Example:
When a PreToolUse hook returns {“overwrite”: {“name”: “run_command”, “args”: {“CommandLine”: “rtk git status”, …}}}, the permission review for user (shown when toolPermission=request-review) fires on the original tool call, not the overwritten one.
Evidence:
The user’s approval grants command(git), not command(rtk), even though the overwrite replaced the command with rtk git status. The overwritten command is silently discarded.
Expected:
When a hook provides an overwrite, the permission review (if required) should evaluate the overwritten tool call or allow to skip the review entirely, since a trusted hook already made the decision.
Current workaround:
Hooks must deny the original command with a denyReason that names the replacement. The model reads the reason and retries directly. This works, but requires the model to make an extra actions, adds latency, and depends on model comprehension rather than the hook API doing its job.
Tested in Antigravity CLI 1.0.2. toolPermission=request-review, json_hook_caller.go:144.