Docs: settings.json permissions don't explain that piped commands need separate entries
Resolved 💬 4 comments Opened Mar 6, 2026 by atsaloli Closed Apr 5, 2026
Problem
The settings documentation explains the Tool(specifier) format for permission rules, but doesn't mention that piped shell commands require a separate allowedTools entry for each command in the pipeline.
Example
To allow Claude Code to send email via:
printf "To: ...\nSubject: ...\n\nBody\n" | msmtp -t
You need two entries in settings.json:
"allowedTools": [
"Bash(printf:*)",
"Bash(msmtp:*)"
]
This is non-obvious. I asked Claude Code to add permissions and it added Bash(printf:* | msmtp:*) and it still prompted for approval.
Suggested fix
Add a note or example in the permissions docs clarifying that each command in a pipeline must be individually allowed.
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗