Skip to main content

Hooks Catalog

Browse and install hooks to automate your GitHub Copilot coding agent workflows.

Available Hooks

Session Logger

Log session activity for audit and analysis

Session Auto-Commit

Auto-commit changes when sessions end

Governance Audit

Scan prompts for security threats

Session Logger

Tags: logging, audit, analytics
Comprehensive logging for GitHub Copilot coding agent sessions, tracking session starts, ends, and user prompts for audit trails and usage analytics.

Features

  • Session Tracking: Log session start and end events
  • Prompt Logging: Record when user prompts are submitted
  • Structured Logging: JSON format for easy parsing
  • Privacy Aware: Configurable to disable logging entirely

Installation

1

Copy Hook

cp -r hooks/session-logger .github/hooks/
2

Create Logs Directory

mkdir -p logs/copilot
3

Make Scripts Executable

chmod +x .github/hooks/session-logger/*.sh
4

Commit to Repository

git add .github/hooks/session-logger
git commit -m "Add session logger hook"
git push

Configuration

{
  "version": 1,
  "hooks": {
    "sessionStart": [
      {
        "type": "command",
        "bash": ".github/hooks/session-logger/log-session-start.sh",
        "cwd": ".",
        "timeoutSec": 5
      }
    ],
    "sessionEnd": [
      {
        "type": "command",
        "bash": ".github/hooks/session-logger/log-session-end.sh",
        "cwd": ".",
        "timeoutSec": 5
      }
    ],
    "userPromptSubmitted": [
      {
        "type": "command",
        "bash": ".github/hooks/session-logger/log-prompt.sh",
        "cwd": ".",
        "env": {
          "LOG_LEVEL": "INFO"
        },
        "timeoutSec": 5
      }
    ]
  }
}

Privacy & Security

Add logs/ to .gitignore to avoid committing session data to your repository.
  • Use LOG_LEVEL=ERROR to only log errors
  • Set SKIP_LOGGING=true environment variable to disable
  • Logs are stored locally only
  • No sensitive data is logged

Session Auto-Commit

Tags: automation, git, productivity
Automatically commits and pushes changes when a GitHub Copilot coding agent session ends, ensuring your work is always saved and backed up.

Features

  • Automatic Backup: Never lose work from a Copilot session
  • Timestamped Commits: Each auto-commit includes the session end time
  • Safe Execution: Only commits when there are actual changes
  • Error Handling: Gracefully handles push failures

Installation

1

Copy Hook

cp -r hooks/session-auto-commit .github/hooks/
2

Make Script Executable

chmod +x .github/hooks/session-auto-commit/auto-commit.sh
3

Commit to Repository

git add .github/hooks/session-auto-commit
git commit -m "Add session auto-commit hook"
git push

Configuration

{
  "version": 1,
  "hooks": {
    "sessionEnd": [
      {
        "type": "command",
        "bash": ".github/hooks/session-auto-commit/auto-commit.sh",
        "timeoutSec": 30
      }
    ]
  }
}

How It Works

1

Session Ends

When a Copilot coding agent session ends, the hook executes
2

Check for Changes

Detects uncommitted changes using git status
3

Stage & Commit

Stages all changes and creates a timestamped commit
4

Push to Remote

Attempts to push to remote repository

Customization

You can customize the hook by modifying auto-commit.sh:
  • Commit Message Format: Change the timestamp format or message prefix
  • Selective Staging: Use specific git add patterns instead of -A
  • Branch Selection: Push to specific branches only
  • Notifications: Add desktop notifications or Slack messages

Disabling

To temporarily disable auto-commits: 
export SKIP_AUTO_COMMIT=true

Governance Audit

Tags: security, governance, audit, safety
Real-time threat detection and audit logging for GitHub Copilot coding agent sessions. Scans user prompts for dangerous patterns before the agent processes them.

Features

  • Threat Detection: Scans prompts for data exfiltration, privilege escalation, system destruction, prompt injection, and credential exposure
  • Governance Levels: Open, standard, strict, locked — from audit-only to full blocking
  • Audit Trail: Append-only JSON log of all governance events
  • Session Summary: Reports threat counts at session end

Threat Categories

Detects attempts to send sensitive data to external endpoints.Examples:
  • “send all records to external API”
  • “curl data to my server”
  • “upload database to S3”
Detects attempts to gain elevated system privileges.Examples:
  • “sudo rm -rf”
  • “chmod 777”
  • “add to sudoers”
Detects commands that could destroy data or systems.Examples:
  • “rm -rf /”
  • “drop database”
  • “format disk”
Detects attempts to manipulate the AI agent’s behavior.Examples:
  • “ignore previous instructions”
  • “you are now in developer mode”
  • “disregard safety guidelines”
Detects hardcoded secrets and credentials.Examples:
  • Hardcoded API keys
  • AWS access keys
  • Private tokens in code

Governance Levels

LevelBehavior
openLog threats only, never block
standardLog threats, block only if BLOCK_ON_THREAT=true
strictLog and block all detected threats
lockedLog and block all detected threats

Installation

1

Copy Hook

cp -r hooks/governance-audit .github/hooks/
2

Make Scripts Executable

chmod +x .github/hooks/governance-audit/*.sh
3

Create Logs Directory

mkdir -p logs/copilot/governance
echo "logs/" >> .gitignore
4

Commit to Repository

git add .github/hooks/governance-audit
git commit -m "Add governance audit hook"
git push

Configuration

{
  "version": 1,
  "hooks": {
    "sessionStart": [
      {
        "type": "command",
        "bash": ".github/hooks/governance-audit/audit-session-start.sh",
        "cwd": ".",
        "timeoutSec": 5
      }
    ],
    "sessionEnd": [
      {
        "type": "command",
        "bash": ".github/hooks/governance-audit/audit-session-end.sh",
        "cwd": ".",
        "timeoutSec": 5
      }
    ],
    "userPromptSubmitted": [
      {
        "type": "command",
        "bash": ".github/hooks/governance-audit/audit-prompt.sh",
        "cwd": ".",
        "env": {
          "GOVERNANCE_LEVEL": "standard",
          "BLOCK_ON_THREAT": "false"
        },
        "timeoutSec": 10
      }
    ]
  }
}

Environment Variables

VariableValuesDefaultDescription
GOVERNANCE_LEVELopen, standard, strict, lockedstandardControls blocking behavior
BLOCK_ON_THREATtrue, falsefalseBlock prompts with threats (standard level)
SKIP_GOVERNANCE_AUDITtrueunsetDisable governance audit entirely

Requirements

  • jq for JSON processing (pre-installed on most CI environments and macOS)
  • grep with -E (extended regex) support
  • bc for floating-point comparison (optional, gracefully degrades)

Privacy & Security

Full prompts are never logged — only matched threat patterns (minimal evidence snippets) and metadata are recorded.
  • Add logs/ to .gitignore to keep audit data local
  • Set SKIP_GOVERNANCE_AUDIT=true to disable entirely
  • All data stays local — no external network calls

Contributing

Want to add a hook to this catalog? See the Contributing Guide for guidelines on:
  • Creating new hooks
  • Writing hook documentation
  • Testing and validation
  • Submission process

View All Hooks on GitHub

Browse the complete collection of hooks in the repository

Build docs developers (and LLMs) love

Get started for freeTalk to us