permissionCheckHook static method

HookRegistration permissionCheckHook({ required bool isPermitted(String toolName, Map<String, dynamic> input), })

Hook that checks permission rules before tool execution.

Returns HookAbort if the tool is not permitted, HookContinue otherwise. Runs at HookPriority.critical.

Implementation

static HookRegistration permissionCheckHook({
  required bool Function(String toolName, Map<String, dynamic> input)
  isPermitted,
}) {
  return HookRegistration(
    id: 'builtin:permission-check',
    type: HookType.preToolExecution,
    priority: HookPriority.critical,
    name: 'Permission Check',
    description: 'Checks permission rules before tool execution.',
    source: 'builtin',
    tags: {'security', 'permission'},
    handler: (context) {
      if (context is! ToolHookContext) return const HookContinue();
      final permitted = isPermitted(context.toolName, context.toolInput);
      if (!permitted) {
        return HookAbort('Permission denied for tool "${context.toolName}"');
      }
      return const HookContinue();
    },
  );
}