[BUG] Inline command execution (!`cmd`) in slash commands fails with permission error
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
Slash commands that contain inline command execution syntax (!command) fail with a permission error during preprocessing. The error occurs before the slash command can execute, making inline command syntax unusable in custom slash commands.
The permission system blocks these commands because Claude Code wraps them with "export CLAUDE_PROJECT_DIR=<path>; <command>", which the permission checker treats as a compound command requiring approval.
What Should Happen?
- Inline commands in slash commands (e.g., !
git status) should execute successfully - The CLAUDE_PROJECT_DIR environment variable should be set (as intended)
- Command output should be injected into the slash command context
- The slash command should continue executing with the populated context
Error Messages/Logs
Error: Bash command permission check failed for pattern "!`git status --porcelain`":
This Bash command contains multiple operations. The following part requires approval:
export CLAUDE_PROJECT_DIR=/path/to/project
Steps to Reproduce
- Create a test slash command file
.claude/commands/test-inline.md:
---
description: Test inline command execution
---
## Context
- Current branch: !`git branch --show-current`
- Git status: !`git status --porcelain`
## Instructions
If you can read this, the bug is fixed!
- Execute the slash command:
/test-inline
- Observe the error about permission denied for the export statement
- The slash command fails during Context preprocessing before reaching Instructions
Claude Model
Sonnet (default)
Is this a regression?
Yes, this worked in a previous version
Last Working Version
2.0.37
Claude Code Version
2.0.41
Platform
Anthropic API
Operating System
macOS
Terminal/Shell
Terminal.app (macOS)
Additional Information
Root Cause Analysis
The issue occurs in the interaction between the command wrapper function (An5() in minified cli.js) and the permission checker:
- Inline command
!git status`` is extracted from slash command An5()wraps it:export CLAUDE_PROJECT_DIR=/path; git status- Permission checker sees compound command with
export→ flags as requiring approval - Command fails before execution
Why This is Problematic
Current implementation (broken):
// Wrap command with export
command = `export CLAUDE_PROJECT_DIR=/path; ${command}`
// Run permission check on wrapped command
if (!permissionCheck(command)) throw Error(); // ❌ Fails here
exec(command)
How hooks already work (correct):
// Set environment via spawn options
let env = {...process.env, CLAUDE_PROJECT_DIR: projectDir};
spawn(command, [], {env, shell: true}) // ✅ WorksThis issue has 4 comments on GitHub. Read the full discussion on GitHub ↗