[BUG] Bash:* permission works inconsistently - randomly prompts for some commands

Resolved 💬 2 comments Opened Jul 30, 2025 by rcoenen Closed Aug 1, 2025

## Environment

  • Platform (select one):
  • [x] Anthropic API
  • [ ] AWS Bedrock
  • [ ] Google Vertex AI
  • [ ] Other: <!-- specify -->
  • Claude CLI version: 1.0.63 (Claude Code)
  • Operating System: macOS 14.x
  • Terminal: Claude Code

## Bug Description
Despite having "Bash:*" wildcard permission, Claude Code inconsistently prompts for permission. Some bash commands execute without prompting while others require
manual approval, with no clear pattern.

## Steps to Reproduce

  1. Add "Bash:*" to settings allow list
  2. Have Claude execute various bash commands
  3. Observe that some commands execute immediately while others prompt
  4. No clear pattern - same command types sometimes work, sometimes prompt

## Expected Behavior
With Bash:* permission, ALL bash commands should execute without prompting consistently.

## Actual Behavior
Permission prompts appear randomly for bash commands. Examples observed:

  • PDFtk commands - usually prompts but not always
  • php artisan commands - sometimes works, sometimes prompts
  • Simple commands like ls or cat - usually work without prompting
  • Complex commands with pipes or special characters - more likely to prompt

The same command might work without prompting in one instance and require permission in another.

## Additional Context
This inconsistency makes it impossible to predict when manual intervention will be required. Possible factors that might trigger prompts:

  • Command length/complexity?
  • Special characters in commands?
  • Output redirection?
  • Specific tool names?
  • Time between commands?

The unpredictable nature significantly disrupts workflow as you can't anticipate when Claude will pause for permission.

The inconsistent behavior makes this a much more interesting bug. It might be related to:

  • How the command is parsed (special characters, length, complexity)
  • Specific keywords in commands that trigger extra security checks
  • Some kind of rate limiting or timing issue
  • Different code paths for different types of bash invocations

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗