Feature Request: Expose Agent ID or Type in PreToolUse Hook context

Resolved 💬 2 comments Opened Jan 1, 2026 by alexx-ftw Closed Jan 1, 2026

Problem

When using PreToolUse hooks to enforce security policies (e.g., blocking git commands for subagents), there is currently no way to distinguish whether a tool call originates from the main agent or a native subagent (such as general-purpose, Explore, or Plan).

Current Behavior

The hook input JSON contains:

{
  "session_id": "...",
  "transcript_path": "/path/to/session.jsonl",
  "tool_name": "Bash",
  "tool_input": { "command": "git status" },
  ...
}

Both the main agent and native subagents report the same session_id and transcript_path. There is no field to identify the caller.

Expected Behavior

The hook input should include additional context to identify the agent, such as:

{
  "agent_id": "a1b2c3d",
  "agent_type": "general-purpose",  // or "main", "Explore", etc.
  "parent_agent_id": null,          // null for main, ID for subagents
  ...
}

Use Case

Users may want to:

  • Allow the main agent to run git commands while blocking subagents.
  • Apply different permission policies based on agent type.
  • Audit tool usage per agent for compliance or debugging.

Environment

  • Claude Code CLI
  • Hooks: PreToolUse
  • Native subagents tested: general-purpose, Explore

Workaround Attempted

Checking for agent- prefix in transcript_path filename (as suggested in docs) does not work for native subagents, as they share the main agent's transcript.

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗