Hooks
Deterministic automation that runs on lifecycle events outside the LLM loop
Extension Name Hooks
Vendor Terms hooks, agent hooks, Ask Kiro, Run Command, Agent Prompt, Shell Command
Scopes
Project / Repo RootUser / Home
Interfaces IDE, CLI
Availability current (explicit)
Trust Model Deterministic automation; IDE hooks can Ask Kiro (agent prompt) or Run Command (shell); CLI hooks fire on lifecycle events with structured JSON input; exit code semantics differ between surfaces
Notes IDE hooks support 10 trigger types (Prompt Submit, Agent Stop, Pre/Post Tool Use, File Create/Save/Delete, Pre/Post Task Execution, Manual Trigger) with two action types (Ask Kiro agent prompt, Run Command shell). CLI hooks support 5 types (AgentSpawn, UserPromptSubmit, PreToolUse, PostToolUse, Stop) defined in agent configuration with JSON STDIN events, tool matching, caching, and exit-code-based flow control (exit 2 blocks PreToolUse). Default timeout: 60s IDE, 30s CLI.
Extension Name Hooks
Vendor Terms hooks, shell commands, HTTP endpoints, LLM prompts, agent hooks, async hooks, prompt hooks, MCP tool hooks, asyncRewake, matcher, decision control, CLAUDE_ENV_FILE
Scopes
User / HomeProject / Repo RootOrganization / Enterprise
Interfaces terminal CLI, VS Code
Availability current (explicit)
Trust Model Deterministic control layer supporting shell commands, HTTP endpoints, LLM prompts, and agent subagents; hooks run with full user permissions; can intercept lifecycle events and tool use; organization admins can restrict to managed hooks only
Notes 4 handler types (command, http, prompt, agent) across 27 lifecycle events; async hooks run in background; hooks defined in settings files, plugins, skills, and agent frontmatter; PreToolUse hooks enforce policy even in bypass mode; allowManagedHooksOnly lets org admins restrict to managed hooks
Extension Name Hooks
Vendor Terms hooks, lifecycle interceptors, shell commands
Scopes
Project / Repo Root
Interfaces GitHub.com, VS Code, CLI
Availability current (explicit)
Trust Model Deterministic lifecycle interceptors that run synchronously and block agent execution; scripts run with repo-level permissions; receive JSON via stdin; default timeout 30s
Notes GitHub.com and CLI supported; VS Code in preview; 8 hook types: sessionStart, sessionEnd, userPromptSubmitted, preToolUse, postToolUse, agentStop, subagentStop, errorOccurred; only preToolUse can deny tool executions
Extension Name Hooks
Vendor Terms hooks, command hooks, hook events, hooks.json
Scopes
User / HomeProject / Repo Root
Interfaces CLI, IDE extension
Availability experimental (explicit)
Trust Model Deterministic scripts in the agent loop; hooks run as local shell commands receiving JSON on stdin; PreToolUse can deny commands but enforcement is incomplete (model can write scripts to disk); PostToolUse cannot undo side effects
Notes Experimental, behind codex_hooks = true feature flag. Windows support temporarily disabled. 5 hook events: SessionStart, PreToolUse, PostToolUse, UserPromptSubmit, Stop. PreToolUse/PostToolUse only intercept Bash tool calls (not MCP, Write, WebSearch, or unified_exec streaming). Multiple hooks run concurrently. Default timeout 600s.