Permission pattern matcher fails on commands with shell special characters ({}, | in quotes)
Description
The Bash permission pattern matcher (e.g., Bash(gh pr view:*), Bash(mkdir:*)) fails to match commands that contain shell special characters, even when those characters are inside quoted strings or are standard shell syntax.
Reproduction
Case 1: Pipe characters inside --jq quoted string
Permission rules configured:
"Bash(gh pr view:*)",
"Bash(gh pr:*)"
Command that prompts for permission (should be auto-allowed):
gh pr view 12345 --repo org/repo --json headRefName,baseRefName,files --jq '{head: .headRefName, base: .baseRefName, files: [.files[].path | select(test("\\.(sql|yaml)$"))]}'
The | characters are inside the single-quoted --jq argument, not shell pipes. The command is a single gh pr view invocation and should match the prefix.
Case 2: Brace expansion in mkdir
Permission rule configured:
"Bash(mkdir:*)"
Command that prompts for permission (should be auto-allowed):
mkdir -p /some/path/{before,after,results}
The {before,after,results} is standard bash brace expansion. The command starts with mkdir and should match.
Expected behavior
Commands should match their prefix permission rules regardless of shell special characters (|, {, }, ,, etc.) appearing later in the command, especially when those characters are inside quoted strings or are standard shell syntax (brace expansion).
Actual behavior
Both commands trigger a permission prompt despite matching prefix rules being configured.
Environment
- macOS (Darwin, Apple Silicon)
- Claude Code with
settings.jsonpermission rules
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗