[FEATURE] Command-scoped permissions for custom slash commands

Resolved 💬 4 comments Opened Mar 28, 2026 by AdamKeher Closed Apr 30, 2026

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

Currently, permissions in Claude Code are global — an allow rule for Bash(git push *) applies everywhere, not just in specific contexts.

It would be useful to be able to scope permissions to a specific custom command, so that elevated tool access is only granted when that command is explicitly invoked.

Proposed behavior:

Allow an allowed-tools frontmatter field in .claude/commands/*.md to grant permissions that they only apply during that command execution:

---
name: git-commit
allowed-tools: Bash(git *)
---

Stage and commit all changes: $ARGUMENTS

When /git-commit is running, git * is auto-approved. Outside of that command, the same tool use would prompt as normal.

Why this matters:

  • Users may trust a specific, well-defined workflow (e.g. committing, deploying) to use powerful tools, without wanting those tools globally auto-approved
  • It follows the principle of least privilege — permissions are granted for a specific, bounded context
  • It makes custom commands more useful as safe, repeatable automation primitives

Proposed Solution

Current workaround:

allowed-tools in skill frontmatter suppresses prompts within the skill, but only for that single invocation's model calls. Global allow rules must be used for full auto-approval, which is broader than desired.

Alternative Solutions

_No response_

Priority

Medium - Would be very helpful

Feature Category

CLI commands and flags

Use Case Example

_No response_

Additional Context

_No response_

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗