Claude Blog 采集 (2026-05-29)¶
共采集 5 篇文章
📋 文章索引¶
- How our partners are putting Opus to work for cybersecurity - May 21, 2026 (评分: 9.5)
- How to create Skills: Key steps, limitations, and examples - Nov 19, 2025 (评分: 9.5)
- How CodeRabbit used Claude to build an agent orchestration system - May 27, 2026 (评分: 9.0)
- How leading retailers are turning AI pilots into enterprise-wide transformation - Jan 28, 2026 (评分: 9.0)
- Claude Code power user customization: How to configure hooks - Dec 11, 2025 (评分: 9.0)
How our partners are putting Opus to work for cybersecurity¶
来源: Claude Blog 发布日期: May 21, 2026 采集时间: 2026-05-29 价值评分: 9.5/10 正文字数: ~7965 字符
摘要¶
Learn how companies like Wiz, Palo Alto Networks, and Accenture are using Claude Opus to find and fix vulnerabilities faster and deploy AI defense at scale.
正文内容¶
Learn how companies like Wiz, Palo Alto Networks, and Accenture are using Claude Opus to find and fix vulnerabilities faster and deploy AI defense at scale.
AI is changing how quickly security vulnerabilities are found and exploited, and the clearest response is for security teams to put highly capable models to work on their own defenses. When we launched Claude Security in public beta , we also shared a set of technology and services partners building on Claude Opus, because the fastest path to adoption looks different for every team: some may use Claude directly, others through a platform they already run, others through a services partner who knows their environment. Several of those offerings are now live, and the early results show what frontier-model defense looks like in practice. Early results Partners are reporting significant improvements in defense capabilities powered by Opus, both internally and in customer environments: Continuous pentesting across more than 150,000 production assets a week, surfacing thousands of validated high- and critical-severity findings weekly with zero false positives (Wiz, in customer production). The equivalent of a year's worth of penetration testing effort completed in under three weeks (Palo Alto Networks, internal testing). Security testing coverage taken from roughly 10% to over 80%, across 1,600 applications and 500,000+ APIs, with scan turnaround cut from 3–5 days to under an hour (Accenture, on its own infrastructure). The work falls into three areas: testing offensively at scale, closing the gap between finding and fixing vulnerabilities, and deploying governed AI into production. Continuous offensive testing at production scale Offensive testing means attacking your own systems the way an adversary would, so you find the exploitable paths first. Wiz Red Agent is an AI-powered attacker that uses Opus to reason like a human pentester across production web applications and APIs. It analyzes application logic, chains steps, and adapts to real-time server responses to surface the logic-driven flaws traditional scanners miss. Running continuously across more than 150,000 production assets a week, it's surfacing thousands of high- and critical-severity findings, each validated with proof of exploitability and business context from the Wiz Security Graph. "Security teams are no longer limited by a lack of data, but by the ability to act on it," said Alon Schindel, VP AI & Threat Research, Wiz. "By embedding frontier models into Wiz Agents, we're enabling organizations to defend at the speed of AI." Unit 42 Frontier AI Defense is Palo Alto Networks' expert-led service that uses Opus to find hidden vulnerabilities, map how they chain into critical attack paths, and build a roadmap for hardening against AI-enabled attacks. The service pairs that exposure analysis with a benchmarked blueprint for machine-speed defense and hands-on transformation work. "As attackers weaponize frontier models to automate cyberattacks, the defense must move faster," said Sam Rubin, SVP of Unit 42, Palo Alto Networks. CrowdStrike’s Frontier AI Readiness and Resilience Service brings the same class of capability to a platform trusted by more than 60% of the Fortune 500, pairing Opus with CrowdStrike's AI Red Team Services and proprietary agent frameworks to continuously hunt for latent zero-days in customer applications, validate findings, and accelerate remediation before new code reaches production. "Frontier models like Anthropic's Claude Opus are giving defenders a capability advantage that didn't exist a year ago, pushing vulnerability management all the way to the left." - Mark Manglicmot, Global VP of Consulting Services, CrowdStrike Closing the gap between finding and fixing The gap between finding a vulnerability and fixing it is where much of vulnerability exposure lives, because triage, prioritization, patch testing, and cross-team handoffs all take time. Accenture's Cyber.AI is an agentic platform that connects assets, identities, threats, and controls into a single operational model that Opus reasons across, running detection, prioritization, and remediation as a continuous loop. Accenture validated at scale internally first: taking security testing coverage from roughly 10% to over 80% across 1,600 applications and 500,000+ APIs, and cutting scan turnaround from 3–5 days to under an hour in their own global IT infrastructure – results that underpin what Cyber.AI now delivers to clients. "Business leaders are navigating the fastest moving and most complex cyber threat landscape in history. We’re partnering with Anthropic to deliver the tools clients need to stay ahead." - Harpreet Sidhu, Global Lead, Accenture Cybersecurity TrendAI™ Vision One uses Opus-assisted vulnerability research to help enterprises across 185 countries identify exposure and mitigate risk through virtual patching. Validated findings also flow into the TrendAI Zero Day Initiative for coordinated disclosure, helping protect at-risk systems up to 96 days before a vendor patch is available. “As AI accelerates vulnerability discovery, the real challenge for defenders becomes remediation at scale,” said Rachel Jin, Chief Platform and Business Officer, Head of TrendAI. “Together with Anthropic, we’re helping customers reduce risk through mitigation and virtual patching before attackers can exploit the gap.” Deloitte's Continuous Threat Exposure Management (CTEM) built on Deloitte Ascend™ runs discovery, validation, prioritization, and remediation as one workflow, including countermeasure design when no patch exists. Opus's code reasoning and automated stability testing gives teams the confidence to remediate in hours rather than days or weeks. "CTEM built on Ascend exists to help reduce decision latency in vulnerability remediation," said Adnan Amjad, partner and US Cyber leader, Deloitte, "the gap helps determine whether attackers or defenders win the window." Getting AI into production, governed The new world of agentic AI use cases has presented a new challenge for many teams. Without clear frameworks, setting up the controls, audit evidence, and autonomy boundaries for deployment can often leave AI adoption for security in pilot purgatory. PwC's Claude Native Cybersecurity offering addresses the two problems CISOs raise together: getting AI safely into production, and modernizing the cyber function itself. Secure AI Adoption moves enterprises from sandbox to production in weeks rather than quarters, with the deployment, governance, and audit evidence that helps the CISO and CRO bring innovation to their teams with confidence. Scaled Frontier Defense integrates Opus-powered agentic reasoning into existing vulnerability management, detection, security engineering, and GRC workflows, enabling autonomous execution within defined guardrails and auditability. “This is a defining moment for cybersecurity, where AI-driven transformation becomes essential to staying resilient and competitive,” - Morgan Adamski, U.S. Cyber, Data & Tech Leader, PwC The growing ecosystem BCG, Infosys, and SentinelOne are also building defensive cyber offerings on Opus, and we'll share more on each as they become available. Every offering above runs on the same underlying Opus capability: reasoning about code, understanding which exposures translate into real-word risk, and sustaining long agentic workflows. We're excited to be working with these partners to bring frontier defense to more security teams through the access points that fits them best. Learn more about Claude for security use cases .
Explore more product news and best practices for teams building with Claude.
Transform how your organization operates with Claude
Product updates, how-tos, community spotlights, and more. Delivered monthly to your inbox.
Please provide your email address if you'd like to receive our monthly developer newsletter. You can unsubscribe at any time.
采集自 Claude Blog,由 collect_claude_blog.py 自动采集
How to create Skills: Key steps, limitations, and examples¶
来源: Claude Blog 发布日期: Nov 19, 2025 采集时间: 2026-05-29 价值评分: 9.5/10 正文字数: ~30185 字符
摘要¶
Learn how to write custom skills that extend Claude's capabilities. Follow our 5-step guide with real examples to build specialized workflows for your tasks.
正文内容¶
Learn how to write tailored skills that deliver stronger, more effective outputs from Claude.
Skills are custom instructions that extend Claude's capabilities for specific tasks or domains. When you create a skill via a SKILL.md file, you're teaching Claude how to handle specific scenarios more effectively. The power of skills lies in their ability to encode institutional knowledge, standardize outputs, and handle complex multi-step workflows that would otherwise require repeated explanation or investment in building a custom agent. Learn how to create skills that transform Claude from general-purpose assistant into specialized expert for your specific workflows either with our skill creator template or manually. (Pro-tip: to make it easy, we recommend building your SKILL.md file with this template and tailoring from there). Creating a skill in 5 steps Follow this structured approach to build skills that trigger more reliably. 1. Understand the core requirements Before writing anything, clarify what problem your skill solves. Strong skills address concrete needs with measurable outcomes. "Extract financial data from PDFs and format as CSV" beats "Help with my finance stuff" because it specifies the input format, the operation, and the expected output. Start by asking yourself: What specific task does this skill accomplish? What triggers should activate it? What does success look like? What are the edge cases or limitations? 2. Write the name Your skill needs three core components: name (clear identifier), description (when to activate), and instructions (how to execute). In fact, the name and description are the only parts of the SKILL.md file that influence triggering, in other words, the ability for Claude to call a skill for specialized knowledge or workflows. The name should be straightforward and descriptive. Use lowercase with hyphens (e.g., pdf-editor, brand-guidelines). Keep it short and clear. 3. Write the description field The description determines when your skill activates, making it the most critical component. Write it from Claude's perspective, focusing on triggers, capabilities, and use cases. A strong description balances several elements: specific capabilities, clear triggers, relevant context, and boundaries. Weak description : This skill helps with PDFs and documents. Strong description : Comprehensive PDF manipulation toolkit for extracting text and tables, creating new PDFs, merging/splitting documents, and handling forms. When Claude needs to fill in a PDF form or programmatically process, generate, or analyze PDF documents at scale. Use for document workflows and batch operations. Not for simple PDF viewing or basic conversions. The stronger version gives Claude multiple data points: specific verbs (extract, create, merge), concrete use cases (form filling, batch operations), and clear boundaries (not for simple viewing). 4. Write the main instructions Your instructions should be structured, scannable, and actionable. Use markdown headers, bullet points for options, and code blocks for examples. Structure with clear hierarchy: overview, prerequisites, execution steps, examples, error handling, and limitations. Break complex workflows into discrete phases with clear inputs and outputs. Include concrete examples showing correct usage. Specify what the skill cannot do to prevent misuse and manage expectations. Your SKILL.md file can also include additional reference files and assets to provide even more clarity and guidance around what you’re asking the agent to do when the skill is triggered. 5. Upload your skill Depending on what Claude surface you’re building on, here’s how to upload your skill for use: Claude.ai (Claude apps): Go to Settings and add your custom skill there. Custom skills require a Pro, Max, Team, or Enterprise plan with code execution enabled. Skills uploaded here are individual to each user—they are not shared organization-wide and cannot be centrally managed by admins. Claude Code : Create a skills/ directory in your plugin or project root and add skill folders containing SKILL.md files. Claude discovers and uses them automatically when the plugin is installed. Example structure: my-project/ ├── skills/ │ └── my-skill/ │ └── SKILL.md Claude Developer Platform : Upload skills via the Skills API (/v1/skills endpoints). Use a POST request with the required beta headers: curl -X POST "https://api.anthropic.com/v1/skills" \ -H "x-api-key: $ANTHROPIC API KEY" \ -H "anthropic-version: 2023-06-01" \ -H "anthropic-beta: skills-2025-10-02" \ -F "display _title=My Skill Name" \ -F "files[]=@my-skill/SKILL.md;filename=my-skill/SKILL.md" 4. Testing and validation Test your skill with realistic scenarios before deploying it. Systematic testing reveals gaps in instructions, ambiguities in descriptions, and unexpected edge cases that only surface during actual use. Create a test matrix covering three scenarios: Normal operations : Test the skill with typical requests it should handle perfectly. If you built a financial analysis skill, try "analyze Microsoft's latest earnings" or "build a datapack for this 10-K filing." These baseline tests confirm your instructions work as intended. Edge cases : Test with incomplete or unusual inputs. What happens when data is missing? When file formats are unexpected? When users provide ambiguous instructions? Your skill should handle these gracefully—either producing degraded but useful output or explaining what's needed to proceed. Out-of-scope requests : Test with tasks that seem related but shouldn't trigger your skill. If you built an NDA review skill, try requesting "review this employment agreement" or "analyze this lease." The skill should stay dormant, letting other skills or general Claude capabilities handle the request. Consider implementing the following tests for even deeper validation: Triggering tests: Does the skill activate when expected? Test with both explicit requests ("use the financial datapack skill to analyze this company") and natural requests ("help me understand this company's financials"). Does it stay inactive when irrelevant? A well-scoped skill knows when not to activate. Test similar but distinct requests to verify boundaries. Functional tests: These include output consistency (do multiple runs with similar inputs produce comparable results?), usability (can someone unfamiliar with the domain use it successfully?), and documentation accuracy (do your examples match actual behavior?). 5. Iterate based on usage Monitor how your skill performs in real-world usage. Refine descriptions if triggering is inconsistent. Clarify instructions if outputs vary unexpectedly. As with prompts, the best skills evolve through practical application. General best practices for creating skills These principles help you create skills that are maintainable, reusable, and genuinely useful rather than theoretical. Start with use cases Don't write skills speculatively. Build them when you have real, repeated tasks. The best skills solve problems you encounter regularly. Before creating a skill, ask: Have I done this task at least five times? Will I do it at least ten more times? If yes, a skill makes sense. Define success criteria—and include it in the skill Tell Claude what a good out looks like. If you're creating financial reports, specify required sections, formatting standards, validation checks, and quality thresholds. Include these criteria in your instructions so Claude can self-check. Use the Skill-Creator skill The skill-creator skill guides you through creating well-structured skills. It asks clarifying questions, suggests description improvements, and helps format instructions properly. Available in the Skills repository on GitHub and directly via Claude.ai , it's particularly valuable for your first few skills. Skill limitations and considerations Understanding how skills work—and their boundaries—helps you design more effective skills and set appropriate expectations. Skill triggering Claude evaluates skill descriptions against your request to determine relevance. This isn't keyword matching—Claude understands semantic relationships. However, vague descriptions reduce triggering accuracy. Multiple skills can activate simultaneously if they address different aspects of a complex task. Overly generic descriptions cause inappropriate activation, while missing use cases cause missed activations. Appropriate file sizes When writing skills, avoid bloating the context window with unnecessary content. Consider whether each piece of information needs to be loaded every time, or only conditionally. Use a "menu" approach: if your skill covers multiple distinct processes or options, the SKILL.md should describe what's available and use relative paths to reference separate files for each. Claude then reads only the file relevant to the user's task, leaving the others untouched for that conversation. These separate files don't need to represent mutually exclusive paths. The key principle is breaking content into reasonable chunks and letting Claude select what's needed based on the task at hand. Real-world skills examples Skill example #1: docx creation skill #--- name: docx description: "Comprehensive document creation, editing, and analysis with support for tracked changes, comments, formatting preservation, and text extraction. When Claude needs to work with professional documents (.docx files) for: (1) Creating new documents, (2) Modifying or editing content, (3) Working with tracked changes, (4) Adding comments, or any other document tasks" license: Proprietary. LICENSE.txt has complete terms --- # DOCX creation, editing, and analysis ## Overview A user may ask you to create, edit, or analyze the contents of a .docx file. A .docx file is essentially a ZIP archive containing XML files and other resources that you can read or edit. You have different tools and workflows available for different tasks. ## Workflow Decision Tree ### Reading/Analyzing Content Use "Text extraction" or "Raw XML access" sections below ### Creating New Document Use "Creating a new Word document" workflow ### Editing Existing Document - Your own document + simple changes Use "Basic OOXML editing" workflow - Someone else's document Use "Redlining workflow" (recommended default) - Legal, academic, business, or government docs Use "Redlining workflow" (required) ## Reading and analyzing content ### Text extraction If you just need to read the text contents of a document, you should convert the document to markdown using pandoc. Pandoc provides excellent support for preserving document structure and can show tracked changes: bash # Convert document to markdown with tracked changes pandoc --track-changes=all path-to-file.docx -o output.md # Options: --track-changes=accept/reject/all ### Raw XML access You need raw XML access for: comments, complex formatting, document structure, embedded media, and metadata. For any of these features, you'll need to unpack a document and read its raw XML contents. #### Unpacking a file python ooxml/scripts/unpack.py <office_file> <output_directory> #### Key file structures * word/document.xml - Main document contents * word/comments.xml - Comments referenced in document.xml * word/media/ - Embedded images and media files * Tracked changes use <w:ins> (insertions) and <w:del> (deletions) tags ## Creating a new Word document When creating a new Word document from scratch, use docx-js , which allows you to create Word documents using JavaScript/TypeScript. ### Workflow 1. MANDATORY - READ ENTIRE FILE : Read docx-js.md (~500 lines) completely from start to finish. NEVER set any range limits when reading this file. Read the full file content for detailed syntax, critical formatting rules, and best practices before proceeding with document creation. 2. Create a JavaScript/TypeScript file using Document, Paragraph, TextRun components (You can assume all dependencies are installed, but if not, refer to the dependencies section below) 3. Export as .docx using Packer.toBuffer() ## Editing an existing Word document When editing an existing Word document, use the Document library (a Python library for OOXML manipulation). The library automatically handles infrastructure setup and provides methods for document manipulation. For complex scenarios, you can access the underlying DOM directly through the library. ### Workflow 1. MANDATORY - READ ENTIRE FILE : Read ooxml.md (~600 lines) completely from start to finish. NEVER set any range limits when reading this file. Read the full file content for the Document library API and XML patterns for directly editing document files. 2. Unpack the document: python ooxml/scripts/unpack.py <office_file> <output_directory> 3. Create and run a Python script using the Document library (see "Document Library" section in ooxml.md) 4. Pack the final document: python ooxml/scripts/pack.py <input_directory> <office_file> The Document library provides both high-level methods for common operations and direct DOM access for complex scenarios. ## Redlining workflow for document review This workflow allows you to plan comprehensive tracked changes using markdown before implementing them in OOXML. CRITICAL : For complete tracked changes, you must implement ALL changes systematically. Batching Strategy : Group related changes into batches of 3-10 changes. This makes debugging manageable while maintaining efficiency. Test each batch before moving to the next. Principle: Minimal, Precise Edits When implementing tracked changes, only mark text that actually changes. Repeating unchanged text makes edits harder to review and appears unprofessional. Break replacements into: [unchanged text] + [deletion] + [insertion] + [unchanged text]. Preserve the original run's RSID for unchanged text by extracting the <w:r> element from the original and reusing it. Example - Changing "30 days" to "60 days" in a sentence: python # BAD - Replaces entire sentence '<w:del><w:r><w:delText>The term is 30 days.</w:delText></w:r></w:del><w:ins><w:r><w:t>The term is 60 days.</w:t></w:r></w:ins>' # GOOD - Only marks what changed, preserves original <w:r> for unchanged text '<w:r w:rsidR="00AB12CD"><w:t>The term is </w:t></w:r><w:del><w:r><w:delText>30</w:delText></w:r></w:del><w:ins><w:r><w:t>60</w:t></w:r></w:ins><w:r w:rsidR="00AB12CD"><w:t> days.</w:t></w:r>' ### Tracked changes workflow 1. Get markdown representation : Convert document to markdown with tracked changes preserved: bash pandoc --track-changes=all path-to-file.docx -o current.md 2. Identify and group changes : Review the document and identify ALL changes needed, organizing them into logical batches: Location methods (for finding changes in XML): - Section/heading numbers (e.g., "Section 3.2", "Article IV") - Paragraph identifiers if numbered
采集自 Claude Blog,由 collect_claude_blog.py 自动采集
How CodeRabbit used Claude to build an agent orchestration system¶
来源: Claude Blog 发布日期: May 27, 2026 采集时间: 2026-05-29 价值评分: 9.0/10 正文字数: ~926 字符
摘要¶
CodeRabbit built a layer on Claude that sits between a coding request and a coding agent, producing a structured coding plan the team can review before any code gets generated.
正文内容¶
CodeRabbit built a layer on Claude that sits between a coding request and a coding agent, producing a structured coding plan the team can review before any code gets generated.
In our series, How startups build with Claude , we highlight how startups are transforming their industries with AI. In this article, we share how CodeRabbit built an agent orchestration layer that plans before AI generates code. The quick pitch Name CodeRabbit Founded 2023 Founders Harjot Gill, CEO Stack Claude Platform, Claude Code Scale Reviews 2 million PRs per week across 15,000+ customers
Explore more product news and best practices for teams building with Claude.
Transform how your organization operates with Claude
Product updates, how-tos, community spotlights, and more. Delivered monthly to your inbox.
Please provide your email address if you'd like to receive our monthly developer newsletter. You can unsubscribe at any time.
采集自 Claude Blog,由 collect_claude_blog.py 自动采集
How leading retailers are turning AI pilots into enterprise-wide transformation¶
来源: Claude Blog 发布日期: Jan 28, 2026 采集时间: 2026-05-29 价值评分: 9.0/10 正文字数: ~2822 字符
摘要¶
A practical guide for retail executives implementing AI at scale. Includes case studies from Shopify, L'Oréal, and Lotte Homeshopping with measurable results.
正文内容¶
Most enterprise AI initiatives start strong and stall fast. Our new guide documents what the organizations pulling ahead are doing differently.
Most enterprise AI initiatives start strong and stall fast. We've spent the past year working with retail organizations at different stages of that journey - some stuck in pilot purgatory, others scaling AI across thousands of employees. Our new guide identifies the three steps that separate the AI leaders pulling ahead from the laggards, drawing from our work alongside organizations seeing measurable ROI. What we're seeing Retailers face a familiar squeeze: margins are thin, customer expectations keep rising, and the pressure to automate runs headlong into the need to preserve service quality. PwC reports 88% of executives plan to increase AI investment this year. But investment alone isn't the bottleneck. Technology stacks are fragmented across e-commerce, POS, inventory, and CRM systems that weren't designed to work together. Seasonal demand cycles make ROI hard to model. And teams that understand both retail operations and AI capabilities are hard to find and harder to keep. The organizations making progress have stopped treating these as reasons to wait. What this looks like in practice The organizations pulling ahead each started with a specific operational problem, proved value within weeks, and expanded from there. In the case of Shopify , they deployed Claude to power Sidekick, an AI assistant that translates complex merchant requests into actionable insights. When a merchant asks a question in natural language, Claude converts it into ShopifyQL queries that previously required technical expertise. L'Oréal built a multi-agent system with Claude at the core, orchestrating 15+ specialized agents that work together to transform user questions into insights and visualizations for 44,000 employees across 150 countries. Lotte Homeshopping deployed an AI assistant to provide 24/7 support for partner suppliers, handling QA inquiries, validating documentation, and guiding partners through regulatory requirements. The path forward For organizations planning their 2026 priorities, the guide covers three essential steps: laying your foundation with stakeholder alignment and governance, launching carefully selected pilots starting with lower-risk applications, and scaling what works while building organizational capability. Read the full Enterprise AI Transformation Guide for Retail here .
Explore more product news and best practices for teams building with Claude.
Transform how your organization operates with Claude
Product updates, how-tos, community spotlights, and more. Delivered monthly to your inbox.
Please provide your email address if you'd like to receive our monthly developer newsletter. You can unsubscribe at any time.
采集自 Claude Blog,由 collect_claude_blog.py 自动采集
Claude Code power user customization: How to configure hooks¶
来源: Claude Blog 发布日期: Dec 11, 2025 采集时间: 2026-05-29 价值评分: 9.0/10 正文字数: ~4155 字符
摘要¶
Learn how to configure Claude Code hooks to automate repetitive tasks, enforce project rules, and inject dynamic context into your coding sessions.
正文内容¶
Learn how to configure Claude Code hooks to automate repetitive tasks, enforce project rules, and inject dynamic context into your coding sessions.
Even a smooth Claude Code workflow accumulates friction points over time. Every time Claude writes a file, Prettier needs to run manually. Every time it runs npm test, the same permission prompt appears. Every session starts with pasting the same boilerplate project context into the first message. The good news? Hooks eliminate these friction points. They act as triggers you can configure to fire before or after certain actions, allowing you to inject custom logic, scripts, and commands directly into Claude's operations. This article covers advanced configuration for developers already familiar with Claude Code basics. By the end of this article, you'll understand the eight hook types, when to use each one, how to configure them, and how to debug them when things go wrong. Let’s dive in. What is a hook? A hook is a custom shell command that you create to execute automatically when a targeted event occurs in your Claude Code session, such as when Claude is about to write a file or when you submit a prompt. You can designate hooks for a huge range of things: intercepting actions before they execute, injecting agent context, automating approvals, or blocking operations before they happen. Hooks are configured in your settings files using a JSON structure with event names, matchers (to filter which tools trigger the hook), and the commands to run. They execute in your local environment with your user permissions, receiving information about the triggering event via stdin and communicating back through exit codes and stdout. This gives you precise control over Claude Code behavior without modifying the tool itself. Why use hooks in Claude Code? Hooks solve three categories of problems. First, they eliminate repetitive manual steps . Instead of running your formatter after every file change, a PostToolUse hook handles it automatically. Instead of approving npm test for the hundredth time, a PermissionRequest hook auto-approves it. Second, hooks enforce project-specific rules automatically . You can block dangerous commands before they execute, validate file paths before writes, or ensure naming conventions are followed. These guardrails run every time, not only when you remember to check. Third, hooks inject dynamic context without manual effort. A SessionStart hook can feed Claude your current git status and TODO list. A UserPromptSubmit hook can append your sprint priorities to every request. Claude stays informed without you repeating yourself. Claude Code hook types and when to use them Claude Code provides eight hook events that cover the full lifecycle of a session, from startup through tool execution to completion. Each fires at a specific moment, giving you precise control over when your automation runs. Choosing the right hook depends on what you want to accomplish. Hooks at a glance Hook When it fires Common uses PreToolUse Before a tool executes Block dangerous commands, validate file paths, auto-approve safe operations PermissionRequest Before a permission dialog appears Auto-approve test commands, block access to sensitive files PostToolUse After a tool completes Run formatters, trigger linters, log file changes PreCompact Before context compaction Back up transcripts, preserve important decisions SessionStart When a session begins or resumes Inject git status, load TODO lists, set environment context Stop When Claude finishes responding Verify task completion, run tests, generate summaries SubagentStop When a subagent completes Validate subagent output, trigger follow-up actions UserPromptSubmit When you submit a prompt Inject sprint context, validate requests, add dynamic context
Explore more product news and best practices for teams building with Claude.
Transform how your organization operates with Claude
Product updates, how-tos, community spotlights, and more. Delivered monthly to your inbox.
Please provide your email address if you'd like to receive our monthly developer newsletter. You can unsubscribe at any time.
采集自 Claude Blog,由 collect_claude_blog.py 自动采集