[Bug] Piped bash commands prompt for permission despite all individual commands being allowed

Resolved 💬 3 comments Opened Mar 16, 2026 by tjgoldblatt Closed Mar 19, 2026

Bug Description
Title: Piped bash commands prompt for permission even when all individual commands are allowed

Description:

When my allow list includes patterns for each command in a pipe chain (e.g., Bash(flowdeck ), Bash(grep:),
Bash(tail:*)), Claude Code still prompts for permission when they're combined:

flowdeck run --json 2>&1 | grep -o '"shortId":"[^"]*"' | tail -1

Expected: Since every command in the pipeline is individually allowed, the full piped command should also be
auto-approved.

Actual: Permission prompt appears for the combined command.

Settings (relevant allow rules):
"Bash(flowdeck *)",
"Bash(grep:*)",
"Bash(tail:*)"

Suggestion: The permission matcher could decompose piped commands and check each segment against the allow
list independently. If all segments match, auto-approve the full pipeline.

Environment Info

  • Platform: darwin
  • Terminal: ghostty
  • Version: 2.1.76
  • Feedback ID: 8f6c3349-8380-4300-9430-72439cc4b811

Errors

[{"error":"Error: NON-FATAL: Lock acquisition failed for /Users/tj/.local/share/claude/versions/2.1.76 (expected in multi-process scenarios)\n    at FvT (/$bunfs/root/src/entrypoints/cli.js:2417:2026)\n    at Lxq (/$bunfs/root/src/entrypoints/cli.js:2417:1170)\n    at processTicksAndRejections (native:7:39)","timestamp":"2026-03-16T01:51:22.846Z"},{"error":"Error\n    at QI (/$bunfs/root/src/entrypoints/cli.js:74:1144)\n    at <anonymous> (/$bunfs/root/src/entrypoints/cli.js:79:10005)\n    at emit (node:events:92:22)\n    at endReadableNT (internal:streams/readable:861:50)\n    at processTicksAndRejections (native:7:39)\n    at request (/$bunfs/root/src/entrypoints/cli.js:81:2149)\n    at processTicksAndRejections (native:7:39)","timestamp":"2026-03-16T01:51:23.391Z"}]

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗