[FEATURE] Command-scoped permissions for custom slash commands
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
Currently, permissions in Claude Code are global — an allow rule for Bash(git push *) applies everywhere, not just in specific contexts.
It would be useful to be able to scope permissions to a specific custom command, so that elevated tool access is only granted when that command is explicitly invoked.
Proposed behavior:
Allow an allowed-tools frontmatter field in .claude/commands/*.md to grant permissions that they only apply during that command execution:
---
name: git-commit
allowed-tools: Bash(git *)
---
Stage and commit all changes: $ARGUMENTS
When /git-commit is running, git * is auto-approved. Outside of that command, the same tool use would prompt as normal.
Why this matters:
- Users may trust a specific, well-defined workflow (e.g. committing, deploying) to use powerful tools, without wanting those tools globally auto-approved
- It follows the principle of least privilege — permissions are granted for a specific, bounded context
- It makes custom commands more useful as safe, repeatable automation primitives
Proposed Solution
Current workaround:
allowed-tools in skill frontmatter suppresses prompts within the skill, but only for that single invocation's model calls. Global allow rules must be used for full auto-approval, which is broader than desired.
Alternative Solutions
_No response_
Priority
Medium - Would be very helpful
Feature Category
CLI commands and flags
Use Case Example
_No response_
Additional Context
_No response_
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗