude/hooks/, make them executable with chmod +x .claude/hooks/*.sh, and commit everything. Your whole team gets the same guardrails automatically.
Start with hooks #1 and #2 (auto-format and block dangerous commands). Those two alone catch the most common Claude Code mistakes. Add the rest as you need them.
Related: what we found inside Claude Code's leaked source and KAIROS, the proactive agent hidden in the source.
Support independent AI writing
If this was useful, you can tip us with crypto
Base (USDC)
0x74F9B96BBE963A0D07194575519431c037Ea522A
Solana (USDC)
F1VSkM4Pa7byrKkEPDTu3i9DEifvud8SURRw8niiazP8