Feature Request: Allow disabling or intercepting bash mode (! prefix) commands

Resolved 💬 2 comments Opened Jan 19, 2026 by harshh-jainn Closed Feb 27, 2026

Problem

The ! prefix (bash mode) allows users to run shell commands directly without going through Claude's permission system or hooks. This creates a security gap for organizations using a multi-user security architecture.

Current Behavior

  1. User types ! cat /secure/file.txt
  2. Command executes directly in the shell
  3. No hooks fire (PreToolUse, PostToolUse, etc.)
  4. No permission rules apply
  5. User bypasses all security controls

Verified Testing

We added a PreToolUse hook with matcher: "Bash" that logs all invocations:

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [
          {
            "type": "command",
            "command": "/path/to/hook.sh"
          }
        ]
      }
    ]
  }
}

Result: The hook fires for normal Bash tool usage but never fires for ! commands.

Use Case

We have a two-user security architecture:

  • dev user: Regular development work
  • exo user: Access to secure organizational resources

Claude Code runs as exo user to access secure resources through controlled tool calls. However, the ! prefix allows users to directly access anything the exo user can access, bypassing our security model.

Requested Solutions (any of these would help)

  1. Setting to disable bash mode entirely: "disableBashMode": true
  2. Hook support for bash mode: Make PreToolUse/PostToolUse fire for ! commands
  3. Permission rule for bash mode: Allow deny: ["BashMode"] or similar
  4. Managed settings support: Allow operators to disable bash mode organization-wide

Environment

  • Claude Code version: v2.1.4+
  • Platform: Linux (Docker container)
  • Using: Hooks, custom permissions, multi-user setup

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗