Feature hasn't been suggested before.
Describe the enhancement you want to request
The tool.execute.before hook can inspect and mutate tool args, or block execution by throwing, but it can't defer to the user for approval.
Without this, plugins that implement policy engines have no way to do "stop and ask", only hard-block or silent-allow.
Plugin-defined tools already get ask() via ToolContext, so the precedent exists.
The fix is small: pass ask on the hook's input object at the three trigger sites in prompt.ts, and extend the type in packages/plugin/src/index.ts.
Related to #19469 and #7006 but distinct, those wire the permission.ask hook to intercept existing permission checks; this exposes ask() on tool.execute.before so plugins can initiate permission requests.
Feature hasn't been suggested before.
Describe the enhancement you want to request
The
tool.execute.beforehook can inspect and mutate tool args, or block execution by throwing, but it can't defer to the user for approval.Without this, plugins that implement policy engines have no way to do "stop and ask", only hard-block or silent-allow.
Plugin-defined tools already get
ask()viaToolContext, so the precedent exists.The fix is small: pass ask on the hook's input object at the three trigger sites in
prompt.ts, and extend the type inpackages/plugin/src/index.ts.Related to #19469 and #7006 but distinct, those wire the permission.ask hook to intercept existing permission checks; this exposes
ask()ontool.execute.beforeso plugins can initiate permission requests.