claude-code icon indicating copy to clipboard operation
claude-code copied to clipboard
Published 4 days ago verified publisher icon anthropics

[FEATURE] Regex/glob support for Bash permission patterns

Open RyanSaxe opened this issue 2 weeks ago • 0 comments

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

Many commands are conditionally safe based on their arguments, not just their prefix:

  • find is safe unless using -exec
  • git is safe for read operations (status, log, diff) but risky for writes (push --force)
  • Nearly any command is safe when called with --help

The current Bash(prefix:) syntax can't express these patterns. You can allowlist find: but can't carve out -exec. You can't allowlist "any command ending in --help" without enumerating every command individually.

This forces users to choose between overly permissive rules (allow entire commands) or tedious enumeration (list every safe variant).

Proposed Solution

Currently Bash(prefix:*) only supports prefix matching. Expand to support regex or glob patterns:

  "allow": ["Bash(regex:^\\w+\\s+--help$)"]  // any "cmd --help"
  "ask": ["Bash(regex:.*[;|&`$#].*)"]        // dangerous metacharacters require approval

This enables both permissive patterns (allow all help flags) and defensive patterns (require approval for chaining/subshells) that aren't possible with prefix-only matching.

Alternative Solutions

No response

Priority

High - Significant impact on productivity

Feature Category

CLI commands and flags

Use Case Example

Real Use Case: Claude to freely check command usage with --help flags without prompting me every time, regardless of which command it's checking.

Current workflow:

  1. Claude encounters an unfamiliar CLI tool (e.g., ffmpeg, jq, rg)
  2. Claude wants to run ffmpeg --help to understand available options
  3. I get a permission prompt because ffmpeg isn't in my allowlist
  4. I approve it manually
  5. Later, Claude needs jq --help—another prompt
  6. Then rg --help—another prompt
  7. This repeats endlessly for every new tool

To avoid this, I'd have to enumerate every possible command:

  "allow": [
    "Bash(ffmpeg --help)",
    "Bash(jq --help)",
    "Bash(rg --help)",
    "Bash(docker --help)",
    "Bash(kubectl --help)",
    // ... hundreds more
  ]

Desired workflow:

  1. I configure: "allow": ["Bash(regex:^\S+\s+--help$)"]
  2. Claude runs ffmpeg --help—no prompt
  3. Claude runs jq --help—no prompt
  4. Claude runs rg --help—no prompt
  5. Any --help works automatically

A single pattern replaces an unbounded list of individual rules, and --help is universally safe—it just prints usage information and exits.

Additional Context

No response

RyanSaxe avatar Dec 05 '25 18:12 RyanSaxe