Context: Working on dotfiles (~/.config), investigating Claude Code permission denials
Claude Code Bash(jq *) allowlist not matching
Bash(jq *) is in ~/.claude/settings.json under permissions.allow, yet running jq '.mcpServers.playwright' ~/.claude.json still triggers a PermissionRequest. The PermissionRequest hook (permission-suggestion) then auto-denies it.
Root cause (from source code analysis)
Examined the Claude Code source via chauncygu/collection-claude-code-source-code (source map leak from npm package, March 31 2026).
Key files:
src/tools/BashTool/bashPermissions.ts-filterRulesByContentsMatchingInput()src/utils/permissions/shellRuleMatching.ts-matchWildcardPattern()src/utils/bash/ast.ts-parseForSecurity()
The permission matching flow:
parseForSecurity()parses the command via tree-sitter- If feature flag
TREE_SITTER_BASH_SHADOWis on, the AST result is thrown away and forced toparse-unavailable, falling back to legacysplitCommand_DEPRECATED - The legacy parser splits subcommands, then
filterRulesByContentsMatchingInput()checks each subcommand against rules - Before wildcard matching, a compound command check runs:
if (isCompoundCommand.get(cmdToMatch)) { return false }— this skips wildcard matching entirely for compound commands - Hypothesis:
splitCommand_DEPRECATEDmisparses the single-quoted jq filter argument (e.g.,'.mcpServers.playwright'), causing the compound command check to return true, which skips the wildcardjq *rule
The matchWildcardPattern("jq *", ...) function itself works correctly — it builds regex ^jq( .*)?$ which would match. The issue is upstream: the command never reaches the wildcard matcher.
Related issues
- anthropics/claude-code#34379 - glob matching breaks with
#character (similar class of bug) - anthropics/claude-code#14956 - skill allowed-tools not granting Bash permissions
Next steps
- Clone at
/Users/achhina/projects/claude-code-sourcefor further investigation - Could write a test to confirm the
splitCommand_DEPRECATEDmisparsing hypothesis - Consider filing a bug on anthropics/claude-code