Support authoritative `allow`, `deny`, and `ask` verdicts from hooks

ragnoroct · May 22, 2026, 5:29pm

Feature request for product/service

Cursor IDE

Describe the request

Feature request: make hook verdicts authoritative so preToolUse can force allow, deny, or ask, with priority over permissions.json and stored IDE allowlists.

Today preToolUse hooks can return allow, deny, and ask, but only deny meaningfully changes what runs. allow and ask do not override permissions.json or persisted IDE allowlist state such as state.vscdb.

This would let project hooks define real policy. Require approval for sensitive commands, block risky ones, and bypass auto-run when appropriate without fighting the existing prefix-only permission stack.

Operating System (if it applies)

Linux

Colin · May 23, 2026, 10:50am

Hey @ragnoroct!

Thanks for the feedback. We have an open bug ticket for fixing this for preToolUse, as right now only deny is respected. I added your report and bumped up the priority (we’ve had a couple reports).

Topic		Replies	Views
Hooks return ALLOW but MCP tool still requires manual approval / gets skipped Bug Reports mcp , auto-run , hooks	1	91	March 21, 2026
The cursor hooks did not execute as expected Bug Reports mcp , auto-run , hooks	2	113	March 26, 2026
beforeShellExecution returns permission: "ask" but sandboxed Agent shell still runs the command (sandbox: true) Bug Reports sandbox , terminal , auto-run , hooks	2	98	March 23, 2026
Hook return value "ask" has no practical effect Bug Reports sandbox , auto-run , hooks	2	100	February 23, 2026
Expose agent approval waiting state via hooks / CLI events Feature Requests auto-run , hooks	0	36	May 6, 2026

Support authoritative `allow`, `deny`, and `ask` verdicts from hooks

Feature request for product/service

Describe the request

Operating System (if it applies)

Related topics