Bash allowlist pattern 'Bash(curl *)' in settings.local.json not matching — repeated permission prompts

Open 💬 5 comments Opened Feb 28, 2026 by pyfd

Bug Description

Bash(curl *) is listed in permissions.allow in .claude/settings.local.json, but Claude Code still prompts for permission on every curl invocation. During a single session with ~20 curl commands (API endpoint testing), the user had to approve "Yes, and don't ask again for: curl:*" repeatedly.

Reproduction

  1. Add both patterns to .claude/settings.local.json:

``json
{
"permissions": {
"allow": [
"Bash(curl *)",
"Bash(curl:*)"
]
}
}
``

  1. Ask Claude Code to test API endpoints using curl (e.g. "test these 12 endpoints with curl")
  1. Expected: curl commands execute without permission prompts

Actual: Each curl command triggers a permission prompt: "Yes, and don't ask again for: curl:*"

Additional Context

  • The "don't ask again" approvals during the session don't appear to persist either — no project-level settings.json was created at ~/.claude/projects/<project>/settings.json after the session
  • Other Bash(...) patterns in the same file (e.g. Bash(node *), Bash(git *)) appear to work correctly
  • It's possible the colon in curl:* vs space in curl * is causing a format mismatch between what the allowlist expects and what the permission check evaluates

Environment

  • Claude Code CLI (Opus 4.6)
  • Linux (LXC container)
  • Bash shell

View original on GitHub ↗

This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗