[BUG] Unapproved bash command execution (without pipes)

Resolved 💬 3 comments Opened Jan 22, 2026 by jamesmcglinn Closed Jan 22, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Command executed without matching any allowed permission pattern.

In this case AWS infrastructure modified via CDK (resources imported into CloudFormation stack) without user consent.

What Should Happen?

Command should be blocked or prompt for user approval since it doesn't match any allowed pattern in settings.

Steps to Reproduce

Configure settings.local.json with specific allowed Bash commands (none matching npx cdk import).
Allowed permissions configured:

{
"permissions": {
"allow": [
"Bash(npx tsc:*)",
"Bash(npx aws-cdk diff:*)",
// ... other specific commands, none matching "npx cdk import"
]
}
}

Claude executes npx cdk import StackName --resource-mapping /dev/stdin << 'EOF' ... EOF

Command executed successfully without permission prompt.

Claude Model

Opus

Is this a regression?

I don't know

Last Working Version

_No response_

Claude Code Version

2.1.15 (darwin-arm64)

Platform

Anthropic API

Operating System

macOS

Terminal/Shell

Terminal.app (macOS)

Additional Information

Product: Claude Code VSCode Extension
Platform: macOS (Darwin 25.2.0, Apple Silicon)

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗