PreToolUse hooks may not fire for subagent (Agent tool) Bash calls

Resolved 💬 1 comment Opened Mar 30, 2026 by fechirin-cyber Closed Mar 30, 2026

Description

PreToolUse hooks configured in .claude/settings.json may not be triggered when a subagent (spawned via the Agent tool) executes Bash commands. Only Bash calls from the main conversation appear to be intercepted.

Setup

// .claude/settings.json
{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [
          {
            "type": "command",
            "command": "bash .claude/hooks/pre-commit-check.sh",
            "timeout": 60
          }
        ]
      }
    ]
  }
}

Expected behavior

When a subagent (e.g., lead-programmer, infra, or any agent spawned via the Agent tool) runs git commit through the Bash tool, the PreToolUse hook should fire and execute pre-commit-check.sh, just as it does for Bash calls in the main conversation.

Actual behavior

The hook appears to not fire for subagent Bash calls. This means:

  • Pre-commit checks (linting, secret scanning, etc.) can be silently bypassed
  • Security-critical hooks (e.g., blocking commits containing API keys) are ineffective when agents do the committing

Impact

This is a security concern. Users relying on PreToolUse hooks to prevent accidental secret leaks (API keys, tokens, credentials) in commits have a false sense of security, since the majority of commits in agent-heavy workflows are made by subagents, not the main conversation.

Environment

  • Claude Code on Windows 10 (bash shell)
  • Using Agent tool with subagent_type (lead-programmer, infra, etc.)
  • Hooks defined in project-level .claude/settings.json

Workaround

None known. Even if the hook is duplicated to .claude/settings.local.json, it does not appear to change the behavior for subagents.

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗