Hooks

What hooks are

Hooks are programmable extension points in the Agent lifecycle. Beyond the platform’s default behavior, the system lets you inject custom logic at 28 key events—change how the Agent behaves without changing platform code.

Hooks vs event triggers

Dimension	Event trigger	Hook
Source	External events (webhook / cron / channel messages)	Internal events (Agent lifecycle)
Typical use	“When a PR arrives, do X”	“Before every Agent message, validate Y”
Scope	Across sessions	Within a session or across sessions
Goal	Start / trigger an Agent	Change internal Agent behavior

28 hook events

Grouped by lifecycle stage:

Session layer

Event	When it fires
`SessionStart`	Session created
`SessionStop`	Session ended
`SessionArchive`	Session archived

Agent layer

Event	When it fires
`AgentInit`	Agent initialized
`AgentStep`	Agent advances one step
`AgentFinish`	Agent completes the task

Message layer

Event	When it fires
`PreUserMessage`	Before a user message is ingested
`PostUserMessage`	After a user message is handled
`PreAssistantMessage`	Before the Agent sends a message
`PostAssistantMessage`	After the Agent sends a message

Tool layer

Event	When it fires
`PreToolUse`	Before a tool runs (blocking)
`PostToolUse`	After a tool runs
`ToolError`	Tool call failed

Memory layer

Event	When it fires
`MemoryRetrieve`	Memory retrieval
`MemoryGuardian`	Memory guardian (automatic monitoring)
`MemoryPromote`	KB → LTM promotion

Skill layer

Event	When it fires
`SkillInjector`	Match skills by context
`SkillActivate`	Skill activated
`SkillComplete`	Skill completed

See AgentFlow/src/hooks/ in the codebase for the full list of 28 events.

Five handler types

The same hook event can attach multiple handlers, chained by priority:

Handler	Execution	Fits
command	Run a shell command	Local scripts, notifications, logging
http	Call an HTTP endpoint	External systems
prompt	Inject / tweak the LLM prompt	Steer Agent behavior
agent	Start another Agent	Multi-agent workflows
python	Run embedded Python	Complex logic

Blocking pre-hooks

Pre hooks such as PreToolUse are blocking: if a handler returns block, the original action is rejected.

Typical pattern:

# Example: security audit before tool use
hooks:
  - event: PreToolUse
    handler:
      type: python
      code: |
        if tool_name == "execute_code" and "rm -rf" in tool_args.get("code", ""):
            return {"action": "block", "reason": "Destructive command not allowed"}
        return {"action": "allow"}

Typical scenarios

Scenario 1: Security audit (`PreToolUse`)

Log every execute_code call before execution; block high-risk commands.

Scenario 2: Cross-session memory guardian (`MemoryGuardian`)

When a session ends, scan the Ledger, extract fact / preference / error_pattern into LTM so other sessions can reuse them.

Scenario 3: Dynamic skill injection (`SkillInjector`)

Match the most relevant skills from the current message semantics; skip loading irrelevant ones (saves tokens).

Scenario 4: Compliance on output (`PreAssistantMessage`)

Before replying, check banned words or format rules; request revision when needed.

Scenario 5: Cost monitoring (`SessionStop`)

At session end, aggregate tokens, duration, and tool calls; alert when thresholds are exceeded.

Three-tier matching

Hooks do not run globally by default—they match across three tiers:

Rendering diagram…

📖 Event triggers
📖 Memory
📖 Skills
🧩 Source entry: AgentFlow/src/hooks/

Hooks

On this page