PermissionDenied Hook - Claude Code
Fires when auto mode or a rule denies an action.
PermissionDenied runs after a permission rule, auto-mode classifier, or hook denies a tool call. Use it to observe, escalate, or explain.
What it does
The hook receives the denial reason and the rejected tool call. It can log the event, notify a human, ask Claude to try a different approach, or surface a targeted error. It's the observability hook for a denial-heavy workflow.
When to use it
- Tracking denied actions to audit how tightly your policy is tuned.
- Paging a reviewer when a specific denied pattern happens.
- Teaching Claude alternatives on a first denial.
- Building dashboards for "what is Claude trying to do that's blocked?"
Gotchas
- Denials are noisy in tight environments. Filter before alerting.
- Teaching Claude an alternative on every denial can loop. Cap retries.
- Logs from this hook may contain sensitive reasons. Scrub before shipping to analytics.
Official docs: https://code.claude.com/docs/en/hooks.md#permissiondenied
Technical content at the intersection of AI and development. Building with AI agents, Claude Code, and modern dev tools - then showing you exactly how it works.
Get the weekly deep dive
Tutorials on Claude Code, AI agents, and dev tools - delivered free every week.
Was this helpful?
