From 88435d6b5169dbf5be88a1cf1af1962e4a3b5260 Mon Sep 17 00:00:00 2001 From: Brydon DeWitt Date: Fri, 22 May 2026 16:42:04 -0400 Subject: [PATCH] fix(hooks): add bash tool name to pre-tool-use hook for OpenCode support OpenCode uses tool name 'bash' (not 'run_in_terminal') for shell execution. The hook was early-exiting for 'bash' tool calls, leaving banned commands unchecked. Added 'bash' to both the inspect allowlist and COMMAND extraction. --- .agents/hooks/pre-tool-use.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.agents/hooks/pre-tool-use.sh b/.agents/hooks/pre-tool-use.sh index 25e0189..4d195e7 100755 --- a/.agents/hooks/pre-tool-use.sh +++ b/.agents/hooks/pre-tool-use.sh @@ -26,7 +26,7 @@ echo "{\"ts\":\"$(date -u +%Y-%m-%dT%H:%M:%SZ)\",\"hook\":\"pre-tool-use\",\"too # Only inspect terminal/execution tools and file-editing tools case "$TOOL_NAME" in - run_in_terminal|execution_subagent|send_to_terminal|\ + bash|run_in_terminal|execution_subagent|send_to_terminal|\ replace_string_in_file|multi_replace_string_in_file|create_file|\ read_file|read|edit) ;; @@ -40,7 +40,7 @@ esac COMMAND="" FILE_PATH="" case "$TOOL_NAME" in - run_in_terminal|execution_subagent|send_to_terminal) + bash|run_in_terminal|execution_subagent|send_to_terminal) COMMAND=$(echo "$INPUT" | node -e " const d = JSON.parse(require('fs').readFileSync('/dev/stdin','utf8')); const i = d.tool_input || {};