Docs: settings.json permissions don't explain that piped commands need separate entries

Resolved 💬 4 comments Opened Mar 6, 2026 by atsaloli Closed Apr 5, 2026

Problem

The settings documentation explains the Tool(specifier) format for permission rules, but doesn't mention that piped shell commands require a separate allowedTools entry for each command in the pipeline.

Example

To allow Claude Code to send email via:

printf "To: ...\nSubject: ...\n\nBody\n" | msmtp -t

You need two entries in settings.json:

"allowedTools": [
  "Bash(printf:*)",
  "Bash(msmtp:*)"
]

This is non-obvious. I asked Claude Code to add permissions and it added Bash(printf:* | msmtp:*) and it still prompted for approval.

Suggested fix

Add a note or example in the permissions docs clarifying that each command in a pipeline must be individually allowed.

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗