[FEATURE] Feature request: treat equivalent commands uniformly in permission rules

Resolved 💬 4 comments Opened Mar 9, 2026 by byliu-labs Closed Apr 10, 2026

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

Commands that do the same thing via different spellings (e.g., npm test vs npx jest, python vs python3, grep vs rg) are currently independent in the permission system. A rule allowing one does not cover the other, leading to redundant rules and user confusion.

Users write Bash(npm test) and are surprised when npx jest (which npm test invokes) still prompts. Similarly, python vs python3, node vs npx, and tool-specific wrappers like ./gradlew vs gradle create friction. The current system is purely string-based, which is correct as a foundation but leaves a usability gap.

Proposed Solution

Proposed Behavior

Two possible approaches (not mutually exclusive):

A) User-defined aliases in settings:

{
  "commandAliases": {
    "python": ["python3", "python3.11"],
    "test": ["npm test", "npx jest", "yarn test"]
  }
}

B) Built-in equivalence for common cases:
The permission engine could ship a small set of known equivalences (e.g., python/python3, node/nodejs) that are applied automatically, with an opt-out.

Approach A is more flexible and less magical. Approach B reduces setup friction for common cases.

Current Workaround

List every variant explicitly in allow rules, or use broad wildcards like Bash(python*) which may overmatch.

Alternative Solutions

_No response_

Priority

Medium - Would be very helpful

Feature Category

Configuration and settings

Use Case Example

_No response_

Additional Context

_No response_

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗