Hook Lifecycle

Four hook events, each running scripts that load context, gate dangerous actions, log everything, and persist summaries. You almost never see hooks fire — they’re invisible unless they block something.

Why this matters

• PreToolUse is the safety rail. pre-bash-check.sh blocks rm -rf on system dirs, DROP TABLE, credential file overwrites, curl-pipe-to-bash, and any pkill on production services. If you ever see a Bash command get rejected, this is why.
• PostToolUse + Stop are the memory rails. Every tool result + every session summary gets appended to the audit log and enqueued to memory.
• SessionStart is what makes “context continuity” feel automatic. It loads the SESSION-AUDIT, ACTIVE-PROJECT, and any prior memory hits before Claude responds to your first message.

All hook scripts live at ~/.openclaw/tools/hooks/. Definitions are in ~/.claude/settings.json (hooks.SessionStart, hooks.PreToolUse, hooks.PostToolUse, hooks.Stop).