[FEATURE] Security: approved bash command that run scripts should check the script hash

Resolved 💬 5 comments Opened Mar 7, 2026 by rbardak Closed Mar 25, 2026

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

In order to improve agent independence while at the same time trying to avoid giving blanket permissions to claude, I usually allow claude to run pre-approved scripts. This is usually the difference between having the agent work independently for 5-10 minutes vs. having the agent run independently for half an hour or longer without the need for aggressive sandboxing and dangerous permission skips.

There is the remnant risk that the agent will edit the pre-approved scripts independently and then run whatever bash command comes to mind. This doesnt happen in short runs with clean context, however this might happen on very long sesions with context overrun, especially when claude rabbit holes into debugging a hallucinated issue.

Proposed Solution

Bash permissions that involve running scripts with direct invocation like this "./my-script.sh" should, when giving claude permanent permission to run the command, remember the sha-hash of the script at the time the permission was given. Subsequent auto-allows should only trigger, if the hash of the invoked script matches the approved hash, otherwise it is treated as an unknown command and claude must ask for permission.

Alternative Solutions

Using scripts that cant be edited by claude via ACL. This doesnt work well because the script could be moved, if claude has permission to the directory, and a new script with the same name can be created in the same place.

Priority

Low - Nice to have

Feature Category

Other

Use Case Example

_No response_

Additional Context

_No response_

View original on GitHub ↗

This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗