← 2.1.0 Primitive inconclusive · runtime-test

PreToolUse updatedInput

Hook succeeds but input not modified as documented.

Across the graph 4 layers

One node in a single signed graph. Here is how this primitive connects across the other layers.

Composed in · workflow recipes 2 of the corpus
Autonomous Permission-Satisfied Tool ChainsAgents can now route tool execution through pre-answered questions without interactive prompts, and filter noisy permission checks via conditional hook rules—enabling fully autonomous multi-tool workflows in headless/scheduled contexts. (untested)
Headless MCP Multi-Server RoutingA single MCP headersHelper script can now route multiple servers by name/URL env-vars, and PreToolUse hooks can satisfy MCP auth questions programmatically—enabling zero-touch delegation to specialized servers in cloud/headless environments. (untested)

A PreToolUse hook can return updatedInput to modify a tool invocation, but tests show the modification is silently ignored when paired with permission decisions.

Feature Intent

The updatedInput field allows middleware hooks in the PreToolUse phase to rewrite the input parameters of a tool call before execution. In theory, a hook can inspect a command like echo hello, return {"permissionDecision": "allow", "updatedInput": {"command": "echo HOOK-MODIFIED"}}, and the hook executes the modified command instead of the original.

Test Setup and Results

A .claude/settings.json hook configured a Bash PreToolUse rule with a command that echoed a valid JSON response containing both permissionDecision: "allow" and updatedInput: {"command": "echo HOOK-MODIFIED"}.

Two tests ran:

  1. Basic echo: Input echo hello → hook reported "succeeded" → actual output: hello (original command)
  2. Guarded command: Input touch /tmp/hook-test.txt → permission prompt showed original path → modification ignored

Both test cases show the same pattern: the hook response validates and reports success, but the updatedInput field has no effect. The original command executes unchanged.

Observations

The hook returns correctly formatted JSON with the right schema. The hook framework recognizes the response as successful. Yet the modification is discarded. This could indicate a parsing bug, incomplete implementation, tool-specific limitations (e.g., only some tools support input rewriting), or missing configuration that the documentation does not surface.

Status

INCONCLUSIVE: The feature does not work as documented, but the root cause remains unclear. Further investigation would require either access to Claude Code runtime source, documentation clarification, or expanded testing across tool types.

Related

Instance-of Event Interposition.

Evidence & receipt
◇ ed25519 receipt
idprimitive_ccb9217f079b1b6d38b3da87
alged25519
pubkey9b87705613b1e2fd064d57fa75a6b679d2856ceafad6b1daa8f982493871b6dd
sig8194265ffca1b6c9b8acc84142e4f7344b3b4b780afbfbc729e2f31119c7c4fdcacebb38ec1e0ec0ce807d957d6be84404ab2f82f773745496ccf5640f95b906

Signed with an ed25519 key held off the repo. Anyone can verify against the published public key; nobody without the secret key can forge it. Click verify: it recomputes the signature in your browser. The signature proves integrity and authorship of this exact content — not a third-party timestamp or that the underlying claim is objectively true. signedAt is when the @f3/attest pipeline ran, not when the work happened; the evidence refs carry the source dates.

Connected
← Browse 2.1.0 Night Zero Work with me