Constantly have to approve chained grep/head/tail commands
The current security model of Claude Code seems to treat chained bash commands as untrustworthy (for good reason), which results in the user having to approve every single one. In many cases, the same thing can be accomplished with a single command (especially if Claude Code uses rg). But the model seem incapable of remembering, even one command later, not to chain commands.
As a workaround, perhaps you should return an error on the first attempt of all not-yet-unauthorized command execution tool calls where a "Yes, and always allow" option wouldn't be shown to the user. When the model receives such an error, it should be instructed to try, if possible, a different (non-chained) command that wouldn't require human approval. If it really needs to run that specific command, it should be able to repeat the command with an extra flag to explicitly request user approval.
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗