Feature Request: Allow disabling or intercepting bash mode (! prefix) commands
Resolved 💬 2 comments Opened Jan 19, 2026 by harshh-jainn Closed Feb 27, 2026
Problem
The ! prefix (bash mode) allows users to run shell commands directly without going through Claude's permission system or hooks. This creates a security gap for organizations using a multi-user security architecture.
Current Behavior
- User types
! cat /secure/file.txt - Command executes directly in the shell
- No hooks fire (PreToolUse, PostToolUse, etc.)
- No permission rules apply
- User bypasses all security controls
Verified Testing
We added a PreToolUse hook with matcher: "Bash" that logs all invocations:
{
"hooks": {
"PreToolUse": [
{
"matcher": "Bash",
"hooks": [
{
"type": "command",
"command": "/path/to/hook.sh"
}
]
}
]
}
}
Result: The hook fires for normal Bash tool usage but never fires for ! commands.
Use Case
We have a two-user security architecture:
devuser: Regular development workexouser: Access to secure organizational resources
Claude Code runs as exo user to access secure resources through controlled tool calls. However, the ! prefix allows users to directly access anything the exo user can access, bypassing our security model.
Requested Solutions (any of these would help)
- Setting to disable bash mode entirely:
"disableBashMode": true - Hook support for bash mode: Make PreToolUse/PostToolUse fire for
!commands - Permission rule for bash mode: Allow
deny: ["BashMode"]or similar - Managed settings support: Allow operators to disable bash mode organization-wide
Environment
- Claude Code version: v2.1.4+
- Platform: Linux (Docker container)
- Using: Hooks, custom permissions, multi-user setup
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗