Settings file corruption: 'Always allow' stores entire command content instead of extracting pattern
Resolved 💬 3 comments Opened Jan 21, 2026 by vlad-ko Closed Jan 25, 2026
Description
When clicking "Always allow" on complex bash commands (especially multi-line commands with heredocs), Claude Code stores the entire command content verbatim in the settings file instead of extracting a sensible pattern.
Example of corrupted entries
The settings.local.json file ended up containing entries like:
"Bash(git -C /path/to/repo commit -m \"$(cat <<'EOF'\nfeat(#123): Add new feature\n\nThis is a detailed commit message\nwith multiple lines\nand descriptions...\nCo-Authored-By: Claude <noreply@anthropic.com>\nEOF\n)\")"
And even content that appears to be from echoed output or documentation:
"Bash(| Some table content |\n| with ASCII borders |\n..."
Expected behavior
When "Always allow" is clicked on a complex command, it should extract a general pattern like:
Bash(git:*)orBash(git -C:*)orBash(git commit:*)
Not store the entire command content as part of the pattern.
Impact
- Settings file grows from ~60 lines to 100+ lines
- Contains potentially sensitive content (commit messages, paths, project details)
- Patterns don't actually match future commands (too specific)
- User gets re-prompted for the same command types repeatedly
- File becomes corrupted and needs manual cleanup
Workaround
Manually clean up the settings file to use general patterns and avoid clicking "Always allow" on complex multi-line commands.
Environment
- Claude Code CLI
- macOS
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗