Skip to main content
Cascade Hooks enable you to execute custom shell commands at key points during Cascade’s workflow. This powerful extensibility feature allows you to log operations, enforce guardrails, run validation checks, or integrate with external systems.
Hooks are designed for power users and enterprise teams who need fine-grained control over Cascade’s behavior. They require basic shell scripting knowledge.

What You Can Build

Hooks unlock a wide range of automation and governance capabilities:
  • Logging & Analytics: Track every file read, code change, command executed, user prompt, or Cascade response for compliance and usage analysis
  • Security Controls: Block Cascade from accessing sensitive files, running dangerous commands, or processing policy-violating prompts
  • Quality Assurance: Run linters, formatters, or tests automatically after code modifications
  • Custom Workflows: Integrate with issue trackers, notification systems, or deployment pipelines
  • Team Standardization: Enforce coding standards and best practices across your organization

How Hooks Work

Hooks are shell commands that run automatically when specific Cascade actions occur. Each hook:
  1. Receives context (details about the action being performed) via JSON as standard input
  2. Executes your script - Python, Bash, Node.js, or any executable
  3. Returns a result via exit code and output streams
For pre-hooks (executed before an action), your script can block the action by exiting with exit code 2. This makes pre-hooks ideal for implementing security policies or validation checks.

Configuration

Hooks are configured in JSON files that can be placed at three different levels. Cascade loads and merges hooks from all locations, giving teams flexibility in how they distribute and manage hook configurations.

System-Level

System-level hooks are ideal for organization-wide policies enforced on shared development machines. For example, you can use them to enforce security policies, compliance requirements, or mandatory code review workflows. Enterprise teams can also configure hooks via the cloud dashboard without managing local files.
  • macOS: /Library/Application Support/Windsurf/hooks.json
  • Linux/WSL: /etc/windsurf/hooks.json
  • Windows: C:\ProgramData\Windsurf\hooks.json

User-Level

User-level hooks are perfect for personal preferences and optional workflows.
  • Devin Desktop IDE: ~/.codeium/windsurf/hooks.json
  • JetBrains Plugin: ~/.codeium/hooks.json

Workspace-Level

Workspace-level hooks allow teams to version control project-specific policies alongside their code. They may include custom validation rules, project-specific integrations, or team-specific workflows.
  • Location: .windsurf/hooks.json in your workspace root
Hooks from all three locations are merged together. If the same hook event is configured in multiple locations, all hooks will execute in order: system → user → workspace.

Basic Structure

Here is an example of the basic structure of the hooks configuration:
In this example, pre_read_code specifies both a macOS/Linux command and a Windows PowerShell command. The post_write_code hook only specifies command, so it will run on macOS/Linux and fall back to PowerShell on Windows.

Configuration Options

Each hook accepts the following parameters:

Cross-Platform Behavior

The command and powershell fields let you define platform-appropriate commands in a single configuration. This is useful for teams with mixed macOS/Linux and Windows fleets.
About the working_directory parameter:
  • In multi-repo workspaces, the default is the root of the repo currently being worked on
  • Relative paths resolve from the default location (workspace or repo root)
  • Absolute paths are supported
  • Using ~ for home directory expansion is not supported

Hook Events

Cascade provides twelve hook events that cover the most critical actions in the agent workflow.

Common Input Structure

All hooks receive a JSON object with the following common fields: In the following examples, the common fields are omitted for brevity. There are twelve major types of hook events:

pre_read_code

Triggered before Cascade reads a code file. This may block the action if the hook exits with code 2. Use cases: Restrict file access, log read operations, check permissions Input JSON:
This file_path may be a directory path when Cascade reads a directory recursively.

post_read_code

Triggered after Cascade successfully reads a code file. Use cases: Log successful reads, track file access patterns Input JSON:
This file_path may be a directory path when Cascade reads a directory recursively.

pre_write_code

Triggered before Cascade writes or modifies a code file. This may block the action if the hook exits with code 2. Use cases: Prevent modifications to protected files, backup files before changes Input JSON:

post_write_code

Triggered after Cascade writes or modifies a code file. Use cases: Run linters, formatters, or tests; log code changes Input JSON:

pre_run_command

Triggered before Cascade executes a terminal command. This may block the action if the hook exits with code 2. Use cases: Block dangerous commands, log all command executions, add safety checks Input JSON:

post_run_command

Triggered after Cascade executes a terminal command. Use cases: Log command results, trigger follow-up actions Input JSON:

pre_mcp_tool_use

Triggered before Cascade invokes an MCP (Model Context Protocol) tool. This may block the action if the hook exits with code 2. Use cases: Log MCP usage, restrict which MCP tools can be used Input JSON:

post_mcp_tool_use

Triggered after Cascade successfully invokes an MCP tool. Use cases: Log MCP operations, track API usage, see MCP results Input JSON:

pre_user_prompt

Triggered before Cascade processes the text of a user’s prompt. This may block the action if the hook exits with code 2. Use cases: Log all user prompts for auditing, block potentially harmful or policy-violating prompts Input JSON:
The show_output configuration option does not apply to this hook.

post_cascade_response

Triggered asynchronously after Cascade completes a response to a user’s prompt. This hook receives the full Cascade response ever since the last user input. Use cases: Log all Cascade responses for auditing, analyze response patterns, send responses to external systems for compliance review Input JSON:
The response field contains the markdown-formatted content of Cascade’s response since the last user input. This includes planner responses, tool actions (file reads, writes, commands), and any other steps Cascade took. It also includes information about which rules were triggered. See the Tracking Triggered Rules example for how to parse rule usage. The show_output configuration option does not apply to this hook.
The response content is derived from trajectory data and may contain sensitive information from your codebase or conversations. Handle this data according to your organization’s security and privacy policies.

post_cascade_response_with_transcript

Triggered asynchronously after Cascade completes a response to a user’s prompt, similar to post_cascade_response. Instead of providing a markdown summary inline, this hook writes the full conversation transcript (from the beginning of the conversation) to a local JSONL file and provides the file path. Use cases: Enterprise audit and compliance logging, tracking AI-generated contributions, feeding transcripts to external observability or analytics tools Input JSON:
The transcript_path points to a JSONL file at ~/.windsurf/transcripts/{trajectory_id}.jsonl. Each line is a JSON object representing a single step in the conversation, with a type and status field plus step-specific data. For example:
The transcript includes detailed, customer-owned data such as file contents, command outputs, tool arguments, search results, and rules that were applied. Please note that the exact structure of each step may change in future versions, so please build any hook consumers to be resilient. Transcript files are written with 0600 permissions. Devin Desktop automatically limits the transcripts directory to 100 files, pruning the oldest by modification time. The show_output configuration option does not apply to this hook. This table shows the key differences between post_cascade_response and post_cascade_response_with_transcript hooks:
Transcript files will contain sensitive information from your codebase including file contents, command outputs, and conversation history. Handle these files according to your organization’s security and privacy policies.

post_setup_worktree

Triggered after a new git worktree is created and configured. The hook is executed inside the new worktree directory. Use cases: Copy .env files or other untracked files into the worktree, install dependencies, run setup scripts Environment Variables: Input JSON:

Exit Codes

Your hook scripts communicate results through exit codes:
Only pre-hooks (pre_user_prompt, pre_read_code, pre_write_code, pre_run_command, pre_mcp_tool_use) can block actions using exit code 2. Post-hooks cannot block since the action has already occurred.
Keep in mind that the user can see any hook-generated standard output and standard error in the Cascade UI if show_output is true.

Example Use Cases

Logging All Cascade Actions

Track every action Cascade takes for auditing purposes. Config:
Script (log_input.py):
This script appends every hook invocation to a log file, creating an audit trail of all Cascade actions. You may transform the input data or perform custom logic as you see fit.

Restricting File Access

Prevent Cascade from reading files outside a specific directory. Config:
Script (block_read_access.py):
When Cascade attempts to read a file outside the allowed directory, this hook blocks the operation and displays an error message.

Blocking Dangerous Commands

Prevent Cascade from executing potentially harmful commands. Config:
Script (block_dangerous_commands.py):
This hook scans commands for dangerous patterns and blocks them before execution.

Blocking Policy-Violating Prompts

Prevent users from submitting prompts that violate organizational policies. Config:
Script (block_bad_prompts.py):
This hook examines user prompts before they are processed and blocks any that contain prohibited patterns. When a prompt is blocked, the user sees an error message in the Cascade UI.

Logging Cascade Responses

Track all Cascade responses for compliance auditing or analytics. Config:
Script (log_cascade_response.py):
This hook logs every Cascade response to a file, creating an audit trail of all AI-generated content. You can extend this to send data to external logging systems, databases, or compliance platforms.

Tracking Triggered Rules

Track which rules were applied during Cascade interactions for observability and metrics. Config:
Script (track_rules.py):
Rule types:
  • Always On - Rules that are always included
  • Model Decision - Rules whose descriptions were shown to the model for conditional application
  • Manual - Rules explicitly @-mentioned in user input
  • Global - Global rules from global_rules.md
  • Glob - Rules triggered by file access matching glob patterns
This tracks which rules were presented to the model or triggered by file access, but does not indicate whether the model actually followed a rule. Rules that have already been shown recently in the conversation are deduplicated and may not appear again until later.

Running Code Formatters After Edits

Automatically format code files after Cascade modifies them. Config:
Script (format_code.sh):
This hook automatically runs the appropriate formatter based on the file type after each edit.

Setting Up Worktrees

Copy environment files and install dependencies when a new worktree is created. Config (in .windsurf/hooks.json):
Script (hooks/setup_worktree.sh):
This hook ensures each worktree has the necessary environment configuration and dependencies installed automatically.

Best Practices

Security

Use Cascade Hooks at Your Own Risk: Hooks execute shell commands automatically with your user account’s full permissions. You are entirely responsible for the code you configure. Poorly designed or malicious hooks can modify files, delete data, expose credentials, or compromise your system.
  • Validate all inputs: Never trust the input JSON without validation, especially for file paths and commands.
  • Use absolute paths: Always use absolute paths in your hook configurations to avoid ambiguity.
  • Protect sensitive data: Avoid logging sensitive information like API keys or credentials.
  • Review permissions: Ensure your hook scripts have appropriate file system permissions.
  • Audit before deployment: Review every hook command and script before adding to your configuration.
  • Test in isolation: Run hooks in a test environment before enabling them on your primary development machine.

Performance Considerations

  • Keep hooks fast: Slow hooks will impact Cascade’s responsiveness. Aim for sub-100ms execution times.
  • Use async operations: For non-blocking hooks, consider logging to a queue or database asynchronously.
  • Filter early: Check the action type at the start of your script to avoid unnecessary processing.

Error Handling

  • Always validate JSON: Use try-catch blocks to handle malformed input gracefully.
  • Log errors properly: Write errors to stderr so they’re visible when show_output is enabled.
  • Fail safely: If your hook encounters an error, consider whether it should block the action or allow it to proceed.

Testing Your Hooks

  1. Start with logging: Begin by implementing a simple logging hook to understand the data flow.
  2. Use show_output: true: Enable output during development to see what your hooks are doing.
  3. Test blocking behavior: Verify that exit code 2 properly blocks actions in pre-hooks.
  4. Check all code paths: Test both success and failure scenarios in your scripts.

Enterprise Distribution

Enterprise organizations need to enforce security policies, compliance requirements, and development standards that individual users cannot bypass. Cascade Hooks supports two enterprise distribution methods:
  1. Cloud Dashboard - Configure hooks via Team Settings in the Devin Desktop dashboard
  2. System-Level Files - Deploy hooks via MDM or configuration management tools
Both methods can be used together — hooks from all sources are combined and executed in order.

Cloud Dashboard Configuration

Team admins can configure Cascade Hooks directly from the Devin Desktop dashboard. Requirements:
  • Enterprise plan
  • TEAM_SETTINGS_UPDATE permission
To configure:
  1. Navigate to Team Settings in the Devin Desktop dashboard
  2. Find the Cascade Hooks section
  3. Enter your hooks configuration in JSON format
  4. Save your changes
Hooks configured through the dashboard are automatically distributed to all team members and loaded when Devin Desktop starts. Cloud-configured hooks are loaded first, followed by system-level, user-level, and workspace-level hooks.
When multiple team configurations are merged, hooks are combined per action rather than overwritten. This means hooks from all applicable team configs will run together.

System-Level File Deployment

For organizations that prefer file-based configuration or need hooks to work offline, deploy your mandatory hooks.json configuration to these OS-specific locations: macOS:
Linux/WSL:
Windows:
Place your hook scripts in a corresponding system directory (e.g., /usr/local/share/windsurf-hooks/ on Unix systems). System-level hooks take precedence over user and workspace hooks, and cannot be disabled by end users without root permissions.

MDM and Configuration Management

Enterprise IT teams can deploy system-level hooks using standard tools: Mobile Device Management (MDM)
  • Jamf Pro (macOS) - Deploy via configuration profiles or scripts
  • Microsoft Intune (Windows/macOS) - Use PowerShell scripts or policy deployment
  • Workspace ONE, Google Endpoint Management, and other MDM solutions
Configuration Management
  • Ansible, Puppet, Chef, SaltStack - Use your existing infrastructure automation
  • Custom deployment scripts - Shell scripts, PowerShell, or your preferred tooling

Verification and Auditing

After deployment, verify that hooks are properly installed:
Important: System-level hooks are entirely managed by your IT or security team. Devin Desktop does not deploy or manage files at system-level paths. Ensure your internal teams handle deployment, updates, and compliance according to your organization’s policies.

Workspace Hooks for Team Projects

For project-specific conventions, teams can use workspace-level hooks in version control:
This allows teams to standardize development practices. Keep security-critical policies at the cloud or system level, and avoid checking sensitive information into version control.

Additional Resources