Hooks

Hook scripts integrate AI agents with the Maybe Don’t gateway via the POST /api/v1/intercept endpoint. When an agent is about to use a tool (pre-tool) or has finished using one (post-tool), the hook script sends the tool call to the gateway for policy evaluation and translates the response into the agent’s expected format.

Reference Implementations

The hook scripts shipped with Maybe Don’t are reference implementations written in bash. You can write your own in any language — the only requirement is calling the intercept endpoint and translating the response for your agent.

How Hooks Work

Agent fires a hook event before or after tool execution
Hook script extracts the tool name, arguments (and result for post-tool)
Script POSTs to /api/v1/intercept on the gateway
Gateway evaluates CEL and AI policies, returns a verdict
Script translates the verdict into the agent-specific format (allow/deny)

Fail-Open Behavior

If the gateway is unreachable, hooks allow the tool call with a warning to stderr. The gateway is opt-in guardrails, not a hard gate — you’re choosing to add safety, not creating a single point of failure.

Response Phase Limitations

Post-tool hooks send tool results to the gateway for policy evaluation and audit logging, but most agents don’t support blocking or modifying the response after the tool has already executed. In practice, this means a post-tool policy violation is logged in the audit log but not enforced — the agent still sees the original tool output.

Agent	Event	Response deny	Response redact
Cursor	`afterMCPExecution`	No — logs warning	Yes — returns modified output
Cursor	`afterShellExecution`	No	No
Claude Code	`PostToolUse`	No	No
Gemini CLI	`AfterTool`	No	No
Cline	`postToolUse`	No	No
GitHub Copilot	`PostToolUse`	No	No

Cursor’s afterMCPExecution is the only hook that supports output modification — the script can return redacted content that replaces what the agent sees. All other post-tool events are observability-only.

Want response-phase enforcement? Use the MCP gateway instead of (or in addition to) hooks. The gateway intercepts responses at the proxy layer — before they reach the agent — so deny and redact decisions are enforced, not just logged.

Prerequisites

Gateway running in http or sse mode
MAYBE_DONT_URL environment variable set (e.g., http://localhost:8080)
jq and curl on PATH (for the reference bash scripts)

CLI Commands

# List available hook scripts
maybe-dont hooks list

# Export hook script to the agent's config directory
mkdir -p .claude/hooks
maybe-dont hooks export --agent claude-code > .claude/hooks/maybe-dont-hook.sh
chmod +x .claude/hooks/maybe-dont-hook.sh

# Export agent config snippet
maybe-dont hooks export --agent claude-code --config

Supported Agents

Claude Code

Anthropic’s CLI coding assistant

Cursor

AI-powered code editor

Gemini CLI

Google’s CLI coding assistant

Cline

Autonomous AI coding agent

GitHub Copilot

GitHub’s AI coding assistant

MCP Skills