story-kit: create 180_bug_web_ui_permissions_handling_unreliable
This commit is contained in:
Dave
@@ -6,14 +6,40 @@ name: "Web UI permissions handling unreliable"
|
|||||||
|
|
||||||
## Description
|
## Description
|
||||||
|
|
||||||
Permissions handling in the web UI chat has issues. This is a tracking bug to collect specific problems as they're encountered.
|
Permissions handling in the web UI chat is intermittently unreliable. This is a tracking bug to collect specific problems as they're encountered.
|
||||||
|
|
||||||
Known issues:
|
Known issues:
|
||||||
1. **Chained commands fail permission validation**: Commands chained with `&&` or `|` in a single Bash call fail permission validation even when each individual command would match an allow rule. E.g. `git status && echo "---" && git log` fails because the full shell string doesn't cleanly match `Bash(git *)`. This is expected — Anthropic's permission system correctly refuses to whitelist compound shell strings since anything could follow `&&`.
|
|
||||||
|
|
||||||
When this happens inside a parallel batch, the Claude Code cascade bug ([anthropics/claude-code#22264](https://github.com/anthropics/claude-code/issues/22264)) kills all sibling calls too, making it look like a batch size problem — but it's not. 11 parallel simple `git` calls work fine.
|
1. **Permission hook returns invalid responses**: The permission hook intermittently returns a malformed response that doesn't match the expected `{"behavior": "allow"}` or `{"behavior": "deny", "message": "..."}` schema. This affects ALL tool types — not just Bash. We've observed it on Edit tool calls (which don't even require explicit permission) as well as Bash calls. The error is:
|
||||||
|
|
||||||
**Workaround**: Don't chain commands with `&&`. Use separate Bash calls for each command.
|
```json
|
||||||
|
{
|
||||||
|
"code": "invalid_union",
|
||||||
|
"errors": [
|
||||||
|
[{ "code": "invalid_value", "values": ["allow"], "path": ["behavior"], "message": "Invalid input: expected \"allow\"" }],
|
||||||
|
[{ "code": "invalid_value", "values": ["deny"], "path": ["behavior"], "message": "Invalid input: expected \"deny\"" },
|
||||||
|
{ "expected": "string", "code": "invalid_type", "path": ["message"], "message": "Invalid input: expected string, received undefined" }]
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
This is intermittent — retrying the same tool call often succeeds. Cause unknown.
|
||||||
|
|
||||||
|
2. **Cascade failures on parallel calls**: When the above error hits one call in a parallel batch, Claude Code's all-or-nothing model kills all sibling calls too ([anthropics/claude-code#22264](https://github.com/anthropics/claude-code/issues/22264)). This is upstream and can't be fixed on our side.
|
||||||
|
|
||||||
|
3. **Chained commands fail permission matching**: Commands chained with `&&`, `||`, or `;` won't match simple allow rules like `Bash(git *)`. This is expected behavior and documented in `CLAUDE.md`.
|
||||||
|
|
||||||
|
## How to reproduce
|
||||||
|
|
||||||
|
### Issue 1 (intermittent hook failure)
|
||||||
|
Use the web UI chat with claude-code provider. Perform normal operations (Edit files, run git commands). Intermittently, tool calls fail with the `invalid_union` error above. The same call succeeds on retry.
|
||||||
|
|
||||||
|
### Issue 3 (chained commands)
|
||||||
|
Run a Bash call with chained commands like:
|
||||||
|
```
|
||||||
|
git status && echo "---" && git log --oneline
|
||||||
|
```
|
||||||
|
This fails permission validation even though `Bash(git *)` is in the allow list.
|
||||||
|
|
||||||
## How to reproduce
|
## How to reproduce
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user