[BUG] Unapproved bash command execution (without pipes)
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
Command executed without matching any allowed permission pattern.
In this case AWS infrastructure modified via CDK (resources imported into CloudFormation stack) without user consent.
What Should Happen?
Command should be blocked or prompt for user approval since it doesn't match any allowed pattern in settings.
Steps to Reproduce
Configure settings.local.json with specific allowed Bash commands (none matching npx cdk import).
Allowed permissions configured:
{
"permissions": {
"allow": [
"Bash(npx tsc:*)",
"Bash(npx aws-cdk diff:*)",
// ... other specific commands, none matching "npx cdk import"
]
}
}
Claude executes npx cdk import StackName --resource-mapping /dev/stdin << 'EOF' ... EOF
Command executed successfully without permission prompt.
Claude Model
Opus
Is this a regression?
I don't know
Last Working Version
_No response_
Claude Code Version
2.1.15 (darwin-arm64)
Platform
Anthropic API
Operating System
macOS
Terminal/Shell
Terminal.app (macOS)
Additional Information
Product: Claude Code VSCode Extension
Platform: macOS (Darwin 25.2.0, Apple Silicon)
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗