diff --git a/content/copilot/concepts/agents/about-copilot-cli.md b/content/copilot/concepts/agents/about-copilot-cli.md
index 90292689613f..5a93c225a5cb 100644
--- a/content/copilot/concepts/agents/about-copilot-cli.md
+++ b/content/copilot/concepts/agents/about-copilot-cli.md
@@ -149,8 +149,10 @@ You can customize {% data variables.copilot.copilot_cli %} in a number of ways:
* **Custom instructions**: Custom instructions allow you to give {% data variables.product.prodname_copilot_short %} additional context on your project and how to build, test and validate its changes. For more information, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/use-copilot-cli#use-custom-instructions).
* **Model Context Protocol (MCP) servers**: MCP servers allow you to give {% data variables.product.prodname_copilot_short %} access to different data sources and tools. For more information, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/use-copilot-cli#add-an-mcp-server).
* **{% data variables.copilot.custom_agents_caps_short %}**: {% data variables.copilot.custom_agents_caps_short %} allow you to create different specialized versions of {% data variables.product.prodname_copilot_short %} for different tasks. For example, you could customize {% data variables.product.prodname_copilot_short %} to be an expert frontend engineer following your team's guidelines. {% data variables.copilot.copilot_cli %} includes specialized {% data variables.copilot.custom_agents_short %} that it automatically delegates common tasks to. For more information, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/use-copilot-cli#use-custom-agents).
+* **Hooks**: Hooks allow you to execute custom shell commands at key points during agent execution, enabling you to add validation, logging, security scanning, or workflow automation. See [AUTOTITLE](/copilot/concepts/agents/coding-agent/about-hooks).
* **Skills**: Skills allow you to enhance the ability of {% data variables.product.prodname_copilot_short %} to perform specialized tasks with instructions, scripts, and resources. For more information, see [AUTOTITLE](/copilot/concepts/agents/about-agent-skills).
+
## Security considerations
When you use {% data variables.copilot.copilot_cli_short %}, {% data variables.product.prodname_copilot_short %} can perform tasks on your behalf, such as executing or modifying files, or running shell commands.
diff --git a/content/copilot/concepts/agents/coding-agent/about-coding-agent.md b/content/copilot/concepts/agents/coding-agent/about-coding-agent.md
index 0206743ce633..c0aaeebd4f79 100644
--- a/content/copilot/concepts/agents/coding-agent/about-coding-agent.md
+++ b/content/copilot/concepts/agents/coding-agent/about-coding-agent.md
@@ -118,6 +118,7 @@ You can customize {% data variables.copilot.copilot_coding_agent %} in a number
* **Custom instructions**: Custom instructions allow you to give {% data variables.product.prodname_copilot_short %} additional context on your project and how to build, test and validate its changes. For more information, see [AUTOTITLE](/copilot/how-tos/configure-custom-instructions/add-repository-instructions).
* **Model Context Protocol (MCP) servers**: MCP servers allow you to give {% data variables.product.prodname_copilot_short %} access to different data sources and tools. For more information, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/extend-coding-agent-with-mcp).
* **{% data variables.copilot.custom_agents_caps_short %}**: {% data variables.copilot.custom_agents_caps_short %} allow you to create different specialized versions of {% data variables.product.prodname_copilot_short %} for different tasks. For example, you could customize {% data variables.product.prodname_copilot_short %} to be an expert frontend engineer following your team's guidelines. For more information, see [AUTOTITLE](/copilot/concepts/agents/coding-agent/about-custom-agents).
+* **Hooks**: Hooks allow you to execute custom shell commands at key points during agent execution, enabling you to add validation, logging, security scanning, or workflow automation. For more information, see [AUTOTITLE](/copilot/concepts/agents/coding-agent/about-hooks).
* **Skills**: Skills allow you to enhance the ability of {% data variables.product.prodname_copilot_short %} to perform specialized tasks with instructions, scripts, and resources. For more information, see [AUTOTITLE](/copilot/concepts/agents/about-agent-skills).
## Built-in security protections
diff --git a/content/copilot/concepts/agents/coding-agent/about-hooks.md b/content/copilot/concepts/agents/coding-agent/about-hooks.md
new file mode 100644
index 000000000000..b0004f92764f
--- /dev/null
+++ b/content/copilot/concepts/agents/coding-agent/about-hooks.md
@@ -0,0 +1,164 @@
+---
+title: About hooks
+shortTitle: Hooks
+intro: 'Extend and customize {% data variables.product.prodname_copilot %} agent behavior by executing custom shell commands at key points during agent execution.'
+product: '{% data reusables.gated-features.copilot-coding-agent %}
Sign up for {% data variables.product.prodname_copilot_short %} {% octicon "link-external" height:16 %}'
+versions:
+ feature: copilot
+topics:
+ - Copilot
+contentType: concepts
+category:
+ - Configure Copilot
+---
+
+## About hooks
+
+Hooks enable you to execute custom shell commands at strategic points in an agent's workflow, such as when an agent session starts or ends, or before and after a prompt is entered or a tool is called.
+
+Hooks receive detailed information about agent actions via JSON input, enabling context-aware automation. For example, you can use hooks to:
+
+* Programmatically approve or deny tool executions.
+* Utilize built-in security features like secret scanning to prevent credential leaks.
+* Implement custom validation rules and audit logging for compliance.
+
+{% data variables.product.prodname_copilot_short %} agents support hooks stored in JSON files in your repository at `.github/hooks/*.json`.
+
+Hooks are available for use with:
+
+* {% data variables.copilot.copilot_coding_agent %} on {% data variables.product.github %}
+* {% data variables.copilot.copilot_cli %} in the terminal
+
+## Types of hooks
+
+The following types of hooks are available:
+
+* **sessionStart**: Executed when a new agent session begins or when resuming an existing session. Can be used to initialize environments, log session starts for auditing, validate project state, and set up temporary resources.
+* **sessionEnd**: Executed when the agent session completes or is terminated. Can be used to cleanup temporary resources, generate and archive session reports and logs, or send notifications about session completion.
+* **userPromptSubmitted**: Executed when the user submits a prompt to the agent. Can be used to log user requests for auditing and usage analysis.
+* **preToolUse**: Executed before the agent uses any tool (such as `bash`, `edit`, `view`). This is the most powerful hook as it can **approve or deny tool executions**. Use this hook to block dangerous commands, enforce security policies and coding standards, require approval for sensitive operations, or log tool usage for compliance.
+* **postToolUse**: Executed after a tool completes execution (whether successful or failed). Can be used to log execution results, track usage statistics, generate audit trails, monitor performance metrics, and send failure alerts.
+* **errorOccurred**: Executed when an error occurs during agent execution. Can be used to log errors for debugging, send notifications, track error patterns, and generate reports.
+
+To see a complete reference of hook types with example use cases, best practices, and advanced patterns, see [AUTOTITLE](/copilot/reference/hooks-configuration).
+
+## Hook configuration format
+
+You configure hooks using a special JSON format. The JSON must contain a `version` field with a value of `1` and a `hooks` object containing arrays of hook definitions.
+
+```json copy
+{
+ "version": 1,
+ "hooks": {
+ "sessionStart": [
+ {
+ "type": "command",
+ "bash": "string (optional)",
+ "powershell": "string (optional)",
+ "cwd": "string (optional)",
+ "env": { "KEY": "value" },
+ "timeoutSec": 30
+ }
+ ],
+ }
+}
+```
+
+The hook object can contain the following keys:
+
+| Property | Required | Description |
+| --- | --- | --- |
+| `type` | Yes | Must be `"command"` |
+| `bash` | Yes (on Unix systems) | Path to the bash script to execute |
+| `powershell` | Yes (on Windows) | Path to the PowerShell script to execute |
+| `cwd` | No | Working directory for the script (relative to repository root) |
+| `env` | No | Additional environment variables that are merged with the existing environment |
+| `timeoutSec` | No | Maximum execution time in seconds (default: 30) |
+
+## Example hook configuration file
+
+This is an example configuration file that lives in `~/.github/hooks/project-hooks.json` within a repository.
+
+```json copy
+{
+ "version": 1,
+ "hooks": {
+ "sessionStart": [
+ {
+ "type": "command",
+ "bash": "echo \"Session started: $(date)\" >> logs/session.log",
+ "powershell": "Add-Content -Path logs/session.log -Value \"Session started: $(Get-Date)\"",
+ "cwd": ".",
+ "timeoutSec": 10
+ }
+ ],
+ "userPromptSubmitted": [
+ {
+ "type": "command",
+ "bash": "./scripts/log-prompt.sh",
+ "powershell": "./scripts/log-prompt.ps1",
+ "cwd": "scripts",
+ "env": {
+ "LOG_LEVEL": "INFO"
+ }
+ }
+ ],
+ "preToolUse": [
+ {
+ "type": "command",
+ "bash": "./scripts/security-check.sh",
+ "powershell": "./scripts/security-check.ps1",
+ "cwd": "scripts",
+ "timeoutSec": 15
+ },
+ {
+ "type": "command",
+ "bash": "./scripts/log-tool-use.sh",
+ "powershell": "./scripts/log-tool-use.ps1",
+ "cwd": "scripts"
+ }
+ ],
+ "postToolUse": [
+ {
+ "type": "command",
+ "bash": "cat >> logs/tool-results.jsonl",
+ "powershell": "$input | Add-Content -Path logs/tool-results.jsonl"
+ }
+ ],
+ "sessionEnd": [
+ {
+ "type": "command",
+ "bash": "./scripts/cleanup.sh",
+ "powershell": "./scripts/cleanup.ps1",
+ "cwd": "scripts",
+ "timeoutSec": 60
+ }
+ ]
+ }
+}
+```
+
+## Performance considerations
+
+Hooks run synchronously and block agent execution. To ensure a responsive experience, keep the following considerations in mind:
+
+* **Minimize execution time**: Keep hook execution time under 5 seconds when possible.
+* **Optimize logging**: Use asynchronous logging, like appending to files, rather than synchronous I/O.
+* **Use background processing**: For expensive operations, consider background processing.
+* **Cache results**: Cache expensive computations when possible.
+
+## Security considerations
+
+To ensure security is maintained when using hooks, keep the following considerations in mind:
+
+* **Always validate and sanitize the input processed by hooks**. Untrusted input could lead to unexpected behavior.
+* **Use proper shell escaping when constructing commands**. This prevents command injection vulnerabilities.
+* **Never log sensitive data, such as tokens or passwords**.
+* **Ensure hook scripts and logs have the appropriate permissions**.
+* **Be cautious with hooks that make external network calls**. These can introduce latency, failures, or expose data to third parties.
+* **Set appropriate timeouts to prevent resource exhaustion**. Long-running hooks can block agent execution and degrade performance.
+
+## Next steps
+
+To start creating hooks, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/use-hooks).
+
diff --git a/content/copilot/concepts/agents/coding-agent/index.md b/content/copilot/concepts/agents/coding-agent/index.md
index f295144cabd6..891b75fd423e 100644
--- a/content/copilot/concepts/agents/coding-agent/index.md
+++ b/content/copilot/concepts/agents/coding-agent/index.md
@@ -11,6 +11,7 @@ children:
- /about-coding-agent
- /agent-management
- /about-custom-agents
+ - /about-hooks
- /access-management
- /mcp-and-coding-agent
contentType: concepts
diff --git a/content/copilot/how-tos/use-copilot-agents/coding-agent/index.md b/content/copilot/how-tos/use-copilot-agents/coding-agent/index.md
index ed3b941f86c5..4113f067b4ff 100644
--- a/content/copilot/how-tos/use-copilot-agents/coding-agent/index.md
+++ b/content/copilot/how-tos/use-copilot-agents/coding-agent/index.md
@@ -20,6 +20,7 @@ children:
- /changing-the-ai-model
- /customize-the-agent-environment
- /customize-the-agent-firewall
+ - /use-hooks
- /troubleshoot-coding-agent
redirect_from:
- /copilot/using-github-copilot/using-copilot-coding-agent-to-work-on-tasks
diff --git a/content/copilot/how-tos/use-copilot-agents/coding-agent/use-hooks.md b/content/copilot/how-tos/use-copilot-agents/coding-agent/use-hooks.md
new file mode 100644
index 000000000000..a9e549792da4
--- /dev/null
+++ b/content/copilot/how-tos/use-copilot-agents/coding-agent/use-hooks.md
@@ -0,0 +1,115 @@
+---
+title: Using hooks with GitHub Copilot agents
+shortTitle: Use hooks
+intro: 'Learn how to extend and customize {% data variables.product.prodname_copilot %} agent behavior by executing custom shell commands at key points during agent execution.'
+versions:
+ feature: copilot
+topics:
+ - Copilot
+contentType: how-tos
+category:
+ - Configure Copilot
+---
+
+Hooks allow you to extend and customize the behavior of {% data variables.product.prodname_copilot %} agents by executing custom shell commands at key points during agent execution. For a conceptual overview of hooks, see [AUTOTITLE](/copilot/concepts/agents/coding-agent/about-hooks).
+
+## Creating a hook in a repository on {% data variables.product.github %}
+
+1. Create a new `hooks.json` file with the name of your choice in the `.github/hooks/` folder of your repository. The hooks configuration file **must be present** on your repository's default branch to be used by {% data variables.copilot.copilot_coding_agent %}. For {% data variables.copilot.copilot_cli %}, hooks are loaded from your current working directory.
+
+1. In your text editor, copy and paste the following hook template. Remove any hooks you don't plan on using from the `hooks` array.
+
+ ```json copy
+ {
+ "version": 1,
+ "hooks": {
+ "sessionStart": [...],
+ "sessionEnd": [...],
+ "userPromptSubmitted": [...],
+ "preToolUse": [...],
+ "postToolUse": [...],
+ "errorOccurred": [...]
+ }
+ }
+ ```
+
+1. Configure your hook syntax under the `bash` or `powershell` keys, or directly reference script files you have created.
+
+ * This example runs a script that outputs the start date of the session to a log file using the `sessionStart` hook:
+
+ ```json copy
+ "sessionStart": [
+ {
+ "type": "command",
+ "bash": "echo \"Session started: $(date)\" >> logs/session.log",
+ "powershell": "Add-Content -Path logs/session.log -Value \"Session started: $(Get-Date)\"",
+ "cwd": ".",
+ "timeoutSec": 10
+ }
+ ],
+ ```
+
+ * This example calls out to an external `log-prompt` script:
+
+ ```json copy
+ "userPromptSubmitted": [
+ {
+ "type": "command",
+ "bash": "./scripts/log-prompt.sh",
+ "powershell": "./scripts/log-prompt.ps1",
+ "cwd": "scripts",
+ "env": {
+ "LOG_LEVEL": "INFO"
+ }
+ }
+ ],
+ ```
+
+ For a full reference on the input JSON from agent sessions along with sample scripts, see [AUTOTITLE](/copilot/reference/hooks-configuration).
+
+1. Commit the file to the repository and merge it into the default branch. Your hooks will now run during agent sessions.
+
+## Troubleshooting
+
+If you run into problems using hooks, use the following table to troubleshoot.
+
+| Issue | Action |
+| --- | --- |
+| Hooks are not executing | - Verify the JSON file is in the `.github/hooks/` directory.
- Check for valid JSON syntax (for example, `jq . hooks.json`).
- Ensure `version: 1` is specified in your `hooks.json` file.
- Verify the script you are calling from your hook is executable (`chmod +x script.sh`)
- Check that the script has a proper shebang (for example, `#!/bin/bash`)
|
+| Hooks are timing out | - The default timeout is 30 seconds. Increase `timeoutSec` in the configuration if needed.
- Optimize script performance by avoiding unnecessary operations.
|
+| Invalid JSON output | - Ensure the output is on a single line.
- On Unix, use `jq -c` to compact and validate the JSON output.
- On Windows, use the `ConvertTo-Json -Compress` command in PowerShell to do the same.
|
+
+## Debugging
+
+You can debug hooks using the following methods:
+
+* **Enable verbose logging** in the script to inspect the input data and trace script execution.
+
+ ```shell copy
+ #!/bin/bash
+ set -x # Enable bash debug mode
+ INPUT=$(cat)
+ echo "DEBUG: Received input" >&2
+ echo "$INPUT" >&2
+ # ... rest of script
+ ```
+
+* **Test hooks locally** by piping test input into your hook to validate its behavior:
+
+ ```shell copy
+ # Create test input
+ echo '{"timestamp":1704614400000,"cwd":"/tmp","toolName":"bash","toolArgs":"{\"command\":\"ls\"}"}' | ./my-hook.sh
+
+ # Check exit code
+ echo $?
+
+ # Validate output is valid JSON
+ ./my-hook.sh | jq .
+ ```
+
+## Further reading
+
+* For more information about configuring hooks, see [AUTOTITLE](/copilot/reference/hooks-configuration)
+* For more information about {% data variables.copilot.copilot_coding_agent %}, see [AUTOTITLE](/copilot/concepts/agents/coding-agent/about-coding-agent)
+* For more information about {% data variables.copilot.copilot_cli %}, see [AUTOTITLE](/copilot/concepts/agents/about-copilot-cli)
+* For information about customizing the agent environment, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/customize-the-agent-environment)
diff --git a/content/copilot/reference/hooks-configuration.md b/content/copilot/reference/hooks-configuration.md
new file mode 100644
index 000000000000..d2cb6d07e626
--- /dev/null
+++ b/content/copilot/reference/hooks-configuration.md
@@ -0,0 +1,550 @@
+---
+title: Hooks configuration
+shortTitle: Hooks configuration
+intro: 'Find information about configuring hooks for use with {% data variables.copilot.copilot_cli %} and {% data variables.copilot.copilot_coding_agent %}.'
+versions:
+ feature: copilot
+topics:
+ - Copilot
+contentType: reference
+---
+
+This reference article describes the available hook types with examples, including their input and output formats, script best practices, and advanced patterns for logging, security enforcement, and external integrations. For general information about creating hooks, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/use-hooks).
+
+## Hook types
+
+### Session start hook
+
+Executed when a new agent session begins or when resuming an existing session.
+
+**Input JSON:**
+
+```json copy
+{
+ "timestamp": 1704614400000,
+ "cwd": "/path/to/project",
+ "source": "new",
+ "initialPrompt": "Create a new feature"
+}
+```
+
+**Fields:**
+
+* `timestamp`: Unix timestamp in milliseconds
+* `cwd`: Current working directory
+* `source`: Either `"new"` (new session), `"resume"` (resumed session), or `"startup"`
+* `initialPrompt`: The user's initial prompt (if provided)
+
+**Output:** Ignored (no return value processed)
+
+**Example hook:**
+
+```json copy
+{
+ "type": "command",
+ "bash": "./scripts/session-start.sh",
+ "powershell": "./scripts/session-start.ps1",
+ "cwd": "scripts",
+ "timeoutSec": 30
+}
+```
+
+**Example script (Bash):**
+
+```shell copy
+#!/bin/bash
+INPUT=$(cat)
+SOURCE=$(echo "$INPUT" | jq -r '.source')
+TIMESTAMP=$(echo "$INPUT" | jq -r '.timestamp')
+
+echo "Session started from $SOURCE at $TIMESTAMP" >> session.log
+```
+
+### Session end hook
+
+Executed when the agent session completes or is terminated.
+
+**Input JSON:**
+
+```json copy
+{
+ "timestamp": 1704618000000,
+ "cwd": "/path/to/project",
+ "reason": "complete"
+}
+```
+
+**Fields:**
+
+* `timestamp`: Unix timestamp in milliseconds
+* `cwd`: Current working directory
+* `reason`: One of `"complete"`, `"error"`, `"abort"`, `"timeout"`, or `"user_exit"`
+
+**Output:** Ignored
+
+**Example script:**
+
+```shell copy
+#!/bin/bash
+INPUT=$(cat)
+REASON=$(echo "$INPUT" | jq -r '.reason')
+
+echo "Session ended: $REASON" >> session.log
+# Cleanup temporary files
+rm -rf /tmp/session-*
+```
+
+### User prompt submitted hook
+
+Executed when the user submits a prompt to the agent.
+
+**Input JSON:**
+
+```json copy
+{
+ "timestamp": 1704614500000,
+ "cwd": "/path/to/project",
+ "prompt": "Fix the authentication bug"
+}
+```
+
+**Fields:**
+
+* `timestamp`: Unix timestamp in milliseconds
+* `cwd`: Current working directory
+* `prompt`: The exact text the user submitted
+
+**Output:** Ignored (prompt modification not currently supported in customer hooks)
+
+**Example script:**
+
+```shell copy
+#!/bin/bash
+INPUT=$(cat)
+PROMPT=$(echo "$INPUT" | jq -r '.prompt')
+TIMESTAMP=$(echo "$INPUT" | jq -r '.timestamp')
+
+# Log to a structured file
+echo "$(date -d @$((TIMESTAMP/1000))): $PROMPT" >> prompts.log
+```
+
+### Pre-tool use hook
+
+Executed before the agent uses any tool (such as `bash`, `edit`, `view`). This is the most powerful hook as it can **approve or deny tool executions**.
+
+**Input JSON:**
+
+```json copy
+{
+ "timestamp": 1704614600000,
+ "cwd": "/path/to/project",
+ "toolName": "bash",
+ "toolArgs": "{\"command\":\"rm -rf dist\",\"description\":\"Clean build directory\"}"
+}
+```
+
+**Fields:**
+
+* `timestamp`: Unix timestamp in milliseconds
+* `cwd`: Current working directory
+* `toolName`: Name of the tool being invoked (such as "bash", "edit", "view", "create")
+* `toolArgs`: JSON string containing the tool's arguments
+
+**Output JSON (optional):**
+
+```json copy
+{
+ "permissionDecision": "deny",
+ "permissionDecisionReason": "Destructive operations require approval"
+}
+```
+
+**Output fields:**
+
+* `permissionDecision`: Either `"allow"`, `"deny"`, or `"ask"` (only `"deny"` is currently processed)
+* `permissionDecisionReason`: Human-readable explanation for the decision
+
+**Example hook to block dangerous commands:**
+
+```shell copy
+#!/bin/bash
+INPUT=$(cat)
+TOOL_NAME=$(echo "$INPUT" | jq -r '.toolName')
+TOOL_ARGS=$(echo "$INPUT" | jq -r '.toolArgs')
+
+# Log the tool use
+echo "$(date): Tool=$TOOL_NAME Args=$TOOL_ARGS" >> tool-usage.log
+
+# Check for dangerous patterns
+if echo "$TOOL_ARGS" | grep -qE "rm -rf /|format|DROP TABLE"; then
+ echo '{"permissionDecision":"deny","permissionDecisionReason":"Dangerous command detected"}'
+ exit 0
+fi
+
+# Allow by default (or omit output to allow)
+echo '{"permissionDecision":"allow"}'
+```
+
+**Example hook to enforce file permissions:**
+
+```shell copy
+#!/bin/bash
+INPUT=$(cat)
+TOOL_NAME=$(echo "$INPUT" | jq -r '.toolName')
+
+# Only allow editing specific directories
+if [ "$TOOL_NAME" = "edit" ]; then
+ PATH_ARG=$(echo "$INPUT" | jq -r '.toolArgs' | jq -r '.path')
+
+ if [[ ! "$PATH_ARG" =~ ^(src/|test/) ]]; then
+ echo '{"permissionDecision":"deny","permissionDecisionReason":"Can only edit files in src/ or test/ directories"}'
+ exit 0
+ fi
+fi
+
+# Allow all other tools
+```
+
+### Post-tool use hook
+
+Executed after a tool completes execution (whether successful or failed).
+
+**Example input JSON:**
+
+```json copy
+{
+ "timestamp": 1704614700000,
+ "cwd": "/path/to/project",
+ "toolName": "bash",
+ "toolArgs": "{\"command\":\"npm test\"}",
+ "toolResult": {
+ "resultType": "success",
+ "textResultForLlm": "All tests passed (15/15)"
+ }
+}
+```
+
+**Fields:**
+
+* `timestamp`: Unix timestamp in milliseconds
+* `cwd`: Current working directory
+* `toolName`: Name of the tool that was executed
+* `toolArgs`: JSON string containing the tool's arguments
+* `toolResult`: Result object containing:
+ * `resultType`: Either `"success"`, `"failure"`, or `"denied"`
+ * `textResultForLlm`: The result text shown to the agent
+
+**Output:** Ignored (result modification is not currently supported)
+
+**Example script that logs tool execution statistics to a CSV file:**
+
+This script logs tool execution statistics to a CSV file and sends an email alert when a tool fails.
+
+```shell copy
+#!/bin/bash
+INPUT=$(cat)
+TOOL_NAME=$(echo "$INPUT" | jq -r '.toolName')
+RESULT_TYPE=$(echo "$INPUT" | jq -r '.toolResult.resultType')
+
+# Track statistics
+echo "$(date),${TOOL_NAME},${RESULT_TYPE}" >> tool-stats.csv
+
+# Alert on failures
+if [ "$RESULT_TYPE" = "failure" ]; then
+ RESULT_TEXT=$(echo "$INPUT" | jq -r '.toolResult.textResultForLlm')
+ echo "FAILURE: $TOOL_NAME - $RESULT_TEXT" | mail -s "Agent Tool Failed" admin@example.com
+fi
+```
+
+### Error occurred hook
+
+Executed when an error occurs during agent execution.
+
+**Example input JSON:**
+
+```json copy
+{
+ "timestamp": 1704614800000,
+ "cwd": "/path/to/project",
+ "error": {
+ "message": "Network timeout",
+ "name": "TimeoutError",
+ "stack": "TimeoutError: Network timeout\n at ..."
+ }
+}
+```
+
+**Fields:**
+
+* `timestamp`: Unix timestamp in milliseconds
+* `cwd`: Current working directory
+* `error`: Error object containing:
+ * `message`: Error message
+ * `name`: Error type/name
+ * `stack`: Stack trace (if available)
+
+**Output:** Ignored (error handling modification is not currently supported)
+
+**Example script that extracts error details to a log file:**
+
+```shell copy
+#!/bin/bash
+INPUT=$(cat)
+ERROR_MSG=$(echo "$INPUT" | jq -r '.error.message')
+ERROR_NAME=$(echo "$INPUT" | jq -r '.error.name')
+
+echo "$(date): [$ERROR_NAME] $ERROR_MSG" >> errors.log
+```
+
+## Script best practices
+
+### Reading input
+
+This example script reads JSON input from stdin into a variable, then uses `jq` to extract the `timestamp` and `cwd` fields.
+
+**Bash:**
+
+```shell copy
+#!/bin/bash
+# Read JSON from stdin
+INPUT=$(cat)
+
+# Parse with jq
+TIMESTAMP=$(echo "$INPUT" | jq -r '.timestamp')
+CWD=$(echo "$INPUT" | jq -r '.cwd')
+```
+
+**PowerShell:**
+
+```powershell copy
+# Read JSON from stdin
+$input = [Console]::In.ReadToEnd() | ConvertFrom-Json
+
+# Access properties
+$timestamp = $input.timestamp
+$cwd = $input.cwd
+```
+
+### Outputting JSON
+
+This example script shows how to output valid JSON from your hook script. Use `jq -c` in Bash for compact single-line output, or `ConvertTo-Json -Compress` in PowerShell.
+
+**Bash:**
+
+```shell copy
+#!/bin/bash
+# Use jq to compact the JSON output to a single line
+echo '{"permissionDecision":"deny","permissionDecisionReason":"Security policy violation"}' | jq -c
+
+# Or construct with variables
+REASON="Too dangerous"
+jq -n --arg reason "$REASON" '{permissionDecision: "deny", permissionDecisionReason: $reason}'
+```
+
+**PowerShell:**
+
+```powershell copy
+# Use ConvertTo-Json to compact the JSON output to a single line
+$output = @{
+ permissionDecision = "deny"
+ permissionDecisionReason = "Security policy violation"
+}
+$output | ConvertTo-Json -Compress
+```
+
+### Error handling
+
+This script example demonstrates how to handle errors in hook scripts.
+
+**Bash:**
+
+```shell copy
+#!/bin/bash
+set -e # Exit on error
+
+INPUT=$(cat)
+# ... process input ...
+
+# Exit with 0 for success
+exit 0
+```
+
+**PowerShell:**
+
+```powershell copy
+$ErrorActionPreference = "Stop"
+
+try {
+ $input = [Console]::In.ReadToEnd() | ConvertFrom-Json
+ # ... process input ...
+ exit 0
+} catch {
+ Write-Error $_.Exception.Message
+ exit 1
+}
+```
+
+### Handling timeouts
+
+Hooks have a default timeout of 30 seconds. For longer operations, increase `timeoutSec`:
+
+```json copy
+{
+ "type": "command",
+ "bash": "./scripts/slow-validation.sh",
+ "timeoutSec": 120
+}
+```
+
+## Advanced patterns
+
+### Multiple hooks of the same type
+
+You can define multiple hooks for the same event. They execute in order:
+
+```json copy
+{
+ "version": 1,
+ "hooks": {
+ "preToolUse": [
+ {
+ "type": "command",
+ "bash": "./scripts/security-check.sh",
+ "comment": "Security validation - runs first"
+ },
+ {
+ "type": "command",
+ "bash": "./scripts/audit-log.sh",
+ "comment": "Audit logging - runs second"
+ },
+ {
+ "type": "command",
+ "bash": "./scripts/metrics.sh",
+ "comment": "Metrics collection - runs third"
+ }
+ ]
+ }
+}
+```
+
+### Conditional logic in scripts
+
+**Example: Only block specific tools**
+
+```shell copy
+#!/bin/bash
+INPUT=$(cat)
+TOOL_NAME=$(echo "$INPUT" | jq -r '.toolName')
+
+# Only validate bash commands
+if [ "$TOOL_NAME" != "bash" ]; then
+ exit 0 # Allow all non-bash tools
+fi
+
+# Check bash command for dangerous patterns
+COMMAND=$(echo "$INPUT" | jq -r '.toolArgs' | jq -r '.command')
+if echo "$COMMAND" | grep -qE "rm -rf|sudo|mkfs"; then
+ echo '{"permissionDecision":"deny","permissionDecisionReason":"Dangerous system command"}'
+fi
+```
+
+### Structured logging
+
+**Example: JSON Lines format**
+
+```shell copy
+#!/bin/bash
+INPUT=$(cat)
+TIMESTAMP=$(echo "$INPUT" | jq -r '.timestamp')
+TOOL_NAME=$(echo "$INPUT" | jq -r '.toolName')
+RESULT_TYPE=$(echo "$INPUT" | jq -r '.toolResult.resultType')
+
+# Output structured log entry
+jq -n \
+ --arg ts "$TIMESTAMP" \
+ --arg tool "$TOOL_NAME" \
+ --arg result "$RESULT_TYPE" \
+ '{timestamp: $ts, tool: $tool, result: $result}' >> logs/audit.jsonl
+```
+
+### Integration with external systems
+
+**Example: Send alerts to Slack**
+
+```shell copy
+#!/bin/bash
+INPUT=$(cat)
+ERROR_MSG=$(echo "$INPUT" | jq -r '.error.message')
+
+WEBHOOK_URL="https://hooks.slack.com/services/YOUR/WEBHOOK/URL"
+
+curl -X POST "$WEBHOOK_URL" \
+ -H 'Content-Type: application/json' \
+ -d "{\"text\":\"Agent Error: $ERROR_MSG\"}"
+```
+
+## Example use cases
+
+### Compliance audit trail
+
+Log all agent actions for compliance requirements by utilizing log scripts:
+
+```json copy
+{
+ "version": 1,
+ "hooks": {
+ "sessionStart": [{"type": "command", "bash": "./audit/log-session-start.sh"}],
+ "userPromptSubmitted": [{"type": "command", "bash": "./audit/log-prompt.sh"}],
+ "preToolUse": [{"type": "command", "bash": "./audit/log-tool-use.sh"}],
+ "postToolUse": [{"type": "command", "bash": "./audit/log-tool-result.sh"}],
+ "sessionEnd": [{"type": "command", "bash": "./audit/log-session-end.sh"}]
+ }
+}
+```
+
+### Cost tracking
+
+Track tool usage for cost allocation:
+
+```shell copy
+#!/bin/bash
+INPUT=$(cat)
+TOOL_NAME=$(echo "$INPUT" | jq -r '.toolName')
+TIMESTAMP=$(echo "$INPUT" | jq -r '.timestamp')
+USER=${USER:-unknown}
+
+echo "$TIMESTAMP,$USER,$TOOL_NAME" >> /var/log/copilot/usage.csv
+```
+
+### Code quality enforcement
+
+Prevent commits that violate code standards:
+
+```shell copy
+#!/bin/bash
+INPUT=$(cat)
+TOOL_NAME=$(echo "$INPUT" | jq -r '.toolName')
+
+if [ "$TOOL_NAME" = "edit" ] || [ "$TOOL_NAME" = "create" ]; then
+ # Run linter before allowing edits
+ npm run lint-staged
+ if [ $? -ne 0 ]; then
+ echo '{"permissionDecision":"deny","permissionDecisionReason":"Code does not pass linting"}'
+ fi
+fi
+```
+
+### Notification system
+
+Send notifications on important events:
+
+```shell copy
+#!/bin/bash
+INPUT=$(cat)
+PROMPT=$(echo "$INPUT" | jq -r '.prompt')
+
+# Notify on production-related prompts
+if echo "$PROMPT" | grep -iq "production"; then
+ echo "ALERT: Production-related prompt: $PROMPT" | mail -s "Agent Alert" team@example.com
+fi
+```
diff --git a/content/copilot/reference/index.md b/content/copilot/reference/index.md
index 69a95e135d92..57ba1a5e32eb 100644
--- a/content/copilot/reference/index.md
+++ b/content/copilot/reference/index.md
@@ -11,6 +11,7 @@ children:
- /ai-models
- /keyboard-shortcuts
- /custom-agents-configuration
+ - /hooks-configuration
- /custom-instructions-support
- /policy-conflicts
- /copilot-allowlist-reference