[BUG] "Always Allow" permission never matches compound Bash commands with quoted paths, pipes, and .exe on Windows
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
Selecting "Always Allow" for a compound Bash command (quoted path with spaces + pipe + && + .exe) writes an entry to settings.local.json, but Claude Code continues to prompt for permission on every subsequent execution.
Command that triggers the issue:
"C:/Program Files/LLVM/bin/clang.exe" -std=c11 -Wall -g trigex.c -o trigex.exe 2>&1 | tail -5 && ./trigex.exe 2>&1
This command has multiple characteristics that likely each contribute to matching failure:
- Executable path contains spaces → must be quoted with double quotes
- Contains pipe operator (
|) and output redirection (2>&1) - Compound command chained with
&& - Uses
.exeextension on Windows
What Should Happen?
After selecting "Always Allow" once, the same command should be auto-approved on all future executions without prompting again.
Steps to Reproduce
- Ask Claude Code to run:
````
"C:/Program Files/LLVM/bin/clang.exe" -std=c11 -Wall -g trigex.c -o trigex.exe 2>&1 | tail -5 && ./trigex.exe 2>&1
- When prompted, select "Always Allow"
- Verify the permission was written to
.claude/settings.local.json - Ask Claude Code to run the exact same command again
- Observe: permission prompt appears again despite the entry in settings.local.json
Evidence
settings.local.jsonis updated after step 2 (the permission IS written — unlike #16762)- The written permission entry is likely the full literal command string (see #21845 for the pattern-vs-literal issue)
- The literal string fails to re-match on the next execution, presumably because:
- The
.exepath resolver expands the quoted path before pattern matching (#27537 hypothesis) - And/or the compound command (
|,&&,2>&1) is not parsed consistently between storage and matching
Related Issues
- #27537:
.exepattern matching fails on Windows (single command, no pipes tested) - #21845: Permission allow-list stores full literal commands instead of patterns (macOS)
- #16762: "Always Allow" not persisted to settings at all (different root cause — writing fails)
This report extends all three: on Windows, compound commands with a quoted .exe path and pipes are stored as literals (#21845 behavior), AND the .exe path-with-spaces matching fails (#27537 behavior), making it impossible to use "Always Allow" for any realistic compile-and-run workflow.
Error Messages/Logs
No error shown — Claude Code silently re-prompts without indication that the stored permission failed to match.
Claude Model
claude-sonnet-4-6
Is this a regression?
I don't know
Last Working Version
_No response_
Claude Code Version
2.1.50 (Claude Code)
Platform
Anthropic API
Operating System
Windows 10 Pro (Build 10.0.19045)
Terminal/Shell
Windows Terminal / Git Bash (bash)
Additional Information
This is particularly disruptive for iterative development workflows (e.g., compile + run cycles) where the same compound command is executed many times per session. The only current workaround is manually approving every single invocation.
This issue has 6 comments on GitHub. Read the full discussion on GitHub ↗