GitHub Copilot CLI supports hooks — shell scripts that run at specific lifecycle points during a session. Hooks receive structured JSON via stdin and can optionally return JSON to influence agent behavior. Key hook types include sessionStart, sessionEnd, and preToolUse, the last of which can allow, deny, or prompt for approval before any tool executes. A practical example shows blocking rm -rf commands via a preToolUse bash script. Important behaviors: hook failures don't block execution, multiple hooks of the same type run sequentially with any deny being sufficient to block, and timeouts default to 30 seconds. Hooks are stored in .github/hooks/*.json and are especially valuable for platform and DevOps teams enforcing org-wide security policies, audit logging, and access controls across Copilot CLI sessions.
Table of contents
What are hooks?The different hook typesSetting up your first hooksImportant behaviors to knowTesting your hooks locallyWho should be using hooks?Wrapping upMore informationSort: