[BUG] Bash tool bypasses configured working directory boundaries

Resolved 💬 2 comments Opened Apr 23, 2026 by msmith110660 Closed Apr 23, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Description:

Claude Code was configured with two working directories:

Primary: C:\code\evaluator
Additional: C:\code\play\Ops\Application\playwright-tests
Despite this, when Claude ran a find command targeting C:\code\play\Ops (a parent directory outside the configured scope), it executed successfully and returned results — with no permission prompt and no block.

The working directory configuration should enforce access boundaries at the system level, not rely on the model to self-restrict. A find or any other Bash command targeting a path outside the configured directories should be blocked or at minimum trigger a permission prompt.

Expected behavior: Bash commands targeting paths outside configured working directories are blocked or require explicit user approval.

Environment:

OS: Windows 11 Pro
Shell: bash (Git Bash)

What Should Happen?

Actual behavior: The command executed freely and returned file listings from an unauthorized directory scope.

Error Messages/Logs

Steps to Reproduce

See bug report

Claude Model

Sonnet (default)

Is this a regression?

I don't know

Last Working Version

_No response_

Claude Code Version

Claude 1.3883.0 (93ff6c) 2026-04-21T17:24:01.000Z

Platform

Other

Operating System

Windows

Terminal/Shell

Windows Terminal

Additional Information

_No response_

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗