[BUG] Command permission system doesn't recognize pytest variations as the same operation

Resolved 💬 11 comments Opened Jul 13, 2025 by AshKash Closed Jan 5, 2026

## Description

The Claude Code permission system requires separate permission grants for pytest commands
with different arguments or environment variables, even when choosing "Yes, and don't
ask again for similar commands in [directory]". This creates friction in development
workflows where pytest needs to be run with various configurations.

## Steps to Reproduce

  1. Run a pytest command with specific arguments/env vars:

```bash
NODE_ENV=test pytest tests/unit/test_example.py

  1. When prompted, select "Yes, and don't ask again for similar commands in /path/to/repo"
  2. Run a different pytest command with different arguments/env vars:

DEBUG=1 pytest tests/integration/test_other.py -v

  1. Permission prompt appears again

Expected Behavior

After granting permission for pytest commands in a directory, all variations of pytest
(with different arguments, environment variables, test files, flags) should be
automatically approved without requiring separate permissions.

Actual Behavior

Each variation of pytest command requires a separate permission grant, treating them as
different operations rather than variations of the same testing tool.

Environment

  • Claude Code version: 1.0.51 (based on local package.json)
  • OS: macOS (Darwin 24.4.0)
  • Shell: bash/zsh
  • Directory: /Users/user/repos/myproject

Impact

This significantly impacts development velocity when running tests with different
configurations, as developers need to manually approve each pytest variation. Testing
workflows commonly require:

  • Different environment variables (mocking flags, test databases)
  • Different test file paths
  • Different pytest flags (-v, -s, --tb=short, etc.)
  • Different test selection patterns

Example Commands That Each Require Separate Permission

# Each of these requires a separate permission grant:
pytest tests/unit/
NODE_ENV=test pytest tests/integration/
DEBUG=1 MOCK_API=1 pytest tests/integration/test_api.py -v
pytest tests/unit/test_models.py::TestUser::test_creation
make test-unit
make test-integration

Suggested Fix

The permission system should recognize that pytest commands are fundamentally the same
operation regardless of:

  • Command line arguments
  • Environment variables
  • Test file paths
  • Pytest flags
  • Make targets that run pytest

Possible solutions:

  1. Pattern-based matching: Use regex patterns like .pytest. instead of exact string

matches

  1. Command classification: Recognize common development tools (pytest, npm test, cargo

test, etc.) and group their variations

  1. Configurable tool whitelist: Allow users to specify trusted commands in settings

Current Workaround

Using hooks configuration in ~/.claude/settings.json, but this shouldn't be necessary for
such a common development tool:

{
"hooks": {
"PreToolUse": [
{
"matcher": "Bash",
"hooks": [
{
"type": "command",
"command": "echo \"$TOOL_INPUT\" | grep -q 'pytest' && echo '{\"decision\":
\"approve\"}'"
}
]
}
]
}
}

Related Issues

This likely affects other common development commands:

  • npm test vs npm run test:unit vs npm run test:e2e
  • cargo test vs cargo test --release vs cargo test package_name
  • go test vs go test -v vs go test ./...

Additional Context

The permission was initially granted in the project repository context, but subsequent
pytest commands with different arguments/environment variables still trigger permission
prompts, suggesting the permission matching is too strict for practical development
workflows.

View original on GitHub ↗

This issue has 11 comments on GitHub. Read the full discussion on GitHub ↗