Bash allowlist pattern 'Bash(curl *)' in settings.local.json not matching — repeated permission prompts
Open 💬 5 comments Opened Feb 28, 2026 by pyfd
Bug Description
Bash(curl *) is listed in permissions.allow in .claude/settings.local.json, but Claude Code still prompts for permission on every curl invocation. During a single session with ~20 curl commands (API endpoint testing), the user had to approve "Yes, and don't ask again for: curl:*" repeatedly.
Reproduction
- Add both patterns to
.claude/settings.local.json:
``json``
{
"permissions": {
"allow": [
"Bash(curl *)",
"Bash(curl:*)"
]
}
}
- Ask Claude Code to test API endpoints using curl (e.g. "test these 12 endpoints with curl")
- Expected: curl commands execute without permission prompts
Actual: Each curl command triggers a permission prompt: "Yes, and don't ask again for: curl:*"
Additional Context
- The "don't ask again" approvals during the session don't appear to persist either — no project-level
settings.jsonwas created at~/.claude/projects/<project>/settings.jsonafter the session - Other
Bash(...)patterns in the same file (e.g.Bash(node *),Bash(git *)) appear to work correctly - It's possible the colon in
curl:*vs space incurl *is causing a format mismatch between what the allowlist expects and what the permission check evaluates
Environment
- Claude Code CLI (Opus 4.6)
- Linux (LXC container)
- Bash shell
This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗