Permission matcher treats shell keywords (do, done, then, else) as command names
Description
The permission system's shell command parser doesn't recognize shell keywords like do, done, then, else, fi as syntax. When a Bash tool call contains a for loop or if statement, the permission matcher treats the keyword after ; as the command name and prompts for permission.
Steps to reproduce
- Have
Bash(mpqcli *)in your allowed permissions - Ask Claude to run:
``bash``
for mpq in a.MPQ b.MPQ; do mpqcli list "$mpq"; done
- Claude gets prompted to allow
do mpqcli list ...instead of recognizingmpqclias the command
Expected behavior
The permission matcher should skip shell keywords (do, done, then, else, fi, elif) and match against the actual command that follows them.
Actual behavior
do is treated as the command prefix. Users accumulate permission entries like Bash(do *) and Bash(done) in their settings, which grows the allow list with meaningless entries.
Impact
Each new shell construct in a Bash call triggers a new permission prompt, even when the underlying command is already allowed. Over time this leads to bloated settings files (150+ entries in my case, many of which are shell syntax artifacts).
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗