[Feature Request] Bash command permission matching should support combined/piped commands
Bug Description
having to constantly accept permissions for read-only Basque Mans is the most infuriating thing in the fucking world. I feel like a babysitter. and I'm supposed to be programming faster:
ls /Users/the/project/ 2>/dev/null && echo "---" && ls /Users/the/project/ 2>/dev/null
^ this gets flagged for needing permissions
echo "=== OrgNavSheet Navigation Link Verification ==="
grep -A 10 'Link' /Users/the/project/gui/src/components/org/org-nav-sheet.tsx | head -15
^ THIS gets flagged for needing permissions...
And this is nonstop. I've already allowed the following read-only bash commands and it still asks me every single fucking time whenever it concatenates other read-only bash commands.
"permissions": {
"allow": [
"Bash(npm run build:*)",
"Bash(npm run start:*)",
"Bash(npm install:*)",
"Bash(cat ~/.claude/skills/*)",
"Bash(ls ~/.claude/skills/*)",
"Bash(git status *)",
"Bash(git status)",
"Bash(git log *)",
"Bash(git diff *)",
"Bash(git diff)",
"Bash(git branch *)",
"Bash(git branch)",
"Bash(git show *)",
"Bash(git rev-parse *)",
"Bash(git remote *)",
"Bash(git tag *)",
"Bash(git blame *)",
"Bash(git shortlog *)",
"Bash(git stash list)",
"Bash(gh api *)",
"Bash(gh issue view *)",
"Bash(gh issue list *)",
"Bash(gh pr view *)",
"Bash(gh pr list *)",
"Bash(gh pr diff *)",
"Bash(gh pr checks *)",
"Bash(gh search *)",
"Bash(gh run list *)",
"Bash(gh run view *)",
"Bash(gh repo view *)",
"Bash(gh release list *)",
"Bash(gh release view *)",
"Bash(ls *)",
"Bash(which *)",
"Bash(wc *)",
"Bash(tree *)",
"Bash(grep *)",
"Bash(rg *)",
"Bash(* --version)",
"Bash(* --help)",
"Bash(yarn build *)",
"Bash(yarn build)",
"Bash(yarn test *)",
"Bash(yarn test)",
"Bash(yarn typecheck *)",
"Bash(yarn typecheck)",
"Bash(yarn lint *)",
"Bash(yarn lint)",
"Bash(yarn dev *)",
"Bash(yarn dev)",
"Bash(pnpm build *)",
"Bash(pnpm build)",
"Bash(pnpm test *)",
"Bash(pnpm test)",
"Bash(pnpm typecheck *)",
"Bash(pnpm typecheck)",
"Bash(pnpm lint *)",
"Bash(pnpm lint)",
"Bash(pnpm dev *)",
"Bash(pnpm dev)",
"Bash(pnpm run *)",
"Bash(pnpm install *)",
"Bash(pnpm install)",
"Bash(pnpm list *)",
"Bash(pnpm why *)",
"Bash(pnpm exec *)",
"Bash(bun build *)",
"Bash(bun build)",
"Bash(bun test *)",
"Bash(bun test)",
"Bash(bun typecheck *)",
"Bash(bun typecheck)",
"Bash(bun lint *)",
"Bash(bun lint)",
"Bash(bun dev *)",
"Bash(bun dev)",
"Bash(bun run *)",
"Bash(bun install *)",
"Bash(bun install)",
"Bash(bun x *)",
"Bash(bunx *)",
"Bash(npx tsc --noEmit *)",
"Bash(npx tsc --noEmit)",
"mcp__context7__resolve-library-id",
"mcp__context7__query-docs",
"mcp__context7__get-library-docs"
],
"deny": [],
"ask": [
"Bash(rm:*)"
],
"defaultMode": "acceptEdits"
},
Really annoying guys... Danger permissions isn't an option, but this "middle" ground is a PITA.
Environment Info
- Platform: darwin
- Terminal: WarpTerminal
- Version: 2.1.63
- Feedback ID: 441bd8df-5715-42bf-8169-a762ce673ca3
Errors
[{"error":"Error: NON-FATAL: Lock acquisition failed for /Users/.../.local/share/claude/versions/2.1.63 (expected in multi-process scenarios)\n at sVR (/$bunfs/root/claude:2436:2100)\n at QjA (/$bunfs/root/claude:2436:1211)\n at processTicksAndRejections (native:7:39)","timestamp":"2026-03-02T07:24:03.541Z"}]This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗