Bash() wrapper in permission syntax is redundant and noisy
Resolved 💬 3 comments Opened Mar 4, 2026 by daniellittledev Closed May 1, 2026
Since all shell commands go through the Bash tool, the Bash(...) prefix in permission rules adds no information and hurts readability. Bash(git log:*) means the same as git log:* — the wrapper is just internal implementation leaking into the UX.
Current:
"allow": ["Bash(git log:*)", "Bash(ls:*)", "Bash(npm run:*)"]
Proposed:
"allow": ["git log:*", "ls:*", "npm run:*"]
Or longer term, semantic groupings like git:read-only.
Removing the Bash() coupling would also better support other shells like PowerShell, where the concept of "Bash" is meaningless but the same permission model should apply. The syntax should describe what is allowed, not which shell binary executes it.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗