Feature Request: Blocking Hooks (PreToolUse that can prevent execution)

Resolved 💬 3 comments Opened Jan 20, 2026 by fnkmstrfsk Closed Jan 24, 2026

Summary

Request for Claude Code to support blocking hooks that can prevent tool execution, not just log it.

---

Current Behavior

Hooks like PreToolUse are informational only:

  • Hook runs before tool execution
  • Hook can log, warn, or output messages
  • Hook cannot prevent the tool from executing
  • Non-zero exit code is noted but doesn't block

---

Requested Behavior

Allow hooks to block tool execution based on exit code:

PreToolUse hook exits 0     → Tool executes normally
PreToolUse hook exits non-0 → Tool execution BLOCKED, message shown to user

---

Use Cases

1. Compliance Enforcement

Organizations with security policies need to enforce rules, not just document them:

  • Block writes to sensitive paths
  • Require approval before external API calls
  • Prevent accidental secret exposure

2. Human-in-the-Loop Gates

Some actions should require explicit human approval:

  • Pushing to remote repositories
  • Sending external communications
  • Modifying production systems

3. Safe Automation

For autonomous/unattended Claude Code sessions:

  • Prevent runaway actions
  • Enforce iteration limits
  • Block known-dangerous patterns

---

Proposed Implementation Options

Option A: Exit Code Enforcement

# .claude/hooks/PreToolUse
# Exit 0 = allow, Exit 1 = block

if [[ "$TOOL_NAME" == "Bash" ]]; then
  if echo "$TOOL_INPUT" | grep -q "rm -rf /"; then
    echo "BLOCKED: Dangerous command pattern"
    exit 1  # This should BLOCK execution
  fi
fi
exit 0

Option B: Policy File

// .claude/policy.json
{
  "rules": [
    {
      "tool": "Bash",
      "pattern": "git push.*--force",
      "action": "block",
      "message": "Force push requires manual execution"
    }
  ]
}

Option C: Hook Response Format

// Hook outputs JSON to stdout
{
  "action": "block",
  "reason": "External communication requires approval",
  "allow_override": true
}

---

Security Considerations

  • Hooks should be tamper-evident (hash verification)
  • Block decisions should be logged
  • User should see clear feedback when blocked
  • Consider "allow override" flag for soft blocks vs hard blocks

---

Business Impact

Without blocking hooks:

  • Security policies are advisory only
  • Compliance frameworks (ISO 27001, SOC 2) require enforceable controls
  • Organizations can't safely use Claude Code for sensitive workflows
  • Autonomous agents can't be trusted without guardrails

---

Happy to discuss further or provide more detail on any of these use cases.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗