Feature Request: Blocking Hooks (PreToolUse that can prevent execution)
Resolved 💬 3 comments Opened Jan 20, 2026 by fnkmstrfsk Closed Jan 24, 2026
Summary
Request for Claude Code to support blocking hooks that can prevent tool execution, not just log it.
---
Current Behavior
Hooks like PreToolUse are informational only:
- Hook runs before tool execution
- Hook can log, warn, or output messages
- Hook cannot prevent the tool from executing
- Non-zero exit code is noted but doesn't block
---
Requested Behavior
Allow hooks to block tool execution based on exit code:
PreToolUse hook exits 0 → Tool executes normally
PreToolUse hook exits non-0 → Tool execution BLOCKED, message shown to user
---
Use Cases
1. Compliance Enforcement
Organizations with security policies need to enforce rules, not just document them:
- Block writes to sensitive paths
- Require approval before external API calls
- Prevent accidental secret exposure
2. Human-in-the-Loop Gates
Some actions should require explicit human approval:
- Pushing to remote repositories
- Sending external communications
- Modifying production systems
3. Safe Automation
For autonomous/unattended Claude Code sessions:
- Prevent runaway actions
- Enforce iteration limits
- Block known-dangerous patterns
---
Proposed Implementation Options
Option A: Exit Code Enforcement
# .claude/hooks/PreToolUse
# Exit 0 = allow, Exit 1 = block
if [[ "$TOOL_NAME" == "Bash" ]]; then
if echo "$TOOL_INPUT" | grep -q "rm -rf /"; then
echo "BLOCKED: Dangerous command pattern"
exit 1 # This should BLOCK execution
fi
fi
exit 0
Option B: Policy File
// .claude/policy.json
{
"rules": [
{
"tool": "Bash",
"pattern": "git push.*--force",
"action": "block",
"message": "Force push requires manual execution"
}
]
}
Option C: Hook Response Format
// Hook outputs JSON to stdout
{
"action": "block",
"reason": "External communication requires approval",
"allow_override": true
}
---
Security Considerations
- Hooks should be tamper-evident (hash verification)
- Block decisions should be logged
- User should see clear feedback when blocked
- Consider "allow override" flag for soft blocks vs hard blocks
---
Business Impact
Without blocking hooks:
- Security policies are advisory only
- Compliance frameworks (ISO 27001, SOC 2) require enforceable controls
- Organizations can't safely use Claude Code for sensitive workflows
- Autonomous agents can't be trusted without guardrails
---
Happy to discuss further or provide more detail on any of these use cases.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗