Use Prompt Hooks to Let Claude Guard Its Own Tool Calls
Prompt hooks are a hook type that sends a single-turn prompt to Claude for evaluation, letting an LLM decide whether a tool call should be allowed. Instead of writing bash scripts with regex to catch dangerous commands, you describe the policy in plain English.
{
"hooks": {
"PreToolUse": [
{
"matcher": "Bash",
"hooks": [
{
"type": "prompt",
"prompt": "A developer tool wants to run this shell command: $ARGUMENTS. Should this be allowed? Deny if it modifies production databases, deletes important files, or accesses secrets. Respond with JSON: {\"decision\": \"allow\"} or {\"decision\": \"deny\", \"reason\": \"...\"}",
"model": "fast-model",
"timeout": 30
}
]
}
]
}
}
The $ARGUMENTS placeholder is replaced with the hook's input JSON, which includes the full tool call details. The fast model evaluates the policy and returns a structured decision.
This is more flexible than bash-based guards because the LLM can understand intent, not just pattern-match. A command like psql -c "DROP TABLE users" would be caught even without a hardcoded list of dangerous SQL keywords.
For even more powerful evaluation, use the agent hook type instead, which can spawn a subagent with access to tools like Read, Grep, and Glob to investigate before deciding:
{
"type": "agent",
"prompt": "Check if this file edit is safe: $ARGUMENTS. Read the target file first.",
"timeout": 60
}
Guard your tool calls with natural language policies instead of brittle regex.
Log in to leave a comment.
The autoUpdatesChannel setting pins Claude Code to a stable release track that skips versions with major regressions.
The language setting makes Claude respond in your preferred language by default, across every session and project.
The attribution setting lets you customize or completely remove Claude's Co-Authored-By trailer from git commits and pull requests.