Bash allowlist pattern 'Bash(curl *)' in settings.local.json not matching — repeated permission prompts

[pyfd]

Bug Description

Bash(curl *) is listed in permissions.allow in .claude/settings.local.json, but Claude Code still prompts for permission on every curl invocation. During a single session with ~20 curl commands (API endpoint testing), the user had to approve "Yes, and don't ask again for: curl:*" repeatedly.

Reproduction

1. Add both patterns to .claude/settings.local.json:

   {
     "permissions": {
       "allow": [
         "Bash(curl *)",
         "Bash(curl:*)"
       ]
     }
   }

2. Ask Claude Code to test API endpoints using curl (e.g. "test these 12 endpoints with curl")

3. Expected: curl commands execute without permission prompts
   Actual: Each curl command triggers a permission prompt: "Yes, and don't ask again for: curl:*"

Additional Context

• The "don't ask again" approvals during the session don't appear to persist either — no project-level settings.json was created at ~/.claude/projects/<project>/settings.json after the session
• Other Bash(...) patterns in the same file (e.g. Bash(node *), Bash(git *)) appear to work correctly
• It's possible the colon in curl:* vs space in curl * is causing a format mismatch between what the allowlist expects and what the permission check evaluates

Environment

• Claude Code CLI (Opus 4.6)
• Linux (LXC container)
• Bash shell

[CAFxX]

Can confirm this is still happening as of 2.1.71 on mac os

[pb52]

Still happening on 2.17.1 Windows