Include sandbox state in hook input JSON
Summary
PreToolUse hooks have no way to know whether sandbox is enabled or what its configuration is. This creates a fundamental disconnect between the user's trust intent (expressed via sandbox config) and hook behavior.
Problem
When a user enables sandbox with autoAllowBashIfSandboxed: true, they're declaring: "Bash commands within these boundaries are trusted." However, PreToolUse hooks fire independently and may return deny or ask for commands that the sandbox would auto-allow.
The hook input JSON includes permission_mode but no sandbox-related fields. There's no first-class way for hooks to respect the user's sandbox trust boundaries.
Current workaround
Hooks can read settings.json directly to check sandbox state, but this is fragile and not part of the official hook interface:
jq -r '.sandbox.enabled' "$HOME/.claude/settings.json"
Proposal
Include sandbox configuration in the hook input JSON:
{
"session_id": "...",
"permission_mode": "default",
"sandbox": {
"enabled": true,
"autoAllow": true
},
"tool_name": "Bash",
"tool_input": { "command": "npm test" }
}
This would allow hook authors to make informed decisions based on the user's declared trust level, without relying on implementation details of settings.json.
Context
- Related: #37153 (add
permission_decisionto hook input) - Related: #36058, #31415 (other hook input enrichment requests)
- The broader pattern: hooks need more context about the session's security posture to make good decisions
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗