[Bug] Permission pattern matching fails with shell redirections in Bash commands

Resolved 💬 3 comments Opened Oct 25, 2025 by astaralgorithm Closed Oct 28, 2025

Bug Description
Bug Report: Permission Pattern Matching Fails for Bash Commands with Shell Redirections

Description

The permission system in ~/.claude/settings.json does not properly match Bash commands that include shell redirections (e.g., >, >>, |) even when wildcard
patterns should cover them.

Expected Behavior

When a permission pattern like "Bash(git:*)" is configured in the allow list, it should match all commands starting with git, including:

  • git status
  • git diff --staged --stat
  • git status --porcelain > /tmp/output.txt ← Should match but doesn't
  • git log -5 --oneline | head -n 3 ← Should match but doesn't

The wildcard pattern should match the entire command invocation regardless of shell operators.

Actual Behavior

Commands with shell redirections or pipes trigger permission prompts even when matching patterns exist in the allow list.

Example:

  • Permission configured: "Bash(git:*)"
  • Command executed: git status --porcelain > /tmp/git_status_before.txt
  • Result: ❌ Permission prompt appears (should be auto-approved)

Steps to Reproduce

  1. Add the following to ~/.claude/settings.json:

{
"permissions": {
"allow": [
"Bash(git:*)"
]
}
}

  1. Execute a slash command that runs:

git status --porcelain > /tmp/git_status_before.txt

  1. Observed: Permission prompt appears requesting manual approval
  2. Expected: Command executes automatically without prompt (since Bash(git:*) should match)

Impact

This affects workflows that use shell redirections/pipes for:

  • Capturing git command output to files for comparison (git status > file)
  • Using diff commands (diff file1 file2)
  • Piping output between commands

Users must manually approve these commands on every execution, even when wildcard patterns are configured.

Environment

  • Claude Code Version: [Latest as of 2025-01-25]
  • Platform: macOS (Darwin)
  • Configuration: ~/.claude/settings.json with permissions.allow patterns

Suggested Fix

The permission matcher should:

  1. Extract the base command (first word before any arguments/operators)
  2. Match against configured patterns
  3. Approve if pattern matches, regardless of shell operators (>, >>, |, etc.)

Alternatively, document that shell redirections require explicit permission patterns and provide examples.

Workaround

None currently available. Users must manually approve each invocation.

Environment Info

  • Platform: darwin
  • Terminal: pycharm
  • Version: 2.0.27
  • Feedback ID: a278d896-de1b-4768-86ae-268522297741

Errors

[]

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗