6 Claude Code Permission Traps I Found Answering GitHub Issues This Week

I answered 57 GitHub Issues this week about Claude Code permissions not working as expected. Here are the 6 patterns that keep tripping people up — and the hooks that fix them. Trap 1: allow Cancels ask (17 Upvotes, 18 Comments) { "permissions" : { "allow" : [ "Bash(*)" ], "ask" : [ "Bash(rm *)" ] } } Expected: safe commands auto-approve, rm asks first. Actual: everything auto-approves. ask is silently ignored. ( #6527 ) Fix: A PreToolUse hook catches what ask misses: #!/bin/bash COMMAND = $( cat | jq -r '.tool_input.command // empty' ) if echo " $COMMAND " | grep -qE 'rm\s+(-[rf]+\s+)*(\/|~|\.\./)' ; then echo "BLOCKED: rm on sensitive path" > &2 exit 2 fi exit 0 Trap 2: Trailing Wildcards Don't Match Zero Arguments { "permissions" : { "allow" : [ "Bash(ssh * uptime *)" ] } } ssh host uptime -s → allowed. ssh host uptime → prompts. The trailing * requires at least one character. ( #36873 ) Fix: Use regex (\s|$) in a hook — matches "space or end of string": if echo " $COMMAND " | grep