Use Prompt Hooks to Let Claude Guard Its Own Tool Calls
Prompt hooks are a hook type that sends a single-turn prompt to Claude for evaluation, letting an LLM decide whether a tool call should be allowed. Instead of writing bash scripts with regex to catch dangerous commands, you describe the policy in plain English.
{
"hooks": {
"PreToolUse": [
{
"matcher": "Bash",
"hooks": [
{
"type": "prompt",
"prompt": "A developer tool wants to run this shell command: $ARGUMENTS. Should this be allowed? Deny if it modifies production databases, deletes important files, or accesses secrets. Respond with JSON: {\"decision\": \"allow\"} or {\"decision\": \"deny\", \"reason\": \"...\"}",
"model": "fast-model",
"timeout": 30
}
]
}
]
}
}
The $ARGUMENTS placeholder is replaced with the hook's input JSON, which includes the full tool call details. The fast model evaluates the policy and returns a structured decision.
This is more flexible than bash-based guards because the LLM can understand intent, not just pattern-match. A command like psql -c "DROP TABLE users" would be caught even without a hardcoded list of dangerous SQL keywords.
For even more powerful evaluation, use the agent hook type instead, which can spawn a subagent with access to tools like Read, Grep, and Glob to investigate before deciding:
{
"type": "agent",
"prompt": "Check if this file edit is safe: $ARGUMENTS. Read the target file first.",
"timeout": 60
}
Guard your tool calls with natural language policies instead of brittle regex.
Log in to leave a comment.
When Claude writes error messages, button labels, validation text, or onboarding flows, it defaults to generic developer-speak. Add a "Users" section to your CLAUDE.md describing who your actual users are — their technical level, industry jargon, and what they care about — so Claude writes copy that makes sense to THEM, not to developers.
Use the --agent flag with custom markdown files in .claude/agents/ to launch purpose-built Claude sessions with restricted tools and scoped system prompts.
Every project has traps — the billing module that silently fails if you forget to queue the job, the legacy table with column names that don't match the model, the config value that must be set before tests run. Document these gotchas in your CLAUDE.md so Claude avoids the same mistakes your team spent days debugging.