shell-interpolation
Expands !`command` patterns in your input by running the shell
command and replacing the pattern with its stdout. Compatible with
Claude Code’s backtick interpolation syntax.
Enabling
Section titled “Enabling”Shell interpolation must be opted into. Choose one:
| Method | Scope |
|---|---|
TALLOW_ENABLE_SHELL_INTERPOLATION=1 (or TALLOW_SHELL_INTERPOLATION=1) | Process/session |
"shellInterpolation": true in .tallow/settings.json or ~/.tallow/settings.json | Persistent (.tallow value requires trusted project) |
When disabled, !`command` patterns pass through to the agent
as literal text.
Project .tallow/settings.json toggles are only honored when the project
is trusted. Use /trust-project and /trust-status for trust management.
Type shell commands inline using !`command` syntax:
Review !`git diff --stat`The command runs before your prompt reaches the agent, so the agent sees the actual diff output.
Multiple commands
Section titled “Multiple commands”Branch: !`git branch --show-current`, last commit: !`git log --oneline -1`All patterns are expanded in a single pass.
Error handling
Section titled “Error handling”If a command fails (non-zero exit, timeout, or signal), the pattern is replaced with an error marker instead of throwing:
[error: command failed: nonexistent-command]If policy blocks the command, the pattern becomes a denial marker:
[denied: Implicit command is not allowlisted]Limits
Section titled “Limits”| Setting | Value |
|---|---|
| Timeout | 5 seconds |
| Max output | 1 MB |
Commands run in the project root (process.cwd()).
Security
Section titled “Security”Output from commands is not re-scanned for additional
!`...` patterns. This prevents injection attacks where
command output contains shell interpolation syntax.
Policy behavior
Section titled “Policy behavior”Implicit interpolation commands are restricted to an allowlist and blocked when they contain dangerous shell operators or denylisted patterns.
bash and bg_bash remain available for explicit user-intent shell
execution. High-risk explicit commands require confirmation in
interactive sessions.
In non-interactive environments (CI/scripts), set
TALLOW_ALLOW_UNSAFE_SHELL=1 to bypass explicit high-risk confirmation.
Audit trail
Section titled “Audit trail”Policy decisions and execution outcomes are recorded in the shared in-memory shell audit trail (source, cwd, outcome, timing, exit code).
Programmatic use
Section titled “Programmatic use”Other extensions can import the transform directly:
import { expandShellCommands } from "../shell-interpolation/index.js";
const expanded = expandShellCommands(text, cwd, { source: "context-fork", enforcePolicy: true,});Set enforcePolicy: true for runtime command expansion. Use the default
(false) only for trusted, test-only transforms.