Include sandbox state in hook input JSON

Resolved 💬 4 comments Opened Mar 22, 2026 by xiangma9712 Closed Apr 21, 2026

Summary

PreToolUse hooks have no way to know whether sandbox is enabled or what its configuration is. This creates a fundamental disconnect between the user's trust intent (expressed via sandbox config) and hook behavior.

Problem

When a user enables sandbox with autoAllowBashIfSandboxed: true, they're declaring: "Bash commands within these boundaries are trusted." However, PreToolUse hooks fire independently and may return deny or ask for commands that the sandbox would auto-allow.

The hook input JSON includes permission_mode but no sandbox-related fields. There's no first-class way for hooks to respect the user's sandbox trust boundaries.

Current workaround

Hooks can read settings.json directly to check sandbox state, but this is fragile and not part of the official hook interface:

jq -r '.sandbox.enabled' "$HOME/.claude/settings.json"

Proposal

Include sandbox configuration in the hook input JSON:

{
  "session_id": "...",
  "permission_mode": "default",
  "sandbox": {
    "enabled": true,
    "autoAllow": true
  },
  "tool_name": "Bash",
  "tool_input": { "command": "npm test" }
}

This would allow hook authors to make informed decisions based on the user's declared trust level, without relying on implementation details of settings.json.

Context

  • Related: #37153 (add permission_decision to hook input)
  • Related: #36058, #31415 (other hook input enrichment requests)
  • The broader pattern: hooks need more context about the session's security posture to make good decisions

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗