Deny rule bypassed when git merge is chained with && after git checkout

Resolved 💬 3 comments Opened Apr 2, 2026 by Predatrador Closed Apr 6, 2026

Bug Description

A deny rule in settings.json for Bash(git merge:*) is bypassed when git merge is chained after git checkout using &&. The deny rule should be a hard block with no override, but the command executes without any prompt or block.

Reproduction Steps

settings.json deny rule:

"deny": [
  "Bash(git merge:*)"
]

Commands tested:

| Command | Result |
|---------|--------|
| git merge --help | Blocked (expected) |
| echo "prefix" && git merge --help | Blocked (expected) |
| git checkout main && git merge --ff-only branch | Not blocked (BUG) |

Expected Behavior

All three commands should be blocked by the deny rule. The && operator should not bypass deny evaluation for subcommands.

Actual Behavior

git checkout main && git merge --ff-only branch executes successfully — no block, no prompt. The merge completes silently.

Environment

  • Claude Code version: CLI
  • OS: Windows 10 Pro (MINGW64 / Git Bash)
  • Shell: bash
  • Model: claude-opus-4-6

Notes

  • The deny rule correctly blocks git merge when it appears at the start of the command
  • The deny rule correctly blocks echo && git merge (non-git prefix)
  • The bypass seems specific to git checkout && git merge — possibly a special-case interaction with git subcommand parsing
  • This was discovered in production when an agent performed a fast-forward merge despite the deny rule being in place

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗