全部技能 分类浏览
← 返回
未分类

12

Create Cursor hooks. Use when you want to create a hook, write hooks.json, add hook scripts, or automate behavior around agent events.
>-
user_2b5da9ce
未分类 community v1.0.0 1 版本 98076.9 Key: 无需
★ 0
Stars
📥 51
下载
💾 0
安装
1
版本
#latest

概述

Creating Cursor Hooks

Create hooks when you want Cursor to run custom logic before or after agent events. Hooks are scripts or prompt-based checks that exchange JSON over stdin/stdout and can observe, block, modify, or follow up on behavior.

When the user asks for a hook, don't stop at describing the format. Gather the missing requirements, then create or update the hook files directly.

Gather Requirements

Before you write anything, determine:

  1. Scope: Should this be a project hook or a user hook?
  2. Trigger: Which event should run the hook?
  3. Behavior: Should it audit, deny/allow, rewrite input, inject context, or continue a workflow?
  4. Implementation: Should it be a command hook (script) or a prompt hook?
  5. Filtering: Does it need a matcher so it only runs for certain tools, commands, or subagent types?
  6. Safety: Should failures fail open or fail closed?

Infer these from the conversation when possible. Only ask for the missing pieces.

Choose the Right Location

  • Project hooks: .cursor/hooks.json and .cursor/hooks/*
  • User hooks: ~/.cursor/hooks.json and ~/.cursor/hooks/*

Path behavior matters:

  • Project hooks run from the project root, so use paths like .cursor/hooks/my-hook.sh
  • User hooks run from ~/.cursor/, so use paths like ./hooks/my-hook.sh or hooks/my-hook.sh

Prefer project hooks when the behavior should be shared with the repository and checked into version control.

Choose the Hook Event

Use the narrowest event that matches the user's goal.

Common Agent events

  • sessionStart, sessionEnd: set up or audit a session
  • preToolUse, postToolUse, postToolUseFailure: work across all tools
  • subagentStart, subagentStop: control or continue Task/subagent workflows
  • beforeShellExecution, afterShellExecution: gate or audit terminal commands
  • beforeMCPExecution, afterMCPExecution: gate or audit MCP tool calls
  • beforeReadFile, afterFileEdit: control file reads or post-process edits
  • beforeSubmitPrompt: validate prompts before they are sent
  • preCompact: observe context compaction
  • stop: handle agent completion
  • afterAgentResponse, afterAgentThought: track agent output or reasoning

Tab events

  • beforeTabFileRead: control file access for inline completions
  • afterTabFileEdit: post-process edits made by Tab

Quick event chooser

  • Block or approve shell commands -> beforeShellExecution
  • Audit shell output -> afterShellExecution
  • Format files after edits -> afterFileEdit
  • Block or rewrite a specific tool call -> preToolUse
  • Add follow-up context after a tool succeeds -> postToolUse
  • Control whether subagents can run -> subagentStart
  • Chain subagent loops -> subagentStop
  • Check prompts for secrets or policy violations -> beforeSubmitPrompt
  • Protect MCP calls -> beforeMCPExecution

Hooks File Format

Create a hooks.json file with schema version 1:

{
  "version": 1,
  "hooks": {
    "afterFileEdit": [
      {
        "command": ".cursor/hooks/format.sh"
      }
    ]
  }
}

Each hook definition can include:

  • command: shell command or script path
  • type: "command" or "prompt" (defaults to "command")
  • timeout: timeout in seconds
  • matcher: filter for when the hook runs
  • failClosed: block the action when the hook crashes, times out, or returns invalid JSON
  • loop_limit: mainly for stop and subagentStop follow-up loops

Matchers

Use matchers to avoid running the hook on every event.

  • preToolUse / postToolUse / postToolUseFailure: match on tool type such as Shell, Read, Write, Task, or MCP tools in MCP: ... form
  • subagentStart / subagentStop: match on subagent type such as generalPurpose, explore, or shell
  • beforeShellExecution / afterShellExecution: match on the full shell command string
  • beforeReadFile: match on tool type such as Read or TabRead
  • afterFileEdit: match on tool type such as Write or TabWrite
  • beforeSubmitPrompt: matches the value UserPromptSubmit

Important matcher warning:

  • Matchers use JavaScript-style regular expressions, not POSIX/grep syntax
  • Do not use POSIX classes like [[:space:]]; use JavaScript equivalents like \s
  • If the matcher is at all tricky, start by getting the hook working without one or with a very simple matcher, then tighten it after the hook is confirmed to load and fire

If the user wants a hook for only one risky command family, prefer script-side filtering for the first working version and add a matcher afterward only if it is simple and clearly correct.

Command Hooks

Command hooks are the default. They receive JSON on stdin and can return JSON on stdout.

Before using a command hook, verify that every executable it depends on will actually run in the hook environment:

  • the script itself has a valid shebang and is executable
  • any helper binary it calls is already installed and on $PATH
  • if the script depends on tools like jq, python3, node, or repo-local CLIs, verify that explicitly before finishing

Do not assume a binary exists just because it is common on your machine.

Minimal project-level example

{
  "version": 1,
  "hooks": {
    "beforeShellExecution": [
      {
        "command": ".cursor/hooks/approve-network.sh",
        "matcher": "curl|wget|nc ",
        "failClosed": true
      }
    ]
  }
}

#!/bin/bash
input=$(cat)
command=$(echo "$input" | jq -r '.command // empty')

if [[ "$command" =~ curl|wget|nc ]]; then
  echo '{
    "permission": "ask",
    "user_message": "This command may make a network request. Please review it before continuing.",
    "agent_message": "A hook flagged this shell command as a possible network call."
  }'
  exit 0
fi

echo '{ "permission": "allow" }'
exit 0

Important behavior:

  • Exit code 0: success
  • Exit code 2: block the action, same as returning deny
  • Other non-zero exit codes: fail open by default unless failClosed: true

Always make hook scripts executable after creating them.

Prompt Hooks

Prompt hooks are useful when the policy is easier to describe than to script.

{
  "version": 1,
  "hooks": {
    "beforeShellExecution": [
      {
        "type": "prompt",
        "prompt": "Does this command look safe to execute? Only allow read-only operations. Here is the hook input: $ARGUMENTS",
        "timeout": 10
      }
    ]
  }
}

Use prompt hooks for lightweight policy decisions. Prefer command hooks when the logic must be deterministic or when the user needs exact, auditable behavior.

Event Output Cheat Sheet

Use the event's supported output fields only.

  • preToolUse: can return permission, user_message, agent_message, and updated_input
  • postToolUse: can return additional_context; for MCP tools it can also return updated_mcp_tool_output
  • subagentStart: can return permission and user_message
  • subagentStop: can return followup_message
  • beforeShellExecution / beforeMCPExecution: can return permission, user_message, and agent_message

When the user wants to rewrite a tool call, prefer preToolUse. When they want to gate only shell commands, prefer beforeShellExecution.

Implementation Workflow

  1. Pick the correct location and event
  2. Create or update the correct hooks.json file
  3. Start with no matcher or the simplest safe matcher
  4. Create the script under the matching hooks directory
  5. Read stdin JSON and implement the required behavior
  6. Make the script executable
  7. Verify any helper executables the script uses are installed and on $PATH
  8. Trigger the relevant action to test the hook
  9. Verify behavior in Cursor's Hooks settings tab or the Hooks output channel

If you are editing an existing hooks setup, preserve unrelated hooks and only change the minimum necessary entries.

Validation and Troubleshooting

  • Cursor watches hooks.json and reloads on save
  • If hooks still do not load, restart Cursor
  • Double-check relative paths:
  • project hooks -> relative to the project root
  • user hooks -> relative to ~/.cursor/
  • If the hook does not appear to load at all, suspect matcher/config parsing first; remove the matcher and confirm the base hook works before tightening it
  • If the script runs external commands, verify each one is installed and reachable from the hook process with command -v or equivalent
  • If the hook should block on failure, set failClosed: true
  • If a command hook should intentionally block, returning exit code 2 is valid

Final Checklist

  • [ ] Used the correct hook location and path style
  • [ ] Chose the narrowest correct event
  • [ ] Added a matcher when appropriate
  • [ ] Returned only fields supported by that hook event
  • [ ] Made the script executable
  • [ ] Tested the hook by triggering the real event
  • [ ] Checked the Hooks tab or Hooks output channel if debugging was needed

版本历史

共 1 个版本

  • v1.0.0 Initial release 当前
    2026-05-20 10:06 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

ai-intelligence

self-improving agent

pskoett
捕获经验教训、错误和纠正,以实现持续改进。使用时机:(1)命令或操作意外失败;(2)用户纠正……
★ 4,059 📥 797,945
ai-intelligence

Self-Improving + Proactive Agent

ivangdavila
自我反思+自我批评+自我学习+自组织记忆。智能体评估自身工作、发现错误并持续改进。
★ 1,354 📥 317,968
developer-tools

Github

steipete
使用 `gh` CLI 与 GitHub 交互,通过 `gh issue`、`gh pr`、`gh run` 和 `gh api` 管理议题、PR、CI 运行及高级查询。
★ 668 📥 323,989

Skill工具集 © 2026