๐ช Hooks
March 19, 2026 ยท View on GitHub
Hooks enable automated workflows triggered by specific events during GitHub Copilot coding agent sessions, such as session start, session end, user prompts, and tool usage.
How to Contribute
See CONTRIBUTING.md for guidelines on how to contribute new hooks, improve existing ones, and share your use cases.
How to Use Hooks
What's Included:
- Each hook is a folder containing a
README.mdfile and ahooks.jsonconfiguration - Hooks may include helper scripts, utilities, or other bundled assets
- Hooks follow the GitHub Copilot hooks specification
To Install:
- Copy the hook folder to your repository's
.github/hooks/directory - Ensure any bundled scripts are executable (
chmod +x script.sh) - Commit the hook to your repository's default branch
To Activate/Use:
- Hooks automatically execute during Copilot coding agent sessions
- Configure hook events in the
hooks.jsonfile - Available events:
sessionStart,sessionEnd,userPromptSubmitted,preToolUse,postToolUse,errorOccurred
When to Use:
- Automate session logging and audit trails
- Auto-commit changes at session end
- Track usage analytics
- Integrate with external tools and services
- Custom session workflows
| Name | Description | Events | Bundled Assets |
|---|---|---|---|
| Dependency License Checker | Scans newly added dependencies for license compliance (GPL, AGPL, etc.) at session end | sessionEnd | check-licenses.shhooks.json |
| Governance Audit | Scans Copilot agent prompts for threat signals and logs governance events | sessionStart, sessionEnd, userPromptSubmitted | audit-prompt.shaudit-session-end.shaudit-session-start.shhooks.json |
| Secrets Scanner | Scans files modified during a Copilot coding agent session for leaked secrets, credentials, and sensitive data | sessionEnd | hooks.jsonscan-secrets.sh |
| Session Auto-Commit | Automatically commits and pushes changes when a Copilot coding agent session ends | sessionEnd | auto-commit.shhooks.json |
| Session Logger | Logs all Copilot coding agent session activity for audit and analysis | sessionStart, sessionEnd, userPromptSubmitted | hooks.jsonlog-prompt.shlog-session-end.shlog-session-start.sh |
| Tool Guardian | Blocks dangerous tool operations (destructive file ops, force pushes, DB drops) before the Copilot coding agent executes them | preToolUse | guard-tool.shhooks.json |