[BUG] Plan agent requests permission for piped commands despite allowed settings (regression of #1271)
What's Wrong?
The Plan agent keeps requesting permission for piped commands even when both commands are explicitly listed in the allowed permissions in settings.json.
For example, when the Plan agent tries to run:
ls -lh /Users/prb/sablier/frontend/ui/apps/landing/public/blog/*.webp | awk '{print $5, $9}'
I get a permission prompt asking me to approve the command, despite having both ls and awk already configured in my allowed permissions.
<img width="400" alt="Image" src="https://github.com/user-attachments/assets/f421669c-b563-416b-a896-eb4d8db57e49" />
What Should Happen?
When both ls and awk are in the allowed permissions list, the Plan agent should execute piped commands like ls | awk without requesting permission. This is a regression of the fix from issue #1271.
Steps to Reproduce
- Add both
lsandawkto allowed permissions insettings.json - Start a Plan agent session
- Ask the agent to analyze files using a piped command (e.g., listing files with sizes)
- Agent attempts to run a command like
ls -lh path/*.webp | awk '{print $5, $9}' - Permission prompt appears despite both commands being whitelisted
Is this a regression?
Yes, this worked in a previous version. This issue was previously fixed in #1271 but has regressed, specifically in the context of the Plan agent.
Related Issues
- #1271 - Original fix for piped command permissions
- #10906 - Related permission handling issue
[!NOTE] This bug appears to be specific to the Plan agent context. The regression may be related to how the Plan agent processes tool permissions differently from the main agent.
17 Comments
Found 2 possible duplicate issues:
This issue will be automatically closed as a duplicate in 3 days.
🤖 Generated with Claude Code
The same issue occurs with subagents
Until Anthropic introduces a fix for this, here's a workaround that should enable you to fix it in a minute.
This issue has been inactive for 30 days. If the issue is still occurring, please comment to let us know. Otherwise, this issue will be automatically closed in 30 days for housekeeping purposes.
Still an issue for me
Still an issue for me as well. Would love a fix for this.
Still an issue
Still an issue, this is extremely annoying, i have to constantly monitor the Claude session for random permissions when using pipe commands.
@acasademont indeed
That's super annoying
This one is really frustrating for me as well. Is there anyone we can reach out to try and get this prioritized?
@AnthonyMDev no, unfortunately. Anthropic doesn't have humans curating these GitHub issues. It's a shame
very annoying issue in longer coding refactoring runs
I am also constantly being bugged by permission requests.
Still an issue.
Basically makes it impossible to write large files to disk from a subajent as you can't use stdin to pipe to a cli for peristance.
Why not just use Write? It used to have permission issues in subagents 😂
A hook splits piped commands and evaluates each component individually:
grep something | sort | uniq -cis split into three components, each checked independently. All three are safe → auto-approved. No more prompts for piped commands where every component is already allowed.Thanks for the report. This is a duplicate of #10906 — consolidating tracking there.