Hook exit code to fall back to permission prompt instead of only block/allow
Problem
When auto-allowing WebFetch for research tasks, there's no way to gate suspicious URLs (e.g. .exe, .bin, .dmg) behind a permission prompt while letting normal page reads through automatically.
Currently, PreToolUse hooks only support two outcomes:
exit 0— pass through (tool proceeds, subject to existing permission rules)exit 2— block the call entirely
If WebFetch is in the allow list, exit 0 auto-allows everything. If it's not, every call prompts. There's no middle ground.
Proposed solution
Add a third hook exit code (e.g. exit 1 or exit 3) that means "require user approval for this specific call", regardless of whether the tool is in the allow list.
This would enable patterns like:
{
"permissions": {
"allow": ["WebFetch"]
},
"hooks": {
"PreToolUse": [
{
"matcher": "WebFetch",
"hooks": [
{
"type": "command",
"command": "jq -r '.tool_input.url' | grep -qiE '\\.(exe|bin|dmg|msi|sh|pkg|deb|rpm|tar\\.gz|zip)$' && exit 3 || exit 0"
}
]
}
]
}
}
Where safe-looking URLs auto-allow and suspicious ones fall back to the normal permission prompt.
Use case
During research tasks, Claude may fetch dozens of documentation pages. Approving each one individually is tedious, but blanket auto-allow removes the safety net for potentially dangerous downloads. This feature would let users define their own risk boundary while keeping the approval UX for edge cases.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗