Norbert515
diff --git a/‎packages/vide_core/lib/src/permissions/pattern_inference.dart‎
Lines changed: 95 additions & 18 deletions b/‎packages/vide_core/lib/src/permissions/pattern_inference.dart‎
Lines changed: 95 additions & 18 deletions
diff --git a/‎packages/vide_core/lib/src/permissions/permission_matcher.dart‎
Lines changed: 75 additions & 5 deletions b/‎packages/vide_core/lib/src/permissions/permission_matcher.dart‎
Lines changed: 75 additions & 5 deletions
@@ -25,44 +25,66 @@ class PatternInference {
   }
 
   /// Infer pattern for Bash commands
-  /// Example: "npm run test" → "Bash(npm run test:*)"
-  /// Example: "git status" → "Bash(git status:*)"
-  /// Example: "cd /path && dart pub get" → "Bash(dart pub get:*)"
-  /// Example: "find /path -name *.dart" → "Bash(find:*)"
-  /// Example: "dart test 2>&1" → "Bash(dart test:*)" (redirects stripped)
+  /// Example: "npm run test" → "Bash(npm run test *)"
+  /// Example: "git status" → "Bash(git status *)"
+  /// Example: "cd /path && dart pub get" → "Bash(dart pub get *)"
+  /// Example: "find /path -name *.dart" → "Bash(find *)"
+  /// Example: "dart test 2>&1" → "Bash(dart test *)" (redirects stripped)
   static String _inferBashPattern(String command) {
     if (command.isEmpty) return 'Bash(*)';
 
     // Parse compound commands
     final parsedCommands = BashCommandParser.parse(command);
 
-    // Find the "main" command (skip cd commands)
-    var mainCommand = parsedCommands
-        .firstWhere(
-          (cmd) => cmd.type != CommandType.cd,
-          orElse: () => parsedCommands.isNotEmpty
-              ? parsedCommands.first
-              : ParsedCommand('', CommandType.simple),
-        )
-        .command;
+    // Find the "main" command:
+    // - Skip cd commands (just directory changes)
+    // - Skip prefix commands (sleep, timeout, env, etc.)
+    // - Skip pipeline filter parts (grep, head, tail after |)
+    // - Prefer the last meaningful command (prefix cmds appear first in chains)
+    var mainCommand = '';
+    for (final cmd in parsedCommands.reversed) {
+      if (cmd.type == CommandType.cd) continue;
+      if (cmd.type == CommandType.pipelinePart) continue;
+      if (_isPrefixCommand(cmd.command)) continue;
+      mainCommand = cmd.command;
+      break;
+    }
+    // Fallback: if all non-cd commands are pipeline parts, use the first one
+    // (the producer, not the filter)
+    if (mainCommand.isEmpty) {
+      mainCommand = parsedCommands
+          .firstWhere(
+            (cmd) => cmd.type != CommandType.cd && !_isPrefixCommand(cmd.command),
+            orElse: () => parsedCommands.firstWhere(
+              (cmd) => cmd.type != CommandType.cd,
+              orElse: () => parsedCommands.isNotEmpty
+                  ? parsedCommands.first
+                  : ParsedCommand('', CommandType.simple),
+            ),
+          )
+          .command;
+    }
 
     if (mainCommand.isEmpty) return 'Bash(*)';
 
     // Strip shell redirects from the command before inferring pattern
     // These are implementation details that shouldn't be part of the pattern
     mainCommand = _stripShellRedirects(mainCommand);
 
-    // Split into parts
-    final parts = mainCommand.trim().split(RegExp(r'\s+'));
+    // Split into parts (quote-aware)
+    final parts = _splitRespectingQuotes(mainCommand.trim());
     if (parts.isEmpty) return 'Bash(*)';
 
-    // Extract base command (command name only, no path arguments)
+    // Extract base command (command name only, no path/flag/quoted arguments)
     final baseParts = <String>[];
 
     for (final part in parts) {
       // Stop at flags
       if (part.startsWith('-')) break;
 
+      // Stop at quoted arguments (these are values, not sub-command names)
+      if (part.startsWith('"') || part.startsWith("'")) break;
+
       // Stop at path-like arguments (starting with / or ./ or ~/ or ..)
       if (part.startsWith('/') ||
           part.startsWith('./') ||
@@ -79,7 +101,62 @@ class PatternInference {
     }
 
     final baseCommand = baseParts.join(' ');
-    return baseCommand.isEmpty ? 'Bash(*)' : 'Bash($baseCommand:*)';
+    return baseCommand.isEmpty ? 'Bash(*)' : 'Bash($baseCommand *)';
+  }
+
+  /// Split a command string into parts, keeping quoted strings as single tokens.
+  static List<String> _splitRespectingQuotes(String command) {
+    final parts = <String>[];
+    final buffer = StringBuffer();
+    var inSingleQuote = false;
+    var inDoubleQuote = false;
+
+    for (var i = 0; i < command.length; i++) {
+      final char = command[i];
+
+      if (char == "'" && !inDoubleQuote) {
+        inSingleQuote = !inSingleQuote;
+        buffer.write(char);
+      } else if (char == '"' && !inSingleQuote) {
+        inDoubleQuote = !inDoubleQuote;
+        buffer.write(char);
+      } else if (char == ' ' && !inSingleQuote && !inDoubleQuote) {
+        if (buffer.isNotEmpty) {
+          parts.add(buffer.toString());
+          buffer.clear();
+        }
+      } else {
+        buffer.write(char);
+      }
+    }
+
+    if (buffer.isNotEmpty) {
+      parts.add(buffer.toString());
+    }
+
+    return parts;
+  }
+
+  /// Commands that are typically used as prefixes before the "real" command.
+  /// These are delay/wrapper commands that shouldn't be used for pattern inference.
+  static const _prefixCommands = {
+    'sleep',
+    'timeout',
+    'env',
+    'nice',
+    'nohup',
+    'time',
+    'watch',
+    'retry',
+    'wait',
+    'true',
+    'false',
+  };
+
+  /// Check if a command is a prefix/wrapper command like sleep, timeout, etc.
+  static bool _isPrefixCommand(String command) {
+    final firstWord = command.trim().split(RegExp(r'\s+')).firstOrNull ?? '';
+    return _prefixCommands.contains(firstWord);
   }
 
   /// Strip shell redirects from a command string.
 
@@ -210,7 +210,77 @@ class PermissionMatcher {
     return true; // All commands are safe
   }
 
-  /// Match Bash commands with compound command support
+  /// Convert a bash glob pattern to an anchored regex.
+  ///
+  /// Claude Code uses glob-style matching for Bash patterns:
+  /// - `*` matches any characters (like `.*` in regex)
+  /// - `Bash(ls *)` matches `ls`, `ls -la` but NOT `lsof` (space enforces
+  ///   word boundary: prefix must be followed by space-or-end-of-string)
+  /// - `Bash(ls*)` matches both `ls -la` AND `lsof`
+  /// - `Bash(git * main)` matches `git checkout main`
+  /// - Legacy `:*` suffix is treated as ` *` for backward compatibility
+  ///
+  /// The pattern is anchored (full-string match), not a substring search.
+  static RegExp _bashGlobToRegex(String pattern) {
+    // Legacy support: convert trailing `:*` to ` *`
+    var normalized = pattern;
+    if (normalized.endsWith(':*')) {
+      normalized =
+          '${normalized.substring(0, normalized.length - 2)} *';
+    }
+
+    // Special case: trailing ` *` enforces word boundary.
+    // "ls *" matches "ls" (end-of-string) and "ls -la" (space + args)
+    // but NOT "lsof" (no boundary).
+    // We handle this by converting trailing ` *` to `( .*)?` and then
+    // processing the rest normally.
+    String? trailingSuffix;
+    if (normalized.endsWith(' *')) {
+      trailingSuffix = '( .*)?';
+      normalized = normalized.substring(0, normalized.length - 2);
+    }
+
+    // Escape regex special characters, then convert glob `*` to `.*`
+    final buffer = StringBuffer();
+    for (var i = 0; i < normalized.length; i++) {
+      final char = normalized[i];
+      if (char == '*') {
+        buffer.write('.*');
+      } else if (_regexSpecialChars.contains(char)) {
+        buffer.write('\\');
+        buffer.write(char);
+      } else {
+        buffer.write(char);
+      }
+    }
+
+    if (trailingSuffix != null) {
+      buffer.write(trailingSuffix);
+    }
+
+    return RegExp('^${buffer.toString()}\$');
+  }
+
+  static const _regexSpecialChars = {
+    '.', '+', '?', '[', ']', '(', ')', '{', '}', '^', r'$', '|', r'\',
+  };
+
+  /// Check if a command matches a bash glob pattern.
+  static bool _bashGlobMatches(String pattern, String command) {
+    try {
+      return _bashGlobToRegex(pattern).hasMatch(command);
+    } catch (e) {
+      // If pattern is invalid, fall back to exact match
+      return pattern == command;
+    }
+  }
+
+  /// Match Bash commands with compound command support.
+  ///
+  /// Uses glob-style matching (like Claude Code):
+  /// - Each sub-command in `&&`/`||`/`;` chains is matched independently
+  /// - `cd` within the working directory is auto-approved
+  /// - Pipelines use smart matching with safe filter allowlists
   static bool _matchesBashCommand(
     String argPattern,
     String command,
@@ -247,8 +317,8 @@ class PermissionMatcher {
         // Wildcard pattern - use smart matching with safe filters
         return _matchesPipeline(parsedCommands, argPattern, cwd);
       } else {
-        // Exact pattern - just check if the whole command matches
-        return RegExp(argPattern).hasMatch(command);
+        // Exact pattern - check full command string
+        return _bashGlobMatches(argPattern, command);
       }
     }
 
@@ -264,7 +334,7 @@ class PermissionMatcher {
       }
 
       // Check this sub-command against the pattern
-      if (!RegExp(argPattern).hasMatch(parsed.command)) {
+      if (!_bashGlobMatches(argPattern, parsed.command)) {
         return false; // One sub-command doesn't match
       }
     }
@@ -295,7 +365,7 @@ class PermissionMatcher {
       }
 
       // Check if this command matches the pattern
-      final matches = RegExp(argPattern).hasMatch(parsed.command);
+      final matches = _bashGlobMatches(argPattern, parsed.command);
       if (matches) {
         hasMatchingCommand = true;
         continue;