Validate VS Code hookEventName against CLI subcommand

- Add VS Code hookEventName constants from official docs
- Validate hookEventName matches the invoked CLI hook for VS Code
  payloads; silently skip mismatches instead of processing them
- Fix test fixtures: VS Code sends "Stop" (not "SessionEnd") for both
  agent-stop and session-end hooks
- Strengthen assertNoParseFailure to catch warning text in stderr
- Refactor ParseHookEvent to read envelope once and dispatch to builders

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Entire-Checkpoint: b42218d939a1

Author: peyton-alt

cmd/entire/cli/agent/copilotcli/compat.go

@@ -16,6 +16,34 @@ const (
 	HostVSCode     HookHost = "vscode"
 )
 
+// VS Code hookEventName values (from official VS Code docs).
+// See: https://code.visualstudio.com/docs/copilot/customization/hooks
+const (
+	VSCodeEventSessionStart     = "SessionStart"
+	VSCodeEventUserPromptSubmit = "UserPromptSubmit"
+	VSCodeEventStop             = "Stop"
+	VSCodeEventPreToolUse       = "PreToolUse"
+	VSCodeEventPostToolUse      = "PostToolUse"
+	VSCodeEventPreCompact       = "PreCompact"
+	VSCodeEventSubagentStart    = "SubagentStart"
+	VSCodeEventSubagentStop     = "SubagentStop"
+)
+
+// vsCodeEventToHookNames maps each VS Code hookEventName to the CLI hook name(s)
+// that are allowed to carry that event. "Stop" maps to both agent-stop and
+// session-end because VS Code uses a single Stop event where Copilot CLI
+// distinguishes the two.
+var vsCodeEventToHookNames = map[string][]string{
+	VSCodeEventUserPromptSubmit: {HookNameUserPromptSubmitted},
+	VSCodeEventSessionStart:     {HookNameSessionStart},
+	VSCodeEventStop:             {HookNameAgentStop, HookNameSessionEnd},
+	VSCodeEventSubagentStop:     {HookNameSubagentStop},
+	VSCodeEventPreToolUse:       {HookNamePreToolUse},
+	VSCodeEventPostToolUse:      {HookNamePostToolUse},
+	VSCodeEventPreCompact:       {},
+	VSCodeEventSubagentStart:    {},
+}
+
 type hookEnvelope struct {
 	Host           HookHost
 	SessionID      string
@@ -134,3 +162,19 @@ func isJSONNumber(raw json.RawMessage) bool {
 	var n int64
 	return json.Unmarshal(raw, &n) == nil
 }
+
+// validateVSCodeEvent checks whether the hookEventName is consistent with the
+// CLI hook subcommand that was invoked. Returns true if the event should be
+// processed, false if it should be silently skipped (mismatch or unknown event).
+func validateVSCodeEvent(hookEventName, hookName string) bool {
+	allowedHooks, known := vsCodeEventToHookNames[hookEventName]
+	if !known {
+		return false
+	}
+	for _, allowed := range allowedHooks {
+		if allowed == hookName {
+			return true
+		}
+	}
+	return false
+}

cmd/entire/cli/agent/copilotcli/lifecycle.go

@@ -41,34 +41,53 @@ func (c *CopilotCLIAgent) HookNames() []string {
 
 // ParseHookEvent translates a Copilot CLI hook into a normalized lifecycle Event.
 // Returns nil if the hook has no lifecycle significance (pass-through hooks).
+//
+// For VS Code payloads (detected via hookEventName), the event name is validated
+// against the CLI subcommand. Mismatches are silently skipped to avoid processing
+// a payload that doesn't match the hook being invoked.
 func (c *CopilotCLIAgent) ParseHookEvent(ctx context.Context, hookName string, stdin io.Reader) (*agent.Event, error) {
+	// Pass-through hooks: skip immediately without reading stdin.
+	switch hookName {
+	case HookNamePreToolUse, HookNamePostToolUse, HookNameErrorOccurred:
+		return nil, nil //nolint:nilnil // Pass-through hooks have no lifecycle action
+	}
+
+	// For lifecycle hooks, read and parse the envelope first so we can
+	// validate VS Code hookEventName before constructing an event.
+	env, err := c.readHookEnvelope(stdin)
+	if err != nil {
+		return nil, err
+	}
+
+	// VS Code payloads: validate hookEventName matches the CLI subcommand.
+	if env.Host == HostVSCode && env.HookEventName != "" {
+		if !validateVSCodeEvent(env.HookEventName, hookName) {
+			logging.Debug(ctx, "copilot-cli: skipping VS Code event with mismatched hookEventName",
+				"hookEventName", env.HookEventName, "hookName", hookName)
+			return nil, nil //nolint:nilnil // Mismatched VS Code event — skip silently.
+		}
+	}
+
 	switch hookName {
 	case HookNameUserPromptSubmitted:
-		return c.parseUserPromptSubmitted(ctx, stdin)
+		return c.buildUserPromptSubmitted(ctx, env), nil
 	case HookNameSessionStart:
-		return c.parseSessionStart(stdin)
+		return c.buildSessionStart(env), nil
 	case HookNameAgentStop:
-		return c.parseAgentStop(ctx, stdin)
+		return c.buildAgentStop(ctx, env), nil
 	case HookNameSessionEnd:
-		return c.parseSessionEnd(stdin)
+		return c.buildSessionEnd(env), nil
 	case HookNameSubagentStop:
-		return c.parseSubagentStop(stdin)
-	case HookNamePreToolUse, HookNamePostToolUse, HookNameErrorOccurred:
-		return nil, nil //nolint:nilnil // Pass-through hooks have no lifecycle action
+		return c.buildSubagentStop(env), nil
 	default:
 		logging.Debug(ctx, "copilot-cli: ignoring unknown hook", "hook", hookName)
 		return nil, nil //nolint:nilnil // Unknown hooks have no lifecycle action
 	}
 }
 
-// --- Internal hook parsing functions ---
-
-func (c *CopilotCLIAgent) parseUserPromptSubmitted(ctx context.Context, stdin io.Reader) (*agent.Event, error) {
-	env, err := c.readHookEnvelope(stdin)
-	if err != nil {
-		return nil, err
-	}
+// --- Internal event builders (envelope already parsed) ---
 
+func (c *CopilotCLIAgent) buildUserPromptSubmitted(ctx context.Context, env *hookEnvelope) *agent.Event {
 	transcriptRef := env.TranscriptPath
 	if transcriptRef == "" {
 		transcriptRef = c.resolveTranscriptRef(ctx, env.SessionID)
@@ -80,28 +99,18 @@ func (c *CopilotCLIAgent) parseUserPromptSubmitted(ctx context.Context, stdin io
 		SessionRef: transcriptRef,
 		Prompt:     env.Prompt,
 		Timestamp:  env.Timestamp,
-	}, nil
+	}
 }
 
-func (c *CopilotCLIAgent) parseSessionStart(stdin io.Reader) (*agent.Event, error) {
-	env, err := c.readHookEnvelope(stdin)
-	if err != nil {
-		return nil, err
-	}
+func (c *CopilotCLIAgent) buildSessionStart(env *hookEnvelope) *agent.Event {
 	return &agent.Event{
 		Type:      agent.SessionStart,
 		SessionID: env.SessionID,
 		Timestamp: env.Timestamp,
-	}, nil
-}
-
-func (c *CopilotCLIAgent) parseAgentStop(ctx context.Context, stdin io.Reader) (*agent.Event, error) {
-	env, err := c.readHookEnvelope(stdin)
-	if err != nil {
-		return nil, err
 	}
+}
 
-	// Extract model from transcript (Copilot CLI hooks don't include model)
+func (c *CopilotCLIAgent) buildAgentStop(ctx context.Context, env *hookEnvelope) *agent.Event {
 	var model string
 	if env.TranscriptPath != "" {
 		model = ExtractModelFromTranscript(ctx, env.TranscriptPath)
@@ -113,31 +122,23 @@ func (c *CopilotCLIAgent) parseAgentStop(ctx context.Context, stdin io.Reader) (
 		SessionRef: env.TranscriptPath,
 		Model:      model,
 		Timestamp:  env.Timestamp,
-	}, nil
+	}
 }
 
-func (c *CopilotCLIAgent) parseSessionEnd(stdin io.Reader) (*agent.Event, error) {
-	env, err := c.readHookEnvelope(stdin)
-	if err != nil {
-		return nil, err
-	}
+func (c *CopilotCLIAgent) buildSessionEnd(env *hookEnvelope) *agent.Event {
 	return &agent.Event{
 		Type:      agent.SessionEnd,
 		SessionID: env.SessionID,
 		Timestamp: env.Timestamp,
-	}, nil
+	}
 }
 
-func (c *CopilotCLIAgent) parseSubagentStop(stdin io.Reader) (*agent.Event, error) {
-	env, err := c.readHookEnvelope(stdin)
-	if err != nil {
-		return nil, err
-	}
+func (c *CopilotCLIAgent) buildSubagentStop(env *hookEnvelope) *agent.Event {
 	return &agent.Event{
 		Type:      agent.SubagentEnd,
 		SessionID: env.SessionID,
 		Timestamp: env.Timestamp,
-	}, nil
+	}
 }
 
 func (c *CopilotCLIAgent) readHookEnvelope(stdin io.Reader) (*hookEnvelope, error) {

cmd/entire/cli/agent/copilotcli/lifecycle_test.go

@@ -247,7 +247,8 @@ func TestParseHookEvent_SessionEnd_VSCodePayload(t *testing.T) {
 	t.Parallel()
 
 	ag := &CopilotCLIAgent{}
-	input := `{"timestamp":"2026-02-09T10:30:00.000Z","cwd":"/path/to/repo","sessionId":"` + testSessionID + `","hookEventName":"SessionEnd","reason":"complete"}`
+	// VS Code uses "Stop" for both agent-stop and session-end hooks.
+	input := `{"timestamp":"2026-02-09T10:30:00.000Z","cwd":"/path/to/repo","sessionId":"` + testSessionID + `","hookEventName":"Stop","reason":"complete"}`
 
 	event, err := ag.ParseHookEvent(context.Background(), HookNameSessionEnd, strings.NewReader(input))
 
@@ -263,6 +264,39 @@ func TestParseHookEvent_SessionEnd_VSCodePayload(t *testing.T) {
 	}
 }
 
+func TestParseHookEvent_VSCodeMismatchedHookEventName_ReturnsNil(t *testing.T) {
+	t.Parallel()
+
+	ag := &CopilotCLIAgent{}
+	// VS Code sends "SessionStart" but the CLI subcommand is "agent-stop" — mismatch.
+	input := `{"timestamp":"2026-02-09T10:30:00.000Z","cwd":"/path/to/repo","sessionId":"` + testSessionID + `","hookEventName":"SessionStart","transcript_path":"/tmp/t.json"}`
+
+	event, err := ag.ParseHookEvent(context.Background(), HookNameAgentStop, strings.NewReader(input))
+
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if event != nil {
+		t.Errorf("expected nil event for mismatched hookEventName, got %+v", event)
+	}
+}
+
+func TestParseHookEvent_VSCodeUnknownHookEventName_ReturnsNil(t *testing.T) {
+	t.Parallel()
+
+	ag := &CopilotCLIAgent{}
+	input := `{"timestamp":"2026-02-09T10:30:00.000Z","cwd":"/path/to/repo","sessionId":"` + testSessionID + `","hookEventName":"FutureEvent"}`
+
+	event, err := ag.ParseHookEvent(context.Background(), HookNameSessionStart, strings.NewReader(input))
+
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if event != nil {
+		t.Errorf("expected nil event for unknown hookEventName, got %+v", event)
+	}
+}
+
 func TestParseHookEvent_PassthroughHooks_VSCodePayload_ReturnNil(t *testing.T) {
 	t.Parallel()
 

cmd/entire/cli/integration_test/copilot_vscode_hooks_test.go

@@ -95,7 +95,7 @@ func TestCopilotVSCodeHooks_AgentStopCreatesCheckpoint(t *testing.T) {
 			"cwd":             env.RepoDir,
 			"sessionId":       sessionID,
 			"stopReason":      "end_turn",
-			"hookEventName":   "SessionEnd",
+			"hookEventName":   "Stop",
 			"transcript_path": transcriptPath,
 		}),
 	)
@@ -169,7 +169,7 @@ func TestCopilotVSCodeHooks_GeneratedHookCommands(t *testing.T) {
 			"cwd":             env.RepoDir,
 			"sessionId":       sessionID,
 			"stopReason":      "end_turn",
-			"hookEventName":   "SessionEnd",
+			"hookEventName":   "Stop",
 			"transcript_path": transcriptPath,
 		}),
 	)
@@ -214,6 +214,9 @@ func assertNoParseFailure(t *testing.T, output HookOutput) {
 	if strings.Contains(stderr, "cannot unmarshal string into Go struct field") {
 		t.Fatalf("unexpected schema mismatch in stderr: %s", stderr)
 	}
+	if strings.Contains(stderr, "Warning from") {
+		t.Fatalf("unexpected warning in stderr: %s", stderr)
+	}
 }
 
 func writeCopilotTranscript(t *testing.T, transcriptPath, modifiedFile, prompt string) {