Control shell commands

Agent support · Hooks & Lifecycle

Dedicated hooks for intercepting shell/terminal command execution — block dangerous commands, audit, or inject env vars

Tool-Specific Hooks Hooks & Lifecycle

Supported

Partial

Unknown

Claude Code Current · May 2026

Cline Current · May 2026

Codex CLI Current · Apr 2026

Copilot Current · Apr 2026

Cursor Current · Apr 2026

Windsurf Current · Apr 2026

2.1.85 - 2.1.143

3.82.0 - 3.83.0

0.117.0 - 0.128.0

2026.03 - 2026.05

2.5 - 3.2

1.13.3 - 2.1.29

2.1.10 - 2.1.84

3.82.0

0.92.0 - 0.116.0

2026.01 - 2026.03

2.4 - 2.5

1.13.3

2.1.10

3.82.0

0.88.0

2025.10

2.4

1.13.3

2.0.51 - 2.1.10

3.82.0

0.77.0 - 0.88.0

2025.10

2.0

1.13.3

2.0.0 - 2.0.51

3.82.0

0.36.0 - 0.77.0

2025.07 - 2025.10

1.7 - 2.0

1.2.1 - 1.12.31

1.0.38 - 1.0.85

3.82.0

0.2.0 - 0.36.0

2025.06 - 2025.07

1.0 - 1.2

1.2.1

0.2.54 - 1.0.0

3.36.0 - 3.82.0

—

2025.06

0.45 - 1.0

1.2.1

0.2.31 - 0.2.54

1.5.0 - 3.33.0

—

0.45

1.0.2 - 1.2.1

Supported by all 6 agents.

HoverTap any cell for version details.

Agent event mapping

claude-code PreToolUse with Bash matcher
cline PreToolUse (on execute_command)
codex-cli PreToolUse (shell-only initially)
cursor beforeShellExecution, afterShellExecution
windsurf pre_run_command, post_run_command

Sub-capabilities

Block dangerous commands before they execute
Cursor: dedicated events with command string in context
Claude Code: uses generic PreToolUse with matcher pattern 'Bash'
Windsurf: dedicated pre_run_command and post_run_command events

What can your agent actually do?

Agent event mapping

Sub-capabilities