Docs: settings.json permissions don't explain that piped commands need separate entries

[atsaloli]

Problem

The settings documentation explains the Tool(specifier) format for permission rules, but doesn't mention that piped shell commands require a separate allowedTools entry for each command in the pipeline.

Example

To allow Claude Code to send email via:

printf "To: ...\nSubject: ...\n\nBody\n" | msmtp -t

You need two entries in settings.json:

"allowedTools": [
  "Bash(printf:*)",
  "Bash(msmtp:*)"
]

This is non-obvious. I asked Claude Code to add permissions and it added Bash(printf:* | msmtp:*) and it still prompted for approval.

Suggested fix

Add a note or example in the permissions docs clarifying that each command in a pipeline must be individually allowed.

[github-actions]

Found 3 possible duplicate issues:

1. Critical Issue: Bash Pipe Permission Behavior is Unpredictable and Undocumented #14595
2. Permission prompt suggests pattern that won't match piped commands #29967
3. Permission "don't ask again" suggests wrong command in piped chains #28036

This issue will be automatically closed as a duplicate in 3 days.

• If your issue is a duplicate, please close it and 👍 the existing issue instead
• To prevent auto-closure, add a comment or 👎 this comment

🤖 Generated with Claude Code

[atsaloli]

Yeah, it's not exactly a duplicate of any of the above three issues. Maybe the first one, but the scope of my issue is narrower. I'm just referring to two commands in a pipeline. In my testing, if you add both commands to the allow list, the pipeline will be allowed.

[github-actions]

Closing for now — inactive for too long. Please open a new issue if this is still relevant.