Bash permission pattern with wildcard not matching commands with redirects

Resolved 💬 6 comments Opened Dec 5, 2025 by snelling-a Closed Feb 7, 2026

Description

Bash permission patterns using wildcards (*) are not matching commands that include shell redirects like 2>&1, even though they should based on prefix matching logic.

Environment

  • Claude Code version: 2.0.59
  • Platform: macOS (Darwin 24.6.0)

Configuration

In ~/.claude/settings.json:

{
  "permissions": {
    "allow": [
      "Bash(npm run test*)",
      ...
    ]
  }
}

Expected Behavior

The pattern Bash(npm run test*) should match:

  • npm run test
  • npm run test 2>&1
  • npm run test:unit

Since * is a wildcard that should match any characters after npm run test.

Actual Behavior

Claude Code prompts for permission when running npm run test 2>&1, even though the pattern Bash(npm run test*) is in the allow list.

Notes

  • Version 1.0.123 changelog states: "Bash permission rules now support output redirections when matching (e.g., Bash(python:*) matches python script.py > output.txt)"
  • This suggests redirects should be handled, but they don't appear to be working with 2>&1
  • The piped version npm run test 2>&1 | head -200 also doesn't match, which may be expected behavior due to shell operator security (preventing safe-cmd && malicious-cmd bypasses), but the non-piped redirect case should work

View original on GitHub ↗

This issue has 6 comments on GitHub. Read the full discussion on GitHub ↗