Skip to content

feat(plugins): wire up before_tool_call hook for pre-execution validation#2363

Closed
fuushyn wants to merge 3 commits intoopenclaw:mainfrom
fuushyn:feature/wire-before-tool-call-hook
Closed

feat(plugins): wire up before_tool_call hook for pre-execution validation#2363
fuushyn wants to merge 3 commits intoopenclaw:mainfrom
fuushyn:feature/wire-before-tool-call-hook

Conversation

@fuushyn
Copy link

@fuushyn fuushyn commented Jan 26, 2026

Summary

Adds the missing wiring for the before_tool_call plugin hook, enabling plugins to intercept, validate, modify, or block tool calls before execution.

The hook infrastructure (types, runner, handler merging) already existed in src/plugins/hooks.ts but was never actually invoked in the tool execution path. This PR adds the missing piece.

Changes

  • New file: src/agents/pi-tools.before-call-hook.ts

    • wrapToolWithBeforeCallHook() - wraps a single tool
    • wrapToolsWithBeforeCallHook() - wraps all tools in array

  • Modified: src/agents/pi-embedded-runner/run/attempt.ts

    • Wraps tools after sanitization if before_tool_call hooks are registered
    • Only wraps if hooks exist (zero overhead when no plugins use this hook)

Hook Behavior

Plugins can register a before_tool_call handler via api.on("before_tool_call", ...) to:

  1. Allow (default) - tool executes normally
  2. Modify params - return { params: modifiedParams } to change tool arguments
  3. Block - return { block: true, blockReason: "..." } to prevent execution

Example Plugin Usage

api.on("before_tool_call", (event, ctx) => {
  const { toolName, params } = event;
  
  // Block dangerous commands
  if (toolName === "exec" && params.command?.includes("rm -rf /")) {
    return { block: true, blockReason: "Refusing to delete root filesystem" };
  }
  
  // Allow everything else
  return {};
});

Test Plan

  • Verify existing tool_result_persist hook still works
  • Test plugin with before_tool_call handler can log tool calls
  • Test plugin can block tool calls with custom reason
  • Test plugin can modify tool parameters
  • Verify no performance impact when no hooks registered

Closes #1733

Generated with Claude Code

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Jan 26, 2026
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0b0318ad63

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

fuushyn and others added 2 commits January 27, 2026 01:50
@claude
feat(plugins): wire up before_tool_call hook for pre-execution valida…
6e7bfa9 
…tion

Adds the missing wiring for the `before_tool_call` plugin hook, enabling
plugins to intercept, validate, modify, or block tool calls before execution.

The hook infrastructure (types, runner, handler merging) already existed
but was never invoked in the tool execution path. This change:

- Adds `pi-tools.before-call-hook.ts` with tool wrapper functions
- Wraps tools in `attempt.ts` after sanitization if hooks are registered
- Supports three hook actions: allow (default), modify params, or block

Closes openclaw#1733

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@claude
fix: correct types for before_tool_call hook wrapper
50ba466 
- Remove toolCallId from hook context/event (not in type definitions)
- Return proper AgentToolResult structure when blocking
- Import AgentToolResult from pi-agent-core

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@fuushyn fuushyn force-pushed the feature/wire-before-tool-call-hook branch from ac6f05c to 50ba466 Compare January 26, 2026 20:20
@claude
fix: address review feedback
f3fed22 
- Add status='error' to blocked tool results for proper error detection
- Use sessionAgentId instead of agentAccountId for hook context
- Move hook wrapping after resolveSessionAgentIds for correct agent id

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@fuushyn fuushyn force-pushed the feature/wire-before-tool-call-hook branch from 06f9c76 to f3fed22 Compare January 26, 2026 20:23
@sebslight
Copy link
Member

sebslight commented Jan 28, 2026

Closing due to merge conflicts. Please rebase on main and reopen if you'd like to continue with this contribution.

@sebslight sebslight closed this Jan 28, 2026
@xampla xampla mentioned this pull request Feb 1, 2026
Closed
@adam91holt adam91holt mentioned this pull request Feb 2, 2026
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Feature: Add tool:pre event for PreToolUse validation hooks

2 participants

@fuushyn @sebslight