Welcome to Snow CLI! Agentic coding in your terminal.
Snow CLI provides two command execution modes that allow you to execute terminal commands directly in conversations:
Command Injection Mode allows you to directly embed commands in conversation messages, which will be automatically executed by the system and the results replaced in the message, then sent to AI. This enables AI to quickly obtain command execution results without relying on tool calls, improving interaction efficiency.
Bash Mode is a pure terminal mode that executes commands but does not send them to AI. Just like a real terminal, it only executes commands and displays results without triggering AI conversation. Suitable for quick command execution scenarios that don't require AI participation.
Traditional command execution requires AI to call tools, wait for user approval, and then execute commands. Command Injection Mode provides a more direct approach:
- Embed commands directly in messages without additional tool call process
- AI can obtain real-time system status information
- Suitable for quick queries and simple operations
- Integrated with sensitive command protection mechanism to ensure security
Bash Mode provides a pure terminal experience:
- Quick command execution without triggering AI conversation
- Save API call costs
- Suitable for daily terminal operations
- Shares sensitive command protection mechanism with Command Injection Mode
Basic Syntax:
!`command`
Use single exclamation mark and backticks to wrap commands in messages, and the system will execute the command and replace the result in the message, then send it to AI.
Examples:
Check current directory: !`pwd`
List files: !`ls -la`
View Git status: !`git status`
Custom Timeout:
!`command`<timeout>
Use angle brackets after the command to specify timeout in milliseconds. If not specified, default timeout is 30000 milliseconds (30 seconds).
Examples:
!`npm install`<60000>
!`docker build .`<120000>
!`sleep 5`<10000>
Basic Syntax:
!!`command`
Use double exclamation marks and backticks to wrap commands in messages, and the system will execute the command but not send it to AI.
Examples:
!!`pwd`
!!`ls -la`
!!`git status`
Custom Timeout:
!!`command`<timeout>
Syntax is the same as Command Injection Mode, supports custom timeout.
Examples:
!!`npm install`<60000>
!!`docker build .`<120000>
!!`sleep 5`<10000>
Command Injection Mode:
- Must use complete
!+`combination, neither can be omitted - Command content goes inside backticks
- Timeout is optional, format is
<number>, unit is milliseconds - Multiple command injections can be included in one message
- Commands are executed sequentially
- Execution results replace command syntax, then sent to AI
Bash Mode:
- Must use complete
!!+`combination, neither can be omitted - Command content goes inside backticks
- Timeout is optional, format is
<number>, unit is milliseconds - Multiple commands can be included in one message
- Commands are executed sequentially
- Execution results are only displayed, not sent to AI
When you use command injection syntax (single exclamation mark) in messages, the system will:
The system uses regular expression /!([^]+)(?:<(\d+)>)?/g` to parse all commands in the message:
- Extract command content
- Extract timeout (if specified)
- Mark command position in message
Before execution, the system checks if the command matches sensitive command rules:
- Iterate through enabled sensitive command patterns
- If matched, show confirmation dialog
- Display command content, matching pattern, and risk description
- Wait for user confirmation or cancellation
For sensitive command configuration, see: Sensitive Commands Configuration
After user confirmation (or direct execution for non-sensitive commands):
- Windows systems use
cmd.exeto execute - Unix-like systems (macOS, Linux) use
shto execute - Use current working directory as execution path
- Inherit current environment variables
- Apply specified timeout
During command execution:
- Capture standard output (stdout)
- Capture standard error (stderr)
- Record exit code
- Detect timeout situations
After execution completes, the system replaces the original command syntax with execution results:
On success:
--- Command: ls -la ---
total 48
drwxr-xr-x 10 user staff 320 Dec 5 10:30 .
drwxr-xr-x 20 user staff 640 Dec 4 15:22 ..
-rw-r--r-- 1 user staff 1234 Dec 5 10:30 README.md
--- End of output ---
On failure:
--- Command: invalid-command ---
Error: command not found: invalid-command
--- End of output ---
The complete message with replaced content is sent to AI, which can analyze and respond based on the real command output.
When you use Bash mode syntax (double exclamation marks) in messages, the system will:
The system uses regular expression /!!([^]+)(?:<(\d+)>)?/g` to parse all commands in the message:
- Extract command content
- Extract timeout (if specified)
- Mark command position in message
Same as Command Injection Mode, checks sensitive command rules before execution.
Execution method is exactly the same as Command Injection Mode.
After command execution completes, results are displayed in the terminal but not sent to AI.
Bash Mode does not trigger AI conversation, flow ends after execution completes.
What's the current directory situation? !`ls -la`
AI will see the actual file list and respond based on it.
Help me analyze system resource usage:
Memory: !`free -h`
Disk: !`df -h`
Current branch status: !`git status`
Recent commits: !`git log -5 --oneline`
Check Node version: !`node --version`
Check dependencies: !`npm list --depth=0`
Project information:
Git branch: !`git branch --show-current`
Uncommitted changes: !`git status --short`
Recent commit: !`git log -1 --oneline`
!!`pwd`
!!`ls -la`
!!`git status`
Does not trigger AI conversation, only displays command execution results.
!!`npm run build`
!!`git pull`
!!`docker ps`
Suitable for daily operations that don't require AI participation.
!!`echo "Hello World"`
!!`date`
!!`whoami`
Quickly test if commands work properly.
Command injection mode is fully integrated with sensitive command configuration:
-
Auto Detection
- All commands are checked against sensitive patterns before execution
- Matched commands trigger confirmation flow
-
User Confirmation
- Display complete command content
- Show matched sensitive pattern and risk description
- Display timeout (if customized)
- User can choose to execute or cancel
-
Rejection Feedback
- If user rejects executing sensitive command
- AI receives feedback and may suggest alternatives
- Rejected commands won't appear in final message
- Default 30-second timeout prevents command hanging
- Can customize timeout for long-running commands
- Commands are forcibly terminated after timeout
- Timeout information is fed back to AI
- Commands execute in current working directory
- Inherit current shell environment variables
- Won't affect Snow CLI main process
- Command failures won't crash CLI
Suitable scenarios:
- Quick system status queries
- Get file list or content
- Check environment configuration
- Simple Git operation queries
Not suitable scenarios:
- Complex batch operations (safer to use tool calls)
- Commands requiring interaction (like password input)
- Long-running tasks (unless setting sufficient timeout)
- Dangerous system operations (should use tool calls with careful confirmation)
Set timeout based on command's expected execution time:
Quick query (use default): !`pwd`
Install dependencies (60s): !`npm install`<60000>
Build image (120s): !`docker build .`<120000>
Run tests (180s): !`npm test`<180000>
Provide context for AI to better understand command output:
I want to optimize this project's dependencies, first help me see what packages are currently installed: !`npm list --depth=0`
For operations that might trigger sensitive command protection:
Please help me check if there are unused files that can be cleaned (don't delete directly): !`git clean -n`
Use safe query options (like git clean -n) instead of directly executing dangerous operations.
Combine related commands together for AI to get complete view:
Analyze this branch situation:
Current branch: !`git branch --show-current`
Unmerged commits: !`git log origin/main..HEAD --oneline`
Uncommitted changes: !`git status --short`
Q: What's the difference between command injection and tool calls?
A: Command injection executes commands before sending message to AI and replaces results. AI sees execution results. Tool calls are AI actively requesting command execution during AI response. Command injection is better for quick queries, tool calls are better for complex operations.
Q: Why didn't my command execute?
A: Check these points:
- Confirm correct syntax:
!command`` - Both exclamation mark and backticks must be present
- If it's a sensitive command, confirm you selected execute in confirmation dialog
- Check if it timed out (default 30 seconds)
Q: Can I use multiple commands in one message?
A: Yes. The system will execute all commands sequentially, and each command's result will replace the corresponding syntax position.
Q: What happens when command execution fails?
A: Failed commands will show error information in output, and AI will see the complete error content and may provide solutions.
Q: What's the maximum timeout setting?
A: Theoretically no limit, but recommend not exceeding 300000 milliseconds (5 minutes). For very long-running tasks, suggest using tool call method for better monitoring and management.
Q: Does command injection bypass sensitive command protection?
A: No. All commands executed through command injection are checked against sensitive commands. Commands matching sensitive patterns must be confirmed by user.
Q: Can I inject commands requiring interaction?
A: Not recommended. Command injection doesn't support interactive input, such commands will hang until timeout. If you need to execute interactive commands, use Snow CLI's tool call functionality.
Q: Are there differences between Windows and Unix system commands?
A: Yes. Windows uses cmd.exe to execute, Unix-like systems use sh to execute. Consider cross-platform compatibility when writing commands, or explicitly specify target platform.
Command injection mode itself requires no configuration, but depends on sensitive command configuration:
- Windows:
%USERPROFILE%\.snow\sensitive-commands.json - macOS/Linux:
~/.snow/sensitive-commands.json
For detailed configuration method, see: Sensitive Commands Configuration
- Sensitive Commands Configuration - Configure dangerous commands requiring confirmation
- Command Panel Guide - Learn about other shortcut command features
- Vulnerability Hunting Mode - Professional security analysis feature, also uses sensitive command protection