Permission "don't ask again" suggests wrong command in piped chains
Bug Description
When a Bash command contains a pipeline with both pre-approved and unapproved commands, the "Yes, and don't ask again for: X" prompt incorrectly identifies the last command in the pipeline (e.g., grep) rather than the unapproved command (e.g., python3).
Steps to Reproduce
- Pre-approve
cdandgrepcommands (either via "don't ask again" orsettings.json) - Have Claude generate a compound command like:
cd "/path/to/project" && python3 -c "
import src.db as db
conn = db.get_connection()
# ... queries ...
conn.close()
" 2>&1 | grep -v NotOpenSSL | grep -v warnings
- Claude Code prompts for permission (expected, since
python3is not pre-approved) - The "don't ask again" option offered is: **"Yes, and don't ask again for: grep:\"*
Expected Behavior
The "don't ask again" suggestion should reference python3 (the unapproved command in the chain), not grep (which is already pre-approved).
Actual Behavior
The permission system surfaces the last command in the pipeline (grep) as the candidate for pre-approval, which is:
- Misleading —
grepis already approved - Useless — accepting it does not prevent future prompts (the
python3part still triggers them) - Confusing — the user sees an offer to pre-approve something that is already approved
Even when selecting "Yes, and don't ask again", the prompt reappears on subsequent similar commands because the actual unapproved command (python3) was never added to the allow list.
Environment
- Claude Code CLI
- macOS (Darwin 25.3.0)
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗