bypassPermissions / --dangerously-skip-permissions does not suppress multi-line Bash description safety check

Resolved 💬 4 comments Opened Mar 27, 2026 by nyldn Closed Apr 27, 2026

Bug Description

The --dangerously-skip-permissions flag and bypassPermissions permission mode do not suppress Claude Code's built-in multi-line Bash command safety check. Users in bypass mode still get prompted with:

Command contains newlines that could separate multiple commands

Do you want to proceed?
❯ 1. Yes
  2. No

This happens when the model writes a Bash tool call whose description field contains newlines (common with multi-step or commented commands).

Environment

  • Claude Code version: 2.1.85
  • Platform: macOS (Darwin 25.3.0)
  • Client: cmux (Claude Code desktop app)

Steps to Reproduce

  1. Set "defaultMode": "bypassPermissions" in ~/.claude/settings.json
  2. Set "skipDangerousModePermissionPrompt": true
  3. Start a session (confirms --dangerously-skip-permissions is passed in process args)
  4. Ask Claude to run a Bash command that produces a multi-line description, e.g.:

``
# Check how Gemini is dispatched
grep -n 'gemini' scripts/lib/dispatch.sh | head -20
Find Gemini dispatch patterns
``

  1. Claude Code shows the "Command contains newlines" safety dialog despite bypass mode

Process Evidence

All interactive sessions are launched with the bypass flag:

/Users/chris/.local/bin/claude --session-id <id> --dangerously-skip-permissions

Yet the multi-line description safety check still fires.

Expected Behavior

--dangerously-skip-permissions / bypassPermissions should suppress all permission prompts, including the multi-line Bash description safety check. Users who opt into dangerous mode have explicitly accepted the risk.

Configuration

All three settings layers explicitly set bypass:

// ~/.claude/settings.json (global)
{ "permissions": { "defaultMode": "bypassPermissions" }, "skipDangerousModePermissionPrompt": true }

// .claude/settings.json (project)
{ "permissions": { "defaultMode": "bypassPermissions" }, "skipDangerousModePermissionPrompt": true }

// .claude/settings.local.json (project local)
{ "permissions": { "defaultMode": "bypassPermissions" } }

Additional Context

Stale plugin artifacts (separate, now fixed)

During investigation, stale plugin cache/marketplace temp directories were found with enabledPlugins entries in their .claude/settings.json. These were remnants from a plugin bug and have been cleaned up. They may have contributed to earlier permission mode reset issues but are not the cause of the multi-line safety check bypassing the bypass flag.

claude-mem worker subagents

The claude-mem plugin (thedotmack) spawns background worker subagents with --permission-mode default hardcoded in its worker-service.cjs. These are separate processes with all tools disabled, but worth noting.

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗