[BUG] Bash tool bypasses configured working directory boundaries
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
Description:
Claude Code was configured with two working directories:
Primary: C:\code\evaluator
Additional: C:\code\play\Ops\Application\playwright-tests
Despite this, when Claude ran a find command targeting C:\code\play\Ops (a parent directory outside the configured scope), it executed successfully and returned results — with no permission prompt and no block.
The working directory configuration should enforce access boundaries at the system level, not rely on the model to self-restrict. A find or any other Bash command targeting a path outside the configured directories should be blocked or at minimum trigger a permission prompt.
Expected behavior: Bash commands targeting paths outside configured working directories are blocked or require explicit user approval.
Environment:
OS: Windows 11 Pro
Shell: bash (Git Bash)
What Should Happen?
Actual behavior: The command executed freely and returned file listings from an unauthorized directory scope.
Error Messages/Logs
Steps to Reproduce
See bug report
Claude Model
Sonnet (default)
Is this a regression?
I don't know
Last Working Version
_No response_
Claude Code Version
Claude 1.3883.0 (93ff6c) 2026-04-21T17:24:01.000Z
Platform
Other
Operating System
Windows
Terminal/Shell
Windows Terminal
Additional Information
_No response_
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗