Permission rule glob matching fails on '`-` sequence in arguments
Summary
Bash permission rules fail to match commands when the argument contains the character sequence '- (single quote followed by minus/hyphen), even though the rule should match the command path.
Steps to Reproduce
- Add permission rule to
.claude/settings.local.json:
{
"permissions": {
"allow": [
"Bash(*msa*)"
]
}
}
- Verify rule is loaded with
/permissions
- Run commands:
# This WORKS - no permission prompt:
../msa/msa-mail-query "SELECT 'test'"
# This WORKS - no permission prompt:
../msa/msa-mail-query "SELECT -1"
# This FAILS - prompts for permission:
../msa/msa-mail-query "SELECT '-1'"
Expected Behavior
All three commands should match the rule Bash(*msa*) since the command path ../msa/msa-mail-query contains "msa".
Actual Behavior
Commands containing '- in the argument string trigger a permission prompt, even though the glob pattern should only match against the command, not validate argument contents.
Ablation Testing
Systematically tested to isolate the issue:
| Command | Result |
|---------|--------|
| SELECT 1 | ✅ OK |
| SELECT -1 | ✅ OK |
| SELECT 'test' | ✅ OK |
| SELECT 'a', 'b' | ✅ OK |
| SELECT coalesce('a', 'b') | ✅ OK |
| SELECT '-1' | ❌ Prompts |
| SELECT coalesce('a', '-1') | ❌ Prompts |
| SELECT datetime('now', '-7 days') | ❌ Prompts |
The triggering pattern is specifically '- (single quote followed by hyphen).
Root Cause Hypothesis
The '- sequence appears to be interpreted as a glob character class pattern rather than as literal characters in the argument string.
Impact
This breaks permission rules for any SQL-based CLI tools using SQLite datetime modifiers like datetime('now', '-7 days'), which is a very common pattern.
Environment
- macOS (Darwin 25.2.0)
- Claude Code CLI
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗