Always allow on multi-line commands saves broken/useless permission fragments
Resolved 💬 2 comments Opened Dec 28, 2025 by lxol Closed Dec 29, 2025
Description
When a user selects "Always allow" (or presses a) for a multi-line bash command, Claude Code saves each line as a separate permission rule. This results in broken, useless fragments that pollute the settings file.
Example
When approving this command:
if [ -f ~/.config/yazi/yazi.toml ]; then
cat ~/.config/yazi/yazi.toml
else
echo "No yazi.toml found"
fi
The following gets saved to .claude/settings.local.json:
"Bash(if [ -f ~/.config/yazi/yazi.toml ])",
"Bash(then cat ~/.config/yazi/yazi.toml)",
"Bash(else echo \"No yazi.toml found\")",
"Bash(fi)"
Why this is a bug
- These fragments will never match any real command - no one runs
fias a standalone command - They provide no security benefit - they don't actually permit the original multi-line command to run again
- They pollute settings files over time, requiring manual cleanup
- Similar issue occurs with
for/whileloops and other shell constructs
Expected behavior
One of:
- Don't offer "Always allow" for multi-line commands (only "Allow once" / "Allow for session")
- Show a warning explaining multi-line commands can't be saved as reusable rules
- Save the entire command as a single rule (specific but at least functional)
- Detect shell constructs (if/for/while/case) and handle appropriately
Environment
- Claude Code CLI
- Linux (also likely affects macOS)
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗