[FEATURE] Allow whitelisting of inline commands based on imports
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
I want to be able to whitelist many one-liner commands to like node -e "const path = require('path'); console.log(path.join('foo', 'bar', 'baz.txt'))" because I know the "path" library by itself is pretty safe, but I don't want to let Claude Code run node -e "const fs = require('fs'); //... without prompting me because "fs" can do dangerous stuff. Same deal for other commands like python -c, etc.
Proposed Solution
When Claude prompts for command authorization, provide an option that will authorize the command but only for specific import libraries inthe inline command
Alternative Solutions
Currently I work around this by manually authorizing many commands that I know I could let Claude safely do. This creates a lot of work loop interruptions in order to maintain safety.
Priority
High - Significant impact on productivity
Feature Category
Configuration and settings
Use Case Example
Example scenario:
- I run /security-review on a code base that uses npm
- Claude prompts me whether I want to run `npm -e "import .... // do some stuff" in order to validate a finding
- Claude prompts me whether I want to run `npm -e "import (some dangerous library like os or fs)"
Additional Context
_No response_
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗