Summary
When a preToolUse hook rewrites a command using updatedInput with permissionDecision: allow, Copilot CLI v1.0.24 still shows an interactive confirmation dialog to the user on every rewritten command. There is currently no way for a hook to silently rewrite a command.
Environment
- Copilot CLI version:
1.0.24
- OS: Linux
Context
Consider a tool that automatically prepends a proxy prefix to dev commands (e.g. git status → proxy git status) to reduce LLM token consumption. Users install a preToolUse hook so the agent's commands are transparently rewritten without friction.
Before v1.0.24, updatedInput was not supported in Copilot CLI (#2013), so the hook used deny-with-suggestion as a workaround. When v1.0.24 shipped updatedInput support, the hook was upgraded to use updatedInput + permissionDecision: allow.
What I expected
A hook returning:
{
"hookSpecificOutput": {
"hookEventName": "PreToolUse",
"permissionDecision": "allow",
"permissionDecisionReason": "proxy auto-rewrite",
"updatedInput": {
"command": "proxy git status",
"description": "check repo status"
}
}
}should silently rewrite the command and run it — no confirmation needed, since:
- The user explicitly installed the hook (opt-in)
permissionDecision is allow- The rewrite is mechanical (just prepending a proxy prefix)
What happened instead
Copilot CLI shows a confirmation dialog on every rewritten command:
╭─────────────────────────────────────────────────────╮
│ Hook permission request │
│ ⚠ proxy auto-rewrite │
│ │
│ Tool: bash │
│ Args: {"command": "proxy git status", ...} │
│ │
│ Do you want to allow this tool call? │
╰─────────────────────────────────────────────────────╯
This dialog appears for every single command the agent runs that gets rewritten — making the hook more disruptive than the old deny-with-suggestion workaround.
Proposed solution
Add a way for hooks to indicate a rewrite should be applied silently. Options:
Option A — permissionDecision: allow should suppress the dialog (most intuitive):
If the hook already decided allow, no confirmation should be needed.
Option B — New field showConfirmation: false:
{
"hookSpecificOutput": {
"permissionDecision": "allow",
"updatedInput": { ... },
"showConfirmation": false
}
}Option C — New permissionDecision value "silent-allow" or "allow-silent"
Option A seems most consistent with the existing semantics — allow already means the hook approved it.
Impact
Without silent rewrite, updatedInput is not practical for high-frequency mechanical rewrites (like token optimization proxies). The old deny-with-suggestion workaround was less disruptive because denials are handled gracefully by the agent without surfacing a modal to the user.
cc @MRayermannMSFT (from #2013)
Summary
When a
preToolUsehook rewrites a command usingupdatedInputwithpermissionDecision: allow, Copilot CLI v1.0.24 still shows an interactive confirmation dialog to the user on every rewritten command. There is currently no way for a hook to silently rewrite a command.Environment
1.0.24Context
Consider a tool that automatically prepends a proxy prefix to dev commands (e.g.
git status→proxy git status) to reduce LLM token consumption. Users install apreToolUsehook so the agent's commands are transparently rewritten without friction.Before v1.0.24,
updatedInputwas not supported in Copilot CLI (#2013), so the hook used deny-with-suggestion as a workaround. When v1.0.24 shippedupdatedInputsupport, the hook was upgraded to useupdatedInput+permissionDecision: allow.What I expected
A hook returning:
{ "hookSpecificOutput": { "hookEventName": "PreToolUse", "permissionDecision": "allow", "permissionDecisionReason": "proxy auto-rewrite", "updatedInput": { "command": "proxy git status", "description": "check repo status" } } }should silently rewrite the command and run it — no confirmation needed, since:
permissionDecisionisallowWhat happened instead
Copilot CLI shows a confirmation dialog on every rewritten command:
This dialog appears for every single command the agent runs that gets rewritten — making the hook more disruptive than the old deny-with-suggestion workaround.
Proposed solution
Add a way for hooks to indicate a rewrite should be applied silently. Options:
Option A —
permissionDecision: allowshould suppress the dialog (most intuitive):Option B — New field
showConfirmation: false:{ "hookSpecificOutput": { "permissionDecision": "allow", "updatedInput": { ... }, "showConfirmation": false } }Option C — New
permissionDecisionvalue"silent-allow"or"allow-silent"Option A seems most consistent with the existing semantics —
allowalready means the hook approved it.Impact
Without silent rewrite,
updatedInputis not practical for high-frequency mechanical rewrites (like token optimization proxies). The old deny-with-suggestion workaround was less disruptive because denials are handled gracefully by the agent without surfacing a modal to the user.cc @MRayermannMSFT (from #2013)