Problem
When Claude Code prompts for tool permission approval, the "always allow" option uses a wildcard that doesn't distinguish between read and write operations.
Example: Running git branch --show-current (a read-only command) offers git * as the auto-approve option. Accepting that would also auto-approve destructive commands like git push --force, git reset --hard, git clean -f, etc.
This makes the auto-approve option unusable for safety-conscious users — you have to deny every time because the granularity is too coarse.
Expected Behavior
The auto-approve options should separate by operation type. For example:
- Read-only git:
git branch *, git log *, git diff *, git status *, git rev-parse *, git show *
- Write git:
git add *, git commit *, git push *
- Destructive git:
git reset --hard *, git push --force *, git clean -f *, git branch -D *
This way users can auto-approve read operations without inadvertently allowing destructive ones.
Impact
Users who care about safety end up denying most auto-approve prompts, adding friction to every session. The current wildcard grouping defeats the purpose of having granular permissions.
Problem
When Claude Code prompts for tool permission approval, the "always allow" option uses a wildcard that doesn't distinguish between read and write operations.
Example: Running
git branch --show-current(a read-only command) offersgit *as the auto-approve option. Accepting that would also auto-approve destructive commands likegit push --force,git reset --hard,git clean -f, etc.This makes the auto-approve option unusable for safety-conscious users — you have to deny every time because the granularity is too coarse.
Expected Behavior
The auto-approve options should separate by operation type. For example:
git branch *,git log *,git diff *,git status *,git rev-parse *,git show *git add *,git commit *,git push *git reset --hard *,git push --force *,git clean -f *,git branch -D *This way users can auto-approve read operations without inadvertently allowing destructive ones.
Impact
Users who care about safety end up denying most auto-approve prompts, adding friction to every session. The current wildcard grouping defeats the purpose of having granular permissions.