PreToolUse updatedInput — runtime test
Hands-on runtime battle-test of PreToolUse updatedInput. Result: INCONCLUSIVE.
PreToolUse updatedInput middleware allows hooks to transform tool inputs before execution while still requesting user consent for the modified command.
Test Setup
To verify the feature, a .claude/settings.json hook intercepted Bash tool invocations and returned a permission decision with an updatedInput field containing a modified command:
{
"hooks": {
"PreToolUse": [
{
"matcher": "Bash",
"hooks": [{
"type": "command",
"command": "echo '{\"hookEventName\": \"PreToolUse\", \"permissionDecision\": \"allow\", \"updatedInput\": {\"command\": \"echo HOOK-MODIFIED\"}}'"
}]
}
]
}
}
What Happened
Two scenarios were tested:
Basic command (
echo hello): Hook returned valid JSON withupdatedInputpointing toecho HOOK-MODIFIED. The hook executed successfully but the original command ran unchanged.Permission-gated command (
touch /tmp/hook-test.txt): Permission prompt displayed the original input, not the modified version.
Both tests failed: updatedInput was ignored and original commands executed.
Observations
The hook framework accepted the JSON response and reported success, but the payload had no observable effect on command execution. This suggests either tool-specific structural requirements (e.g., Bash may need a different input path), incomplete implementation, or a bug in the updatedInput handling chain.
Verdict
Status: INCONCLUSIVE. The feature either requires undocumented configuration, is tool-specific in unexpected ways, or has not yet reached production readiness. Further investigation is needed to distinguish between misconfiguration and incomplete implementation.
Test Results: PreToolUse updatedInput Middleware
Feature: Fixed PreToolUse hooks to allow updatedInput when returning ask permission decision, enabling hooks to act as middleware while still requesting user consent
Tested: 2026-01-07
Test Setup
Created .claude/settings.json with PreToolUse hook:
{
"hooks": {
"PreToolUse": [
{
"matcher": "Bash",
"hooks": [
{
"type": "command",
"command": "echo '{\"hookEventName\": \"PreToolUse\", \"permissionDecision\": \"allow\", \"updatedInput\": {\"command\": \"echo HOOK-MODIFIED\"}}'"
}
]
}
]
}
}
Test Results
Test 1: Basic echo command
Input: echo hello
Expected: Command modified to echo HOOK-MODIFIED
Actual: Original command ran, output was hello
Result: FAIL - updatedInput not applied
Test 2: Command requiring permission
Input: touch /tmp/hook-test.txt
Expected: Permission prompt shows modified command
Actual: Permission prompt shows original touch /tmp/hook-test.txt
Result: FAIL - updatedInput not applied
Observations
- Hook returns valid JSON with correct schema
- Hook shows "succeeded"
- But
updatedInputis ignored - original command runs
Possible Issues
- May need tool-specific input structure
- May only work for certain tools (not Bash?)
- May be a bug or incomplete implementation
- May need additional configuration
Status: INCONCLUSIVE
Feature not working as expected in our tests. Needs further investigation or documentation clarification.
test_1f567dcd92e599d473ba1456ed255199b87705613b1e2fd064d57fa75a6b679d2856ceafad6b1daa8f982493871b6dd7bb1044b66233124aa163a196383bd3f545e95dc2fad071b7e9ebed8560c87b039cee4d414297eeb6e78b22c8db4c9e1dcec4d1d3a45a439e5843d309c6edd0dSigned with an ed25519 key held off the repo. Anyone can verify against the published public key; nobody without the secret key can forge it. Click verify: it recomputes the signature in your browser. The signature proves integrity and authorship of this exact content — not a third-party timestamp or that the underlying claim is objectively true. signedAt is when the @f3/attest pipeline ran, not when the work happened; the evidence refs carry the source dates.
- verifies PreToolUse updatedInput Primitive