[BUG] PreToolUse hook sometimes causes permission prompt to fail.
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
When Claude calls a tool (e.g. bash(chmod x...)) that is not in the deny or allow list, sometimes the permission prompt fails to fire if a preToolUse hook exists. When this happens, the tool appears to continue running indefinitely. Claude reports the backend shows Exit 0 and the permission prompt should have fired. It confirms this appears to be a bug.
<img width="900" height="333" alt="Image" src="https://github.com/user-attachments/assets/122993a6-b66f-48b5-a2b2-753537ea3162" />
What Should Happen?
Permission prompt should fire to allow this action.
Error Messages/Logs
Claude reported Exit 0, but it was lost in compaction. I'm not sure where to pull logs that would demonstrate this.
Steps to Reproduce
Create a preToolUse hook
Set up strict allow and deny permissions for certain commands in certain directories.
Cause Claude to invoke a bash command that is neither in the allow or deny list.
Claude Model
Opus
Is this a regression?
Yes, this worked in a previous version
Last Working Version
1.0.98
Claude Code Version
1.0.100
Platform
Anthropic API
Operating System
Other Linux
Terminal/Shell
Other
Additional Information
Terminal is Konsole.
OS is Fedora 43 KDE.
Claude Code was installed with NPM.
PreToolUse hook used:
"PreToolUse": [
{
"matcher": "Edit|Write|Read|Bash|Glob|Grep|NotebookEdit",
"hooks": [
{
"type": "command",
"command": "python3 ~/.claude/hooks/block-sensitive-files.py",
"timeout": 5
}
]
}
The goal of this hook is to block bash commands from reading or editing anything that may contain system secrets/credentials/personal info. Whenever this happens, it reports the failure back to the agent.
This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗