diff --git a/.git-hooks/pre-commit b/.git-hooks/pre-commit
new file mode 100755
index 0000000..e29ab3b
--- /dev/null
+++ b/.git-hooks/pre-commit
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+# Pre-commit hook: Validate fixture provenance before allowing commits.
+# This ensures every fixture file has a corresponding PROVENANCE.md entry.
+#
+# To install this hook:
+#   ln -s ../../.git-hooks/pre-commit .git/hooks/pre-commit
+# Or run: make install-hooks (if Makefile exists)
+
+set -e
+
+# Run the provenance validation script
+bash scripts/check-provenance.sh
+
+exit 0
diff --git a/tests/fixtures/profiles/PROVENANCE.md b/tests/fixtures/profiles/PROVENANCE.md
index 3ab477b..4858168 100644
--- a/tests/fixtures/profiles/PROVENANCE.md
+++ b/tests/fixtures/profiles/PROVENANCE.md
@@ -2,6 +2,26 @@
 
 This manifest tracks the origin and licensing of every fixture file in `tests/fixtures/`.
 
+## Validation
+
+A pre-commit hook automatically validates this manifest before each commit:
+
+```bash
+# Install the hook (one-time setup)
+ln -s ../../.git-hooks/pre-commit .git/hooks/pre-commit
+```
+
+The hook runs `scripts/check-provenance.sh` to ensure:
+- Every fixture file has a corresponding entry in this manifest
+- SHA256 hashes match the actual file content
+- All licenses are from the approved list
+
+To manually validate the manifest:
+
+```bash
+bash scripts/check-provenance.sh
+```
+
 ## Format
 
 | Path | Source URL | License | Downloaded Date | SHA256 | Notes |