Feature request: support updatedInput in PreToolUse hooks
Summary
PreToolUse hooks currently support permissionDecision (allow/deny/ask) and additionalContext, but do NOT support updatedInput for transparently rewriting tool inputs before execution. The updatedInput field is documented for PermissionRequest hooks but silently ignored in PreToolUse hooks.
Use Case
Security hooks that need to sanitize Bash commands before execution. Example: wrapping cd .worktrees/foo && cmd in a subshell ( cd .worktrees/foo && cmd ) to prevent the shell CWD from persisting to a deletable directory.
Currently the only option is deny with a suggestion in the reason, which requires the model to resubmit — adding a round trip and depending on the model correctly parsing the suggested fix.
Proposed Behavior
When a PreToolUse hook returns:
{
"hookSpecificOutput": {
"hookEventName": "PreToolUse",
"permissionDecision": "allow",
"updatedInput": {
"command": "( cd .worktrees/foo && cmd )"
}
}
}
The framework should use the updatedInput values instead of the original tool input, similar to how PermissionRequest hooks handle updatedInput.
Context
This came up while building CWD protection for worktree deletion. The /tmp → project tmp/ rewrite pattern also depends on this — currently silently broken.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗