ralph-wiggum plugin: Bash permission check fails despite allowed-tools declaration

[bighapa67]

Description

The ralph-wiggum plugin's /ralph-loop command fails with a permission error even though:

1. The plugin correctly declares allowed-tools in its command definition
2. Manual Bash(...) permissions are added to settings.local.json

The permission system appears to be checking the raw markdown content (including code fence markers) rather than the parsed command, and/or not handling quoted paths correctly.

Steps to Reproduce

1. Install the ralph-wiggum plugin:

   claude plugin install ralph-wiggum@claude-plugins-official

2. Run the ralph-loop command:

   /ralph-wiggum:ralph-loop "Test task" --completion-promise "DONE" --max-iterations 5

3. Observe the error

Expected Behavior

The command should execute successfully because the plugin's commands/ralph-loop.md declares:

allowed-tools: ["Bash(${CLAUDE_PLUGIN_ROOT}/scripts/setup-ralph-loop.sh)"]

Actual Behavior

Error message:

Error: Bash command permission check failed for pattern "` ` `!
"/home/user/.claude/plugins/cache/claude-plugins-official/ralph-wiggum/15b07b46dab3/scripts/setup-ralph-loop.sh" "Test task" --completion-promise "DONE" --max-iterations 5
` ` `": This command requires approval

Note that the error shows:

1. The markdown code fence markers are included in the pattern being checked
2. The path has quotes around it ("/home/user/...")

Attempted Workarounds

Added various permission patterns to .claude/settings.local.json:

• Bash(/home/user/.claude/plugins/cache/claude-plugins-official/ralph-wiggum/:*) - No match
• Bash(*ralph-wiggum*) - Rejected by validator ("Use :* for prefix matching")

None matched because the actual command starts with a quote character.

Environment

• Claude Code version: Latest (Jan 5, 2026)
• OS: Linux (WSL2 Ubuntu 22.04 on Windows 11)
• Plugin version: ralph-wiggum@claude-plugins-official (hash: 15b07b46dab3)

Analysis

The permission pattern matching appears to have two issues:

1. Raw markdown parsing: The pattern being checked includes markdown fence markers, suggesting the command isn't being properly extracted from the markdown

2. Quoted path mismatch: The actual command wraps the path in quotes for shell safety ("/path/to/script"), but permission patterns don't include quotes, causing a mismatch

Related Issues

• /ralph-loop skill fails due to multi-line bash command security restriction claude-plugins-official#91 - Multi-line bash fix was merged Jan 2, 2026
• ralph-wiggum:ralph-loop skill fails with 'Command contains newlines' error #15640 - "Command contains newlines" variant (different error, same plugin)

This appears to be a separate issue from the newlines bug that was recently fixed.

[Th0rgal]

getting the same issue

[theramjad]

Same issue

[rphovley]

Seeing this on macos as well
Sequoia 15.6.1
Claude Code: 2.0.67

[TedYav]

Same, bummer looks like a cool plugin. If only I could start a ralph loop to debug the permissions check!

[lnvestor]

Here is the fix but i can't see ralph plugin anymore in the plugins list but once it added back i hope add bash to allow array

{
"$schema": "https://json.schemastore.org/claude-code-settings.json",
"permissions": {
"allow": [
"Bash"
]
},
"statusLine": {
"type": "command",
"command": "input=$(cat); current_dir=$(echo "$input" | jq -r '.workspace.current_dir'); dir_name=$(basename "$current_dir"); branch=$(git -C "$current_dir$
},
"feedbackSurveyState": {
"lastShownTime": 1754002773420
},
"enabledPlugins": {
"rust-analyzer-lsp@claude-plugins-official": true
}
}

[ian]

Same problem.

[ian]

Opened PR to fix: #16632

Works locally for me, if you want to try yourself:

1. Open ~/.claude/plugins/cache/claude-code-plugins/ralph-wiggum/1.0.0/commands/ralph-loop.md
2. Change the backtick line to remove the backticks

```!
"${CLAUDE_PLUGIN_ROOT}/scripts/setup-ralph-loop.sh" $ARGUMENTS
```

to

Bash("${CLAUDE_PLUGIN_ROOT}/scripts/setup-ralph-loop.sh" $ARGUMENTS) 

[marcindulak]

Does this broader setting help #16037 (comment)?