Hook exit code to fall back to permission prompt instead of only block/allow

Resolved 💬 3 comments Opened Apr 9, 2026 by jksk Closed May 23, 2026

Problem

When auto-allowing WebFetch for research tasks, there's no way to gate suspicious URLs (e.g. .exe, .bin, .dmg) behind a permission prompt while letting normal page reads through automatically.

Currently, PreToolUse hooks only support two outcomes:

  • exit 0 — pass through (tool proceeds, subject to existing permission rules)
  • exit 2 — block the call entirely

If WebFetch is in the allow list, exit 0 auto-allows everything. If it's not, every call prompts. There's no middle ground.

Proposed solution

Add a third hook exit code (e.g. exit 1 or exit 3) that means "require user approval for this specific call", regardless of whether the tool is in the allow list.

This would enable patterns like:

{
  "permissions": {
    "allow": ["WebFetch"]
  },
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "WebFetch",
        "hooks": [
          {
            "type": "command",
            "command": "jq -r '.tool_input.url' | grep -qiE '\\.(exe|bin|dmg|msi|sh|pkg|deb|rpm|tar\\.gz|zip)$' && exit 3 || exit 0"
          }
        ]
      }
    ]
  }
}

Where safe-looking URLs auto-allow and suspicious ones fall back to the normal permission prompt.

Use case

During research tasks, Claude may fetch dozens of documentation pages. Approving each one individually is tedious, but blanket auto-allow removes the safety net for potentially dangerous downloads. This feature would let users define their own risk boundary while keeping the approval UX for edge cases.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗