anomalyco
Tool use cannot be prevented early in a session
Description
Following this example from the docs on preventing .env var read access, I created a simple plugin. Surprisingly, it did not work. I simplified the code to investigate.
It seems that when the first message in a session (or immediately following /new) is a request to read a file, the tool.execute.before hook does not fire. For subsequent messages, it works fine.
Plugins
A single line debug plugin as detailed below
OpenCode version
1.0.220
Steps to reproduce
- Create a plugin as follows in any of the allowed locations (I tested {project}/.opencode/plugin and {home}/.config/opencode/plugin
export const DebugPlugin = async ({ project, client, $, directory, worktree }) => {
return {
"tool.execute.before": async (input, output) => {
throw new Error("about to use a tool")
},
}
}
- Start opencode, ask it to read a file. For example, I used the prompt "What's in @example.local.txt".
Expected:
Opencode will run the tool.execute.before hook prior to reading any files, and throw the error.
Actual:
Models will respond with the contents of the file. On subsequent requests they'll typically block it. In the attached screenshot you can see Grok correctly identify that it was blocked from reading, and then return the contents anyway (presumably from the initial interaction).
Screenshot and/or share link
Operating System
macOS 26.1
Terminal
Alacritty
