Claude Code Hooks Explained: PreToolUse, PostToolUse, and Safety

Claude Code hooks block dangerous commands but cannot reason, remember, or coordinate. See how afterclick turns hooks into a full governance layer with a reviewing engine.

The afterclick teamMay 7, 20265 min read

Claude Code will happily run shell commands, edit files, and call tools on your behalf. That is the point, and also the risk. Hooks are the mechanism that lets you put guardrails on that behavior: small programs that fire at defined moments in the agent's loop and get a say in what happens next. If you have ever wanted to stop the agent from touching a secrets file or running a destructive command, hooks are where you start.

A hook is a command you register against a tool event. When that event fires, Claude Code runs your command and reads its result, and depending on the event the agent can be blocked, allowed to continue, or fed extra context. Hooks run on your machine with your permissions, so they are as powerful and as limited as any local script. Because they run deterministically on every matching event, they are the right tool for rules that should always hold. They are not the model's judgment; they are your policy, enforced mechanically.

Three events carry most of the work. PreToolUse fires before a tool call runs and can inspect the proposed action and block it, allow it, or inject a warning the agent must consider. PostToolUse fires after a call completes, so it can react to the result, log it, or run a check and feed the output back. SessionStart fires when a session begins, so it can inject project context before any work starts. In practice that means a PreToolUse hook can scan a bash command and refuse a recursive force-delete or a production table drop, block reads of a secrets file, and a PostToolUse hook can run a linter after an edit and hand the agent the result. These are real, useful guardrails, and if you ship with Claude Code you should have a couple of them. But their nature is also their ceiling: a hook matches a pattern or runs a script, it forgets the instant it returns, and it governs exactly one tool call.

How afterclick turns hooks into governance

afterclick is the governance and operations platform for AI-built software, and it treats a hook as the doorbell, not the security system. The hook is how afterclick notices a risky action in real time; everything that makes that signal useful is the part a hook alone cannot do.

An independent engine reviews intent, not patterns. When a genuinely consequential change appears, touching authentication, money, data loss, or production, afterclick sends it to a separate reviewing engine that reasons about whether the change is actually right: whether an auth edit quietly widens access, whether a money-handling change has an off-by-one that bills customers twice. A pattern-matching hook can never do this; it has no concept of intent. The engine returns its concern and advice in plain words.

It is advisory by default, with your override and opt-in enforcement. The engine surfaces its concern; you stay in control. For most changes that is exactly right, you want to be informed, not blocked. When you want a hard stop on the riskiest surfaces, you opt into enforcement, and even then the owner keeps an override with a recorded reason. You choose the strictness; the hook just delivers the trigger.

Cross-session memory gives the review context a hook never has. A hook fires and forgets. afterclick records every session, file, and decision on a durable board, so a review can know that this same file broke staging last week, or that a decision three sessions ago is why the code looks the way it does. The signal stops being a momentary pattern match and becomes an informed judgment.

Ship gates coordinate the release a single hook cannot. A hook governs one tool call at one moment. afterclick adds a deploy lock and ship queue so two sessions cannot deploy at once and clobber each other, branch protection so main cannot be force-pushed on a bad day, and a kickoff step that aligns a change before it is built. These are properties of the whole release, not a single action.

A read-only audit trail records what changed and how to undo it. Every governed action and review lands on a human-readable dashboard. A hook leaves no durable trail; afterclick gives you and your team one place to see what the fleet did and the rollback path for each change.

In practice it looks like this: a session edits the billing webhook handler. The PreToolUse hook fires and hands the diff to afterclick. The engine reads it against the board, notices the change drops an idempotency check that a prior session added after a double-charge incident, and surfaces exactly that concern with the history attached. You see it before it lands, decide knowingly, and the audit trail records what you chose. A bare hook would have either silently allowed the edit or blindly blocked it on a keyword.

AspectA hook aloneafterclick (hook plus governance)
Decision basisPattern or script matchEngine reasons about intent on risky calls
MemoryForgets the instant it returnsCross-session board of decisions and outcomes
ScopeOne tool call at one momentWhole-release ship gates and deploy lock
ControlBlock or allow, all or nothingAdvisory by default, override, opt-in enforce
RecordNoneRead-only audit trail with rollback path

Keep your hooks. Add the layer that thinks.

Hooks are excellent at what they are for, and you should keep your destructive-command and secrets-file guards. But a wall of scripts will never reason about a subtle auth bug, remember last week's incident, or hold a deploy lock. afterclick is the layer that does, with the hook as its trigger.

It installs with one paste and is free to start, with the independent second eye included. Stop hoping a keyword match catches your worst change, and put a layer that actually thinks behind it.

Claude is the developer. afterclick is everyone else.

Frequently asked questions

What is the difference between PreToolUse and PostToolUse hooks?

PreToolUse fires before a tool call runs, so it can inspect the proposed action and block it, allow it, or inject context the agent must consider. PostToolUse fires after the call completes, so it reacts to the result, useful for logging, running a check, or feeding follow-up context back to the agent. SessionStart fires at the top of a session to inject project context.

How does afterclick use hooks differently from a plain guardrail script?

afterclick treats a hook as the trigger, not the whole answer. The hook notices a risky action in real time, then afterclick sends consequential changes to an independent engine that reasons about intent, reviews it against cross-session memory of past decisions and incidents, and surfaces its concern, advisory by default with an owner override and opt-in enforcement. A bare hook can only match a pattern.

If hooks can block risky actions, why do I need afterclick?

Hooks are local and rule-based: they match patterns but cannot reason about subtle bugs, they have no memory across sessions, and they govern only a single tool call. afterclick uses a hook as one input into a full governance layer with an independent reviewing engine, cross-session memory, ship gates like a deploy lock and branch protection, and a read-only audit trail of what changed and how to roll it back.

Ship AI-built software with a net

afterclick gives Claude Code memory, a second pair of eyes, and a calm ship queue. One paste, free to start.

Keep reading