[BUG] Allow list overrides deny list when same command appears in both (possible destructive behavior)
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
When the same Bash command pattern appears in both the allow list and deny list, the allow list takes precedence. This is backwards - deny should always win.
Expected behavior:
The deny list should take priority over the allow list. If a command is explicitly denied, it should be blocked regardless of allow rules.
Actual behavior:
Allow list overrides deny list, allowing the command to execute.
Impact:
- Users cannot reliably block dangerous commands if they appear in allow rules
- Violates principle of least privilege (explicit denies should be authoritative)
- Could lead to unintended destructive operations (e.g., discarding uncommitted changes)
What Should Happen?
When evaluating permissions, check the deny list first. If a command matches any deny pattern, block it regardless of allow rules.
Error Messages/Logs
Steps to Reproduce
- Add git checkout:* to deny list
- Add git checkout:* to allow list
- Ask Claude to run git checkout -- <file>
- Command executes successfully (should be blocked)
This is a relatively benign command, but the same behavior works on much more destructive commands as well.
Claude Model
Opus
Is this a regression?
I don't know
Last Working Version
_No response_
Claude Code Version
2.0.55
Platform
Anthropic API
Operating System
Ubuntu/Debian Linux
Terminal/Shell
PowerShell
Additional Information
Terminal: SSH via PowerShell → Ubuntu (byobu/tmux)
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗