[BUG] Deny permissions for Edit/Write tools not enforced in v2.0.56
Resolved 💬 3 comments Opened Dec 2, 2025 by chris-hud Closed Dec 6, 2025
Description
Deny permissions for Edit and Write tools in .claude/settings.json are completely non-functional. All tested deny rules are ignored regardless of path format.
Version
2.0.56 (Claude Code)
Configuration Tested
{
"permissions": {
"deny": [
"Edit(./CLAUDE.md)",
"Write(./CLAUDE.md)",
"Edit(./.claude/settings.json)",
"Write(./.claude/settings.json)",
"Edit(./apps/api/appsettings.json)",
"Write(./apps/api/appsettings.json)"
]
}
}
Path Formats Tested
All of these were bypassed:
- Bare paths:
Edit(CLAUDE.md) - Relative with
./:Edit(./CLAUDE.md) - Glob patterns:
Edit(**/CLAUDE.md) - Both cases:
claude.mdandCLAUDE.md
Steps to Reproduce
- Add
Edit(./CLAUDE.md)to deny list in.claude/settings.json - Ask Claude to edit
CLAUDE.md - Claude successfully edits the file despite the deny rule
Expected Behavior
Claude should refuse to edit files matching deny patterns.
Actual Behavior
Claude edits files freely, completely ignoring deny rules for Edit/Write tools.
Related Issues
This appears to be a continuation of previously "fixed" issues:
- #6699 - Critical Security Bug: deny permissions not enforced (closed as completed)
- #6631 - Permission Deny Configuration Not Enforced for Read/Write Tools
- #4467 - Permission deny patterns not working for Read/Write tools
The fix from those issues either didn't fully work or regressed in v2.0.56.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗