[FEATURE] VS Code extension should respect permissions allowlist from settings.json

Resolved 💬 3 comments Opened Dec 12, 2025 by djf1982 Closed Dec 16, 2025

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

he CLI version of Claude Code allows users to configure granular tool permissions via .claude/settings.json, enabling specific commands to run without manual approval while keeping dangerous operations locked down. However, the VS Code Claude Code extension does not appear to honor these same permission allowlists.

This creates a significant limitation: users cannot run autonomous or semi-autonomous coding sessions in VS Code because every tool invocation requires manual approval, even for safe, pre-approved operations.

Proposed Solution

The VS Code extension should read and respect the permissions.allow configuration from:

  • .claude/settings.json (project-level)
  • .claude/settings.local.json (local, gitignored overrides)
  • ~/.claude/settings.json (global user settings)

This would bring the VS Code experience in line with the CLI, allowing the same granular permission model across both interfaces.

Alternative Solutions

_No response_

Priority

High - Significant impact on productivity

Feature Category

Configuration and settings

Use Case Example

I want to set Claude on long-running tasks overnight (e.g., implementing a feature, fixing a batch of bugs, or running a test-driven development loop) without needing to be present to approve every tool use.

However, I don't want to grant blanket permissions for all operations—that would be dangerous. I want to allow:

  • Safe read operations (Read(**))
  • Git commands (Bash(git:*))
  • Package manager commands (Bash(npm:), Bash(pnpm:))
  • Test runners (Bash(vitest:), Bash(jest:))
  • Linting/formatting (Bash(eslint:), Bash(prettier:))

While still requiring approval for:

  • Arbitrary shell commands
  • File deletions outside of safe patterns
  • Network operations beyond known safe domains
  • Any destructive git operations like push --force

Current state: In VS Code, I cannot do this. Every action requires approval, making overnight or unattended sessions impossible.

Desired state: My .claude/settings.json allowlist is respected, so Claude can work autonomously within the boundaries I've defined.

Additional Context

_No response_

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗