[BUG] Error: Permission to use WebSearch has been auto-denied in dontAsk mode.
Resolved 💬 48 comments Opened Nov 18, 2025 by ColtonKinstley Closed Nov 20, 2025
💡 Likely answer: A maintainer (bcherny, collaborator)
responded on this thread — see the highlighted reply below.
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
In the plan agent, I get this error on the WebFetch and other MCP tools. I'm using dangerously bypass permissions.
Error: Permission to use WebSearch has been auto-denied in dontAsk mode.
What Should Happen?
Claude should search the web.
Error Messages/Logs
Error: Permission to use WebSearch has been auto-denied in dontAsk mode.
Steps to Reproduce
- Open Claude with --dangerously-bypass-permissions
- Enter the plan agent
- Suggest web research
Claude Model
Sonnet (default)
Is this a regression?
I don't know
Last Working Version
_No response_
Claude Code Version
2.0.45 (Claude Code)
Platform
Anthropic API
Operating System
macOS
Terminal/Shell
iTerm2
Additional Information
_No response_
48 Comments
+1 Haven't seen this before until today. Seems to happen without --dangerously-skip-permissions flag also.
I have encountered a related version. Seems to be that plan mode sets dontAsk.
In planning mode claude gets denied to read, glob, grep and run bash due to dontAsk mode. So the only way to make Claude useful is auto-accept all edits.
Environment Info
I had to roll back to 2.0.42 to get rid of the problem. It was apparently the same in 2.0.44 for me. (I didn't have 2.0.43 on my system, I reverted by pointing the symlink to an older version.)
I'm seeing the same behavior. 2.0.45 (Claude Code)
happening right now as well
Happening with other mcp tools as well :
Error: Permission to use mcp__memory__create_entities has been auto-denied in dontAsk mode.Another example : Error: Permission to use WebFetch has been auto-denied in dontAsk mode.
Same. PuTTY shell to Deb Trixie.
I am also seeing this kind of often. I didnt even ask to plan. I just said activate the project with serena, then read CONTEXT.md to audit the work done in <phase identifier> with code investigation subagents. It spawns agents that try to use the MCP server and get the same error (i run in bypass permissions mode).
example:
Error: Permission to use mcp__serena__think_about_collected_information has been auto-denied in dontAsk mode.Got this in planning mode
```
Permission to use Read has been auto-denied in dontAsk mode.
This is happening in planning mode even when
--dangerously-skip-permissionsis used. It makes planning mode much less effective. I basically don't use it any more, and have to do my planning in edit mode.same issue for me (i'm on arch linux)
rolled back to 2.0.42 too. no errors and dontAsk mode
Just realized how bugged this bug must be: I noticed that Glob was denied due to dontAsk. Now I was reading up on settings.json and came across this line:
Successfully bypassed this by explicitly allowing the tools
Happening to me too, in planning mode.
Error: Permission to use mcp__makerkit__get_schema_by_section has been auto-denied in dontAsk mode.
v2.0.46
Same here in planning mode (I'm on Windows 11)
Fix incoming!
Please and thank you! 👍
I am seeing "Permission to use Bash has been auto-denied in dontAsk mode.". Not great.
This seems to be totally breaking Plan Mode since it can't actually get all the context it needs to make a valid plan. :( Bad day for Claude Code. Hope this is fixed ASAP else I'll need to start using another tool for the time being -- any suggestions?
Read the thread and you'll find both two workarounds and that a fix is imminent. ☝️
Verified as fixed for me in 2.0.47. Thanks! 🌟
still occurs when I;m in plan mode and use Plan tool. Im using Claude Code v2.0.47 (latest)
Please check and fix asap.
Thank you.
Still occurs in 2.0.47
Confirmed occurring in 2.0.47.
Error: Permission to use Bash has been auto-denied in dontAsk mode.Still not working for me too.
+1 same here, tonnes of wasted dollars on billable tokens, including a self-spawned
exploreagent deciding to try to usecatviabashto write context to a file and getting denied after having generated the entire contentsYes, fix is landing in the next version.
FWIW, Explore and Plan should not be giving you permission prompts, and should be read-only. At least, that was the idea with this change.
The bug was that in auto-accept mode and dangerous mode, more permissions should have been allowed (eg. writing files, bash). Is this the bug that folks are pointing out? Or is the behavior itself surprising?
@bcherny Explore and Plan agents are not giving permission prompts to the user.
When running in verbose mode you can see that many tool uses are being rejected with this "Permission to use X has been auto-denied in dontAsk mode" message. The agents continue on as though nothing happened and make bad assumptions without ever gathering the information they were trying to + this is never communicated to the user and it is resulting in planning sessions that are built on bad assumptions.
Any build that has this problem is useless for any real work.
@bcherny
it's super common for us to ask for plans or explored context discovery to be written to markdown scratchpads (e.g. for agent handoff, PR comment analysis etc), making either of them readonly breaks this workflow
I have always been using plan mode to do read only exploratory work, such as running git history commands with bash
but this no longer works, with
Error: Permission to use Bash has been auto-denied in dontAsk mode.Got it. Instead of fixing forward, we'll roll back this change so we can step back and make sure we're not breaking things for y'all. Sorry about the breakage!
I'm on v2.0.47 and was able to resolve it. Plan mode works as expected now.
Go to
/permissionsand add the following rules:<img width="522" height="198" alt="Image" src="https://github.com/user-attachments/assets/7081f45f-44b0-4958-91d6-24a73d4972d2" />
I have it happening frequently on .47. I am in dangerouslybypass whatever mode, and it seems to happen right away when sub agents are spawned to do plan mode work. Occurs with bash, mcp tools, etc.
...
I am getting getting this error on 2.0.53, Please reopen
Reopen
This is still an issue for me in v2.0.55. I'm running in default mode, and whereas I used to be prompted to allow claude to do Web Search or Bash, now it errors out because of auto denial from 'dontAsk' mode. This didn't used to be an issue. It seems to have started after I used plan mode with auto-accepted edits in a separate session, not sure if that's coincidence or related.
Still a problem today:
Nothing in my
settings.jsonshould be preventing it.For everyone still reporting this: are you in dangerous mode? If so, fix incoming
Could you please clarify in which version the fix will be included? This is still a problem in
2.0.62.Still seeing this issue using (in my case, using the VS Code extension). Domains that I have in the
allowlist go work, but others that are not specified are blocked without even asking, even though I don't have anydenyrules in my settings.@bcherny yes, haven't seen the issue again. also dangerously-skip mode should also skip permissions in plan mode
I am on 2.0.67. I am not in dangerous bypass permissions mode. I still have the issue.
Is it fixed in .69 ?
A variation of this just reappeared somewhere between 2.0.69 and 2.0.72.
2.0.69 worked fine for me. 2.0.72 was completely broken.
Seemed that both
dontAskanddangerously-bypass-permissionswere turned on without anyone asking for either. (At least that was Claude's own assessment of the situation.)And this combination didn't work at all, everything got auto-denied with
Error: Permission to use WebSearch has been auto-denied in dontAsk mode.like errors.In 2.0.73 it's still a problem.
accept edits onmode. Without --dangerously-bypass-permissions.Just tested 2.0.75. Seemed perfectly fine to me.
(There may be some other factors in play here besides the claude-code version though.)
This issue has been automatically locked since it was closed and has not had any activity for 7 days. If you're experiencing a similar issue, please file a new issue and reference this one if it's relevant.