[BUG] PostToolUse Hooks Not Receiving Task Tool Outputs
PostToolUse Hooks Not Receiving Task Tool Outputs
Description
PostToolUse hooks configured to monitor the Task tool (used for multi-agent delegation) receive empty tool_response fields. This prevents proper validation and monitoring of sub-agent outputs, breaking the ability to implement security checks, compliance monitoring, or quality gates on delegated tasks.
Environment
- Claude Code version: [Latest]
- Operating System: macOS Darwin 24.6.0
- Hook configuration: PostToolUse hook for Task tool
Current Behavior
When a PostToolUse hook is configured for the Task tool, it receives:
{
"tool_name": "Task",
"tool_parameters": {
"agent": "coder",
"task": "Implement user authentication",
"context": {...}
},
"tool_response": {}, // Empty - this is the bug
"timestamp": "2025-07-26T17:00:00Z",
"session_id": "abc123"
}
Expected Behavior
PostToolUse hooks should receive the complete response from the Task tool:
{
"tool_name": "Task",
"tool_parameters": {
"agent": "coder",
"task": "Implement user authentication",
"context": {...}
},
"tool_response": {
"status": "SUCCESS",
"agent": "coder",
"task_id": "auth_implementation",
"results": {
"implemented_files": [
"/src/auth/login.py",
"/src/auth/jwt_handler.py"
],
"features_implemented": [...]
},
"errors": [],
"metadata": {
"duration_ms": 5432,
"tools_used": ["Read", "MultiEdit", "Bash"],
"files_modified": 2
}
},
"timestamp": "2025-07-26T17:00:00Z",
"session_id": "abc123"
}
Steps to Reproduce
- Configure a PostToolUse hook for the Task tool in settings.json:
{
"hooks": {
"PostToolUse": [
{
"name": "task_output_validator",
"tools": ["Task"],
"command": "python /path/to/validator.py"
}
]
}
}
- Create a validator script that logs the received data:
#!/usr/bin/env python3
import json
import sys
data = json.load(sys.stdin)
tool_response = data.get("tool_response", {})
if not tool_response:
sys.stderr.write("ERROR: Empty tool_response received!\n")
else:
sys.stderr.write(f"SUCCESS: Got {len(tool_response)} fields\n")
print(json.dumps({"decision": "allow"}))
- Execute a command that triggers multi-agent delegation:
claude-code "Use the coder agent to implement user authentication"
- Observe that the hook receives empty tool_response data
Impact
This bug severely limits the ability to:
- Security: Cannot validate that sub-agents aren't producing malicious code or accessing unauthorized resources
- Compliance: Cannot ensure sub-agent outputs comply with organizational policies
- Quality Assurance: Cannot automatically check delegated work meets standards
- Debugging: Makes it difficult to trace issues in multi-agent workflows
- Monitoring: Cannot track performance or success rates of delegated tasks
Additional Context
- This issue affects all versions that support multi-agent workflows
- Other tools (Write, Edit, Bash, etc.) correctly pass responses to PostToolUse hooks
- The SubagentStop hook only provides a
transcript_path, requiring complex file parsing instead of direct access to the output - This is blocking our ability to implement security validation for AI-generated code
Proposed Solution
The Task tool should capture and pass through the complete sub-agent response to PostToolUse hooks. This requires:
- Modifying the Task tool implementation to preserve sub-agent outputs
- Ensuring the hook pipeline receives the full response data
- Maintaining backward compatibility for existing hooks
Reproduction Code
I've created a complete demonstration that shows both the bug and expected behavior. The key test:
# Test showing the bug
buggy_hook_data = {
"tool_name": "Task",
"tool_parameters": {...},
"tool_response": {}, # Empty in current implementation
}
# Hook cannot validate
result = hook.validate(buggy_hook_data)
# Returns: "ERROR: Cannot validate Task output - no response data"
Full reproduction code available at: [gist link or attachment]
Priority
High - This is a critical gap in the security and monitoring capabilities of multi-agent systems, affecting enterprise users who need to audit and validate all AI-generated code.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗