fix(hooks): guard against undefined output.output in tool.execute.after hooks

[sjawhar]

Summary

Guard against undefined output.output in all 14 tool.execute.after hooks and injectors that access the field.

MCP tool results (e.g. Slack, Toggl) don't populate output.output as a string, causing:

• TypeError crashes in hooks that call .toLowerCase() or .startsWith() on undefined
• Silent "undefined" string corruption in hooks that use += (producing "undefined\n\nSome reminder")

Root Cause

The tool.execute.after hook fires for all tool calls, including MCP tools. The hook type signature declares output: { output: string }, but MCP tool results don't always populate this field. Many hooks access output.output without null-checking first.

Two existing hooks already guarded against this:

• empty-task-response-detector uses output.output?.trim() ?? ""
• tool-output-truncator used typeof output.output !== 'string'

The rest did not, and the codebase was inconsistent.

Fix

Add output.output == null early-return guard to every tool.execute.after handler that accesses output.output. This:

• Uses loose equality (== null) to catch both null and undefined
• Allows empty strings through (which are valid tool outputs)
• Is applied consistently across all hooks, including those behind tool filters (defense in depth)
• Normalizes the previous typeof !== 'string' check in tool-output-truncator to match

Hooks fixed

Hook	Failure mode	Had tool filter?
comment-checker	Crash: .toLowerCase() on undefined	No — crashed before filter
edit-error-recovery	Crash: .toLowerCase() on undefined	Yes (edit only)
task-resume-info	Crash: .startsWith() on undefined	Yes (task/call_omo_agent)
delegate-task-retry	Passed undefined to function	Yes (task only)
context-window-monitor	Corrupt: undefined +=	No
task-reminder	Corrupt: undefined +=	No
claude-code-hooks handler	Corrupt: template literal	No
category-skill-reminder	Corrupt: undefined +=	Yes
agent-usage-reminder	Corrupt: undefined +=	Yes
interactive-bash-session	Corrupt: undefined +=	Yes (interactive_bash)
directory-readme-injector	Corrupt: undefined +=	Yes (read/glob/grep)
directory-agents-injector	Corrupt: undefined +=	Yes (read/glob/grep)
rules-injector	Corrupt: undefined +=	Yes (read/glob/grep)
tool-output-truncator	Already guarded (normalized)	Yes

Testing

• Built locally, loaded via file:// plugin path in OpenCode config
• Verified Slack MCP conversations_add_message and channels_list calls succeed after fix (previously all Slack MCP calls returned TypeError)
• All existing tool functionality (edit, bash, read, grep, etc.) unaffected — the guard only skips when output.output is nullish

[github-actions]

All contributors have signed the CLA. Thank you! ✅
_{Posted by the CLA Assistant Lite bot.}

[cubic-dev-ai]

No issues found across 2 files

Confidence score: 5/5

• Automated review surfaced no issues in the provided summaries.
• No files require special attention.

_{Auto-approved: Simple defensive type check additions. Both changes add typeof output.output !== \"string\" guards before calling .toLowerCase(), preventing runtime errors on non-string outputs. No logic changes,}

[sjawhar]

I have read the CLA Document and I hereby sign the CLA