* feat: add hooks authoring instruction
Add hooks.instructions.md with portable guidance for writing GitHub Copilot hooks:
- Folder structure, config schema, and all field documentation
- Script contract: stdin JSON, exit codes, stdout/stderr channels
- Payload schemas for all common events (sessionStart, sessionEnd, userPromptSubmitted, preToolUse, postToolUse, errorOccurred, agentStop)
- Per-event deny mechanisms (structured JSON for preToolUse, non-zero exit for others)
- Matcher support for host-level tool filtering
- Three impactful examples: commit gate, auto-format, dangerous command blocker
- Bash and PowerShell templates
- Cross-platform guidance (Python through both entries)
- Anti-patterns, design rules, and portability notes (GitHub Copilot vs Claude Code)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix: address PR review comments
- Document both toolArgs (JSON string) and tool_input/toolInput (object) variants with defensive parsing
- Update sessionStart stdout to reflect additionalContext injection support
- Document preToolUse stdout output fields: modifiedArgs/updatedInput, additionalContext
- Add matcher field note about local verification
- Remove undocumented notification event from event table
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix: address round 2 review comments
- Defensive toolArgs parsing in all 3 example scripts (handle toolArgs string, tool_input, toolInput)
- PowerShell type check: test -is [string] before ConvertFrom-Json, init to null
- commit-gate.sh: add package.json existence guard before jq
- block-dangerous.sh: truncate command in deny reason and stderr to avoid leaking secrets
- Consistent defensive parsing helper across all Bash examples
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix: handle toolArgs as string or object in jq, fix short_cmd scoping
- All 3 Bash example jq blocks now check toolArgs type before fromjson
- short_cmd defined before the deny/log branch to avoid set -u error
- Consistent defensive pattern across commit-gate, format-on-save, block-dangerous
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix: remove accidentally committed agency.toml
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix: expand Portability Note into CLI vs VS Code vs Cloud Agent section
Address Aaron's review: replace the thin portability bullet points with
a concrete comparison table covering what is the same (config schema,
event name casing, fields) and what differs (hook loading, shell
environment, tool argument field names). Add a 'How to write portable
hooks' checklist. Separate Claude Code into its own subsection.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix: simplify to toolArgs-only parsing, clean portability section
- toolArgs is the documented contract — remove tool_input/toolInput defensive
fallbacks from all examples and the Script Contract template
- Simplify portability section: same config everywhere, one-line note about
cloud agent requiring default branch
- All 3 example scripts now use simple toolArgs pipe parsing
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
5c0a993189