feat(hooks): Add message:sending pre-send hook event for outbound message interception

[clawdia-saka]

Summary

Request a message:sending hook event that fires before an outbound message is delivered to a channel, enabling hooks to inspect, modify, or block messages before they reach the end user.

Current Behavior

The existing message:sent event fires after delivery. Hooks can only observe — they cannot intervene.

Proposed Behavior

A new message:sending event that fires before delivery, supporting:

1. Inspect — read outbound content for validation
2. Modify — transform content before delivery (e.g., URL rewriting, redaction)
3. Block — prevent delivery entirely when policy violations are detected

const handler = async (event) => {
  if (event.type !== "message" || event.action !== "sending") return;
  
  const text = event.context.message;
  
  // Example: redact potential secrets before delivery
  if (/sk-[a-zA-Z0-9]{20,}|AKIA[A-Z0-9]{16}/i.test(text)) {
    event.blocked = true;
    event.blockReason = "Potential secret detected in outbound message";
  }
  
  // Example: enforce content policy
  if (event.context.policyCheck) {
    const result = await event.context.policyCheck(text);
    if (!result.ok) {
      event.context.message = result.redacted;
    }
  }
};

Use Cases

1. Secret leak prevention — catch accidental API keys, tokens, or credentials before they reach chat channels
2. Content policy enforcement — validate outbound messages against custom rules (PII redaction, required disclaimers, format standards)
3. URL rewriting — transform internal references to public-facing endpoints for remote users
4. Compliance & audit — intercept and redact sensitive content in real-time, not retroactively
5. Multi-tenant isolation — ensure agents do not leak data across tenant boundaries

Design Considerations

• Opt-in: No behavior change for users without message:sending hooks
• Passthrough default: If no hook modifies the message, delivery proceeds unchanged
• Sync execution: Hooks run synchronously in the delivery pipeline (with a reasonable timeout to prevent blocking)
• Ordering: Multiple hooks execute in discovery order; each receives the output of the previous

Context

I built a workspace hook (outbound-guard) for outbound message validation, but the only available event is message:sent — making it a retroactive logger rather than a preventive guard. A pre-send event would make the hooks system significantly more powerful for safety-critical deployments.

[clawdia-saka]

Adding some context from the existing hook architecture:

The inbound message pipeline already has a multi-stage design:
message:received → message:transcribed → message:preprocessed

This gives hooks progressively enriched access to inbound content before the agent processes it.

The outbound side currently only has message:sent (post-delivery). Adding message:sending (pre-delivery) would create a symmetric design:

Inbound: received → transcribed → preprocessed → agent
Outbound: agent → sending (proposed) → sent

This also aligns with the tool_result_persist pattern — a synchronous interception point where hooks can transform content before it is finalized. The message:sending hook could follow the same contract: return modified content or undefined to pass through unchanged.

[darbsllim]

#24618 (comment)

isn't this related?