feat: enhance hooks with context injection, updated input propagation, and permission scoping

- Add hook context injection and updated input propagation to FilterToolCalls
- Scope permission_mode to relevant hook events (omit for session lifecycle)
- Add Description field to SubagentStart hook input
- Add /exit command for clean session termination
- Add applyUpdatedToolInput for hook-modified tool arguments

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Meng Yan <myan@redhat.com>

Author: yanmxa

internal/agent/executor.go

@@ -303,8 +303,9 @@ func (e *Executor) fireSubagentStart(req AgentRequest, agentHookID string) {
 		return
 	}
 	e.hooks.ExecuteAsync(hooks.SubagentStart, hooks.HookInput{
-		AgentType: req.Agent,
-		AgentID:   agentHookID,
+		AgentType:   req.Agent,
+		AgentID:     agentHookID,
+		Description: req.Description,
 	})
 }
 

internal/app/handler_approval.go

@@ -2,6 +2,7 @@ package app
 
 import (
 	"context"
+	"encoding/json"
 	"strings"
 
 	tea "github.com/charmbracelet/bubbletea"
@@ -103,6 +104,10 @@ func (m *model) checkPermissionHook(req *permission.PermissionRequest) (blocked,
 	if outcome.PermissionAllow {
 		// Apply structured permission updates from hook
 		m.applyPermissionUpdates(outcome.UpdatedPermissions)
+		// Propagate updated input back to the pending tool call
+		if outcome.UpdatedInput != nil {
+			m.applyUpdatedToolInput(outcome.UpdatedInput)
+		}
 		return false, true, outcome.HookSource
 	}
 
@@ -299,6 +304,19 @@ func (m *model) persistAllowRule(req *permission.PermissionRequest) {
 	config.Reload()
 }
 
+// applyUpdatedToolInput marshals the hook-provided input and updates the current
+// pending tool call so the executor uses the modified arguments.
+func (m *model) applyUpdatedToolInput(updated map[string]any) {
+	if m.tool.PendingCalls == nil || m.tool.CurrentIdx >= len(m.tool.PendingCalls) {
+		return
+	}
+	data, err := json.Marshal(updated)
+	if err != nil {
+		return
+	}
+	m.tool.PendingCalls[m.tool.CurrentIdx].Input = string(data)
+}
+
 // togglePermissionPreview toggles the expand state of permission prompt previews.
 func (m *model) togglePermissionPreview() {
 	m.approval.TogglePreview()

internal/app/handler_command.go

@@ -88,6 +88,15 @@ func ExecuteCommand(ctx context.Context, m *model, input string) (string, tea.Cm
 		return "", nil, false
 	}
 
+	// Handle /exit like CC does
+	if cmd == "exit" {
+		if m.conv.Stream.Cancel != nil {
+			m.conv.Stream.Cancel()
+		}
+		m.fireSessionEnd("user_exit")
+		return "", tea.Quit, true
+	}
+
 	handlers := handlerRegistry()
 	if handler, ok := handlers[cmd]; ok {
 		result, followUp, err := handler(ctx, m, args)

internal/app/handler_tool.go

@@ -162,9 +162,17 @@ func (m *model) handleAllToolsCompleted() tea.Cmd {
 
 // filterToolCallsWithHooks runs PreToolUse hooks and filters blocked tools.
 func (m *model) filterToolCallsWithHooks(toolCalls []message.ToolCall) []message.ToolCall {
-	allowed, blocked, hookAllowed := m.loop.FilterToolCalls(context.Background(), toolCalls)
+	allowed, blocked, hookAllowed, hookContext := m.loop.FilterToolCalls(context.Background(), toolCalls)
 	m.tool.HookAllowed = hookAllowed
 
+	// Inject additional context from hooks into conversation
+	if hookContext != "" {
+		m.conv.Append(message.ChatMessage{
+			Role:    message.RoleUser,
+			Content: hookContext,
+		})
+	}
+
 	// Add blocked results as chat messages
 	for _, br := range blocked {
 		m.conv.Append(message.ChatMessage{

internal/core/core.go

@@ -228,7 +228,8 @@ func (l *Loop) Run(ctx context.Context, opts RunOptions) (*Result, error) {
 		}
 
 		// --- 5. Filter through hooks ---
-		allowed, blocked, _ := l.FilterToolCalls(ctx, decision.ToolCalls)
+		allowed, blocked, _, hookContext := l.FilterToolCalls(ctx, decision.ToolCalls)
+		_ = hookContext // context injection handled by incremental callers
 		for _, br := range blocked {
 			l.AddToolResult(br)
 		}
@@ -394,12 +395,13 @@ func (l *Loop) AddToolResult(r message.ToolResult) {
 // --- Tool dispatch ---
 
 // FilterToolCalls runs PreToolUse hooks, returning allowed tool calls, blocked results,
-// and a set of tool call IDs that hooks explicitly allowed (can skip permission prompts).
+// a set of tool call IDs that hooks explicitly allowed (can skip permission prompts),
+// and any additional context injected by hooks.
 func (l *Loop) FilterToolCalls(ctx context.Context, calls []message.ToolCall) (
-	allowed []message.ToolCall, blocked []message.ToolResult, hookAllowed map[string]bool,
+	allowed []message.ToolCall, blocked []message.ToolResult, hookAllowed map[string]bool, additionalContext string,
 ) {
 	if l.Hooks == nil {
-		return calls, nil, nil
+		return calls, nil, nil, ""
 	}
 
 	hookAllowed = make(map[string]bool)
@@ -423,13 +425,21 @@ func (l *Loop) FilterToolCalls(ctx context.Context, calls []message.ToolCall) (
 			}
 		}
 
+		if outcome.AdditionalContext != "" {
+			if additionalContext == "" {
+				additionalContext = outcome.AdditionalContext
+			} else {
+				additionalContext += "\n" + outcome.AdditionalContext
+			}
+		}
+
 		if outcome.PermissionAllow {
 			hookAllowed[tc.ID] = true
 		}
 
 		allowed = append(allowed, tc)
 	}
-	return allowed, blocked, hookAllowed
+	return allowed, blocked, hookAllowed, additionalContext
 }
 
 // firePostToolHook fires PostToolUse or PostToolUseFailure hooks after tool execution.

internal/core/core_test.go

@@ -356,7 +356,7 @@ func TestFilterToolCallsNoHooks(t *testing.T) {
 		{ID: "t2", Name: "Write"},
 	}
 
-	allowed, blocked, _ := loop.FilterToolCalls(context.Background(), calls)
+	allowed, blocked, _, _ := loop.FilterToolCalls(context.Background(), calls)
 	if len(allowed) != 2 {
 		t.Errorf("expected 2 allowed, got %d", len(allowed))
 	}

internal/hooks/engine.go

@@ -170,12 +170,20 @@ func (e *Engine) SetTranscriptPath(path string) {
 }
 
 // populateInputFields fills common fields in hook input.
+// permission_mode is only set for events where it's contextually relevant,
+// matching Claude Code's behavior (session lifecycle events omit it).
 func (e *Engine) populateInputFields(input *HookInput, event EventType) {
 	input.SessionID = e.sessionID
 	input.TranscriptPath = e.transcriptPath
 	input.Cwd = e.cwd
-	input.PermissionMode = e.permissionMode
 	input.HookEventName = string(event)
+
+	switch event {
+	case SessionStart, SessionEnd, Notification, SubagentStart, PreCompact:
+		// These events don't include permission_mode (matches CC behavior)
+	default:
+		input.PermissionMode = e.permissionMode
+	}
 }
 
 // extractCommands filters and returns command-type hooks.

internal/hooks/types.go

@@ -27,7 +27,7 @@ type HookInput struct {
 	SessionID      string `json:"session_id"`
 	TranscriptPath string `json:"transcript_path"`
 	Cwd            string `json:"cwd"`
-	PermissionMode string `json:"permission_mode"`
+	PermissionMode string `json:"permission_mode,omitempty"`
 	HookEventName  string `json:"hook_event_name"`
 
 	// Tool events
@@ -52,6 +52,7 @@ type HookInput struct {
 	// Agent events
 	AgentID             string `json:"agent_id,omitempty"`
 	AgentType           string `json:"agent_type,omitempty"`
+	Description         string `json:"description,omitempty"`
 	AgentTranscriptPath string `json:"agent_transcript_path,omitempty"`
 	StopHookActive      bool   `json:"stop_hook_active,omitempty"`