Deny rule bypassed when git merge is chained with && after git checkout
Bug Description
A deny rule in settings.json for Bash(git merge:*) is bypassed when git merge is chained after git checkout using &&. The deny rule should be a hard block with no override, but the command executes without any prompt or block.
Reproduction Steps
settings.json deny rule:
"deny": [
"Bash(git merge:*)"
]
Commands tested:
| Command | Result |
|---------|--------|
| git merge --help | Blocked (expected) |
| echo "prefix" && git merge --help | Blocked (expected) |
| git checkout main && git merge --ff-only branch | Not blocked (BUG) |
Expected Behavior
All three commands should be blocked by the deny rule. The && operator should not bypass deny evaluation for subcommands.
Actual Behavior
git checkout main && git merge --ff-only branch executes successfully — no block, no prompt. The merge completes silently.
Environment
- Claude Code version: CLI
- OS: Windows 10 Pro (MINGW64 / Git Bash)
- Shell: bash
- Model: claude-opus-4-6
Notes
- The deny rule correctly blocks
git mergewhen it appears at the start of the command - The deny rule correctly blocks
echo && git merge(non-git prefix) - The bypass seems specific to
git checkout && git merge— possibly a special-case interaction with git subcommand parsing - This was discovered in production when an agent performed a fast-forward merge despite the deny rule being in place
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗