Permission "don't ask again" suggests wrong command in piped chains

Resolved 💬 3 comments Opened Feb 24, 2026 by dhruvil009 Closed Mar 24, 2026

Bug Description

When a Bash command contains a pipeline with both pre-approved and unapproved commands, the "Yes, and don't ask again for: X" prompt incorrectly identifies the last command in the pipeline (e.g., grep) rather than the unapproved command (e.g., python3).

Steps to Reproduce

  1. Pre-approve cd and grep commands (either via "don't ask again" or settings.json)
  2. Have Claude generate a compound command like:
cd "/path/to/project" && python3 -c "
   import src.db as db
   conn = db.get_connection()
   # ... queries ...
   conn.close()
" 2>&1 | grep -v NotOpenSSL | grep -v warnings
  1. Claude Code prompts for permission (expected, since python3 is not pre-approved)
  2. The "don't ask again" option offered is: **"Yes, and don't ask again for: grep:\"*

Expected Behavior

The "don't ask again" suggestion should reference python3 (the unapproved command in the chain), not grep (which is already pre-approved).

Actual Behavior

The permission system surfaces the last command in the pipeline (grep) as the candidate for pre-approval, which is:

  • Misleadinggrep is already approved
  • Useless — accepting it does not prevent future prompts (the python3 part still triggers them)
  • Confusing — the user sees an offer to pre-approve something that is already approved

Even when selecting "Yes, and don't ask again", the prompt reappears on subsequent similar commands because the actual unapproved command (python3) was never added to the allow list.

Environment

  • Claude Code CLI
  • macOS (Darwin 25.3.0)

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗