fix: guardrail hooks fail-open instead of fail-closed

Remove `set -e` from _common.sh and add `trap 'exit 0' ERR` so that
unexpected errors (empty input, malformed JSON, non-bash tool payloads)
result in allowing the tool call rather than blocking it.

Previously, when non-bash MCP tools (e.g. Zendesk, GitHub MCP) triggered
the preToolUse hooks, the script could error out before reaching the
'toolName != bash' check. The CLI interprets hook errors as denials,
which blocked ALL tool calls — including reads, shell commands, and MCP.

Also adds early JSON validation: if input is empty or invalid JSON, exit
immediately with allow.

Fixes #579

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: kwacky1

copilot-plugin/hooks/_common.sh

@@ -4,11 +4,21 @@
 #
 # Exports: TOOL_NAME, COMMAND
 # Exits 0 (allow) immediately if the tool is not bash or if there is no command.
+#
+# IMPORTANT: Do NOT use `set -e` here. These hooks must fail-open — if anything
+# goes wrong (bad input, missing jq, unexpected payload shape), we exit 0 (allow)
+# rather than erroring out and blocking all tool calls.
 
-set -e
+# Trap: any unexpected error → allow (fail-open, not fail-closed)
+trap 'exit 0' ERR
 
 _INPUT=$(cat 2>/dev/null || true)
 
+# If input is empty or not valid JSON, allow
+if [ -z "$_INPUT" ] || ! echo "$_INPUT" | jq empty 2>/dev/null; then
+  exit 0
+fi
+
 # Defensive: handle missing or malformed JSON gracefully
 TOOL_NAME=$(echo "$_INPUT" | jq -r '.toolName // empty' 2>/dev/null || true)
 if [ "$TOOL_NAME" != "bash" ]; then