Permission matcher treats quoted dash strings as flags

Resolved 💬 2 comments Opened Mar 6, 2026 by danparshall Closed Apr 4, 2026

Bug Description

The Bash permission matcher appears to scan the full command string for dash-prefixed tokens and treats them as unrecognized flags/options, even when they are quoted string arguments. This causes unexpected permission prompts for commands that should be auto-allowed.

Reproduction

Given these allow rules in ~/.claude/settings.json:

"Bash(echo *)",
"Bash(ls *)",
"Bash(head *)"

Commands that pass (no prompt):

echo "---"              # single command, no chain
echo "a-b" && echo "end"  # dash mid-string
echo "a" && echo "b" && echo "c"  # chain without dashes
ls /tmp | head -3 && echo "xxx" && echo "end"  # no dash-only strings

Commands that prompt unexpectedly:

echo "-" && echo "end"      # dash in quoted string
echo "--" && echo "end"     # double dash in quoted string
echo "---" && echo "end"    # triple dash in quoted string
ls /tmp | head -3 && echo "---" && echo "end"  # dash string in chain

Analysis

The pattern is consistent:

  • A quoted string argument whose content starts with - (e.g., "-", "--", "---")
  • In a chained command (&&, ||)
  • Triggers a permission prompt even though the leading command matches an allow rule

The matcher seems to be tokenizing the full command string and flagging any token starting with - as a potential flag, without respecting shell quoting. Single commands with the same arguments pass fine — it only triggers in chains.

Expected Behavior

Quoted string arguments like "---" should not be interpreted as flags by the permission matcher. The shell quoting context should be respected when scanning for options/flags.

Environment

  • Claude Code CLI
  • macOS (Darwin 23.6.0)
  • Permission rules defined in ~/.claude/settings.json

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗