feat: enhance hooks with LLM feedback capabilities (#112)

* feat: enhance hooks with LLM feedback capabilities

- Add new HookOutput fields for LLM interaction (feedback, context, systemPrompt, modifyInput/Output)
- Implement Continue functionality to gracefully stop sessions from hooks
- Implement SuppressOutput to hide tool results from user display
- Add UserPromptSubmit context injection to provide additional context to LLM
- Update mergeHookOutputs to handle new fields
- Add comprehensive unit tests for new hook output processing
- Create example Python hook demonstrating LLM feedback features

This enhancement allows hooks to:
- Provide feedback and context that reaches the LLM
- Modify tool inputs/outputs before processing
- Control session flow with Continue field
- Suppress output display while still sending to LLM
- Inject system prompts and context for better LLM responses

🤖 Generated with [opencode](https://opencode.ai)

Co-Authored-By: opencode <[email protected]>

* fix: make tool blocking visible to LLM

When a PreToolUse hook blocks a tool execution, the LLM now receives an error message
indicating the tool was blocked, allowing it to adapt its approach.

Changes:
- Track when tools are blocked by PreToolUse hooks
- Replace tool execution results with error messages when blocked
- Add test to verify blocking functionality
- Add ToolBlockChecker type for future enhancements

This ensures the LLM is aware when its tool calls are blocked by security policies
and can respond appropriately rather than being unaware of the block.

🤖 Generated with [opencode](https://opencode.ai)

Co-Authored-By: opencode <[email protected]>

* refactor: remove unimplemented LLM feedback fields

Removed the following unimplemented fields from HookOutput:
- Feedback
- Context
- SystemPrompt
- ModifyInput
- ModifyOutput

These fields were added speculatively but not fully implemented.
Keeping only the working functionality:
- Continue/StopReason for session control
- SuppressOutput for hiding tool results
- Decision/Reason for blocking tools

The critical tool blocking visibility feature remains intact.

🤖 Generated with [opencode](https://opencode.ai)

Co-Authored-By: opencode <[email protected]>

---------

Co-authored-by: opencode <[email protected]>

Author: ezynda3

cmd/root.go

@@ -822,6 +822,8 @@ func runAgenticStep(ctx context.Context, mcpAgent *agent.Agent, cli *ui.CLI, mes
 	// Variables to store tool information for hooks
 	var currentToolName string
 	var currentToolArgs string
+	var toolIsBlocked bool
+	var blockReason string
 
 	result, err := mcpAgent.GenerateWithLoopAndStreaming(ctx, messages,
 		// Tool call handler - called when a tool is about to be executed
@@ -860,10 +862,13 @@ func runAgenticStep(ctx context.Context, mcpAgent *agent.Agent, cli *ui.CLI, mes
 
 					// Check if hook blocked the execution
 					if hookOutput != nil && hookOutput.Decision == "block" {
-						// We need a way to cancel the tool execution
-						// For now, just log it
+						toolIsBlocked = true
+						blockReason = hookOutput.Reason
+						if blockReason == "" {
+							blockReason = "Tool execution blocked by security policy"
+						}
 						if !config.Quiet && cli != nil {
-							cli.DisplayInfo(fmt.Sprintf("Tool execution blocked by hook: %s", hookOutput.Reason))
+							cli.DisplayInfo(fmt.Sprintf("Tool execution blocked by hook: %s", blockReason))
 						}
 					}
 				}
@@ -883,7 +888,28 @@ func runAgenticStep(ctx context.Context, mcpAgent *agent.Agent, cli *ui.CLI, mes
 		},
 		// Tool result handler - called when a tool execution completes
 		func(toolName, toolArgs, result string, isError bool) {
+			// Check if this tool was blocked
+			if toolIsBlocked {
+				// Reset the flag for next tool
+				toolIsBlocked = false
+
+				// Override the result with a block message
+				blockedResult := fmt.Sprintf(`{"error": "Tool execution blocked", "message": "%s"}`, blockReason)
+				result = blockedResult
+				isError = true
+
+				// Display the blocked message
+				if !config.Quiet && cli != nil {
+					cli.DisplayToolMessage(toolName, toolArgs, fmt.Sprintf("Tool execution blocked: %s", blockReason), true)
+				}
+
+				// Reset block reason
+				blockReason = ""
+				return
+			}
+
 			// Execute PostToolUse hooks
+			var postToolHookOutput *hooks.HookOutput
 			if hookExecutor != nil && result != "" {
 				input := &hooks.PostToolUseInput{
 					CommonInput:  hookExecutor.PopulateCommonFields(hooks.PostToolUse),
@@ -892,13 +918,21 @@ func runAgenticStep(ctx context.Context, mcpAgent *agent.Agent, cli *ui.CLI, mes
 					ToolResponse: json.RawMessage(result),
 				}
 
-				_, err := hookExecutor.ExecuteHooks(ctx, hooks.PostToolUse, input)
+				hookOutput, err := hookExecutor.ExecuteHooks(ctx, hooks.PostToolUse, input)
 				if err != nil {
 					// Log error but don't fail
 					if debugMode {
 						fmt.Fprintf(os.Stderr, "PostToolUse hook execution error: %v\n", err)
 					}
 				}
+				postToolHookOutput = hookOutput
+			}
+
+			// Check if hook wants to suppress output
+			if postToolHookOutput != nil && postToolHookOutput.SuppressOutput {
+				// Skip displaying tool result to user
+				// Note: Result still goes to LLM unless ModifyOutput is used
+				return
 			}
 
 			if !config.Quiet && cli != nil {
@@ -1110,8 +1144,15 @@ func runInteractiveLoop(ctx context.Context, mcpAgent *agent.Agent, cli *ui.CLI,
 				}
 				continue // Skip this prompt
 			}
-		}
 
+			// Check if hook wants to stop the session
+			if hookOutput != nil && hookOutput.Continue != nil && !*hookOutput.Continue {
+				if hookOutput.StopReason != "" {
+					cli.DisplayInfo(fmt.Sprintf("Session ended by hook: %s", hookOutput.StopReason))
+				}
+				return nil // Exit interactive loop gracefully
+			}
+		}
 		// Handle slash commands
 		if cli.IsSlashCommand(prompt) {
 			result := cli.HandleSlashCommand(prompt, config.ServerNames, config.ToolNames)
@@ -1133,7 +1174,6 @@ func runInteractiveLoop(ctx context.Context, mcpAgent *agent.Agent, cli *ui.CLI,
 
 		// Create temporary messages with user input for processing
 		tempMessages := append(messages, schema.UserMessage(prompt))
-
 		// Process the user input with tool calls
 		_, conversationMessages, err := runAgenticStep(ctx, mcpAgent, cli, tempMessages, config, hookExecutor)
 		if err != nil {

internal/hooks/executor_test.go

@@ -191,3 +191,58 @@ func compareHookOutputs(a, b *HookOutput) bool {
 		a.Decision == b.Decision &&
 		a.Reason == b.Reason
 }
+
+func TestToolBlocking(t *testing.T) {
+	// Create test script that blocks bash tool
+	tmpDir := t.TempDir()
+
+	blockBashScript := filepath.Join(tmpDir, "block_bash.sh")
+	if err := os.WriteFile(blockBashScript, []byte(`#!/bin/bash
+echo '{"decision": "block", "reason": "Bash commands are not allowed for security reasons"}'
+`), 0755); err != nil {
+		t.Fatalf("failed to create block bash script: %v", err)
+	}
+
+	config := &HookConfig{
+		Hooks: map[HookEvent][]HookMatcher{
+			PreToolUse: {{
+				Matcher: "bash",
+				Hooks: []HookEntry{{
+					Type:    "command",
+					Command: blockBashScript,
+				}},
+			}},
+		},
+	}
+
+	executor := NewExecutor(config, "test-session", "/tmp/test.jsonl")
+
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+
+	input := &PreToolUseInput{
+		CommonInput: CommonInput{HookEventName: PreToolUse},
+		ToolName:    "bash",
+		ToolInput:   json.RawMessage(`{"command": "ls -la"}`),
+	}
+
+	got, err := executor.ExecuteHooks(ctx, PreToolUse, input)
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	// Verify the hook blocked the tool
+	if got == nil {
+		t.Fatal("expected hook output, got nil")
+	}
+
+	if got.Decision != "block" {
+		t.Errorf("expected decision 'block', got '%s'", got.Decision)
+	}
+
+	if got.Reason != "Bash commands are not allowed for security reasons" {
+		t.Errorf("unexpected reason: %s", got.Reason)
+	}
+
+	// Continue field is optional for JSON output (only set for exit code 2)
+}