Claude Code removes custom file search tool in favor of Bash, bypassing user permission escalation

According to Dynamic Beating monitoring, Claude Code removed the dedicated Grep (text search) and Glob (filename matching) tools starting from version 2.1.117, and all file operations are now performed through Bash. Bash is a general-purpose command-line tool capable of more than just file searching; it also includes high-risk operations such as deletion, modification, software installation, etc. Anthropic engineer Adam Wolff stated that the speed is faster after the change, and "it took four months to remove these tools, which was much more challenging than adding them."

Amp Code CEO Quinn Slack pointed out that this change has disrupted the existing permission management logic. Previously, users could set permissions based on tool types: read-only tools like Grep and Glob were automatically allowed, while Bash commands were manually approved line by line. Now, all operations go through Bash, rendering this hierarchical approval process ineffective: users either have to approve each shell command individually (highly inefficient) or grant blanket approval (losing security control).

Slack believes that this has exposed a more fundamental issue: managing agent permissions with deterministic rules is not feasible. The model can bypass classification using various equivalent expressions, such as using bash(grep query | head -n 10) instead of dedicated search tools, or inline calls to sed, perl, python to execute arbitrary operations. He mentioned that the Amp team has attempted to automatically parse Bash commands to assess security, stating that it "can reduce about half of the approval volume, but the remaining amount is still too much."