Feature request: support updatedInput in PreToolUse hooks

Resolved 💬 3 comments Opened Feb 18, 2026 by juanandresgs Closed Feb 21, 2026

Summary

PreToolUse hooks currently support permissionDecision (allow/deny/ask) and additionalContext, but do NOT support updatedInput for transparently rewriting tool inputs before execution. The updatedInput field is documented for PermissionRequest hooks but silently ignored in PreToolUse hooks.

Use Case

Security hooks that need to sanitize Bash commands before execution. Example: wrapping cd .worktrees/foo && cmd in a subshell ( cd .worktrees/foo && cmd ) to prevent the shell CWD from persisting to a deletable directory.

Currently the only option is deny with a suggestion in the reason, which requires the model to resubmit — adding a round trip and depending on the model correctly parsing the suggested fix.

Proposed Behavior

When a PreToolUse hook returns:

{
  "hookSpecificOutput": {
    "hookEventName": "PreToolUse",
    "permissionDecision": "allow",
    "updatedInput": {
      "command": "( cd .worktrees/foo && cmd )"
    }
  }
}

The framework should use the updatedInput values instead of the original tool input, similar to how PermissionRequest hooks handle updatedInput.

Context

This came up while building CWD protection for worktree deletion. The /tmp → project tmp/ rewrite pattern also depends on this — currently silently broken.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗