[BUG] Project-level allow rules cannot override user-level deny rules for path patterns
Bug Description
Project-level permission settings in .claude/settings.local.json cannot override user-level deny rules from ~/.claude/settings.json. This makes it impossible to work with legitimate source code files that match security patterns.
Reproduction Steps
- Create user-level settings (
~/.claude/settings.json):
{
"permissions": {
"deny": ["Read(**/token)"]
}
}
- Create a Go project with
internal/token/token.go(lexer token definitions, NOT secrets)
- Create project-level settings (
.claude/settings.local.json):
{
"permissions": {
"allow": ["Read(internal/**)"]
}
}
- Try to read
internal/token/token.go
Expected Behavior
Project-level allow rules should be able to override user-level deny rules for specific paths. The principle of "more specific rules override general rules" should apply.
Actual Behavior
The file is blocked with:
Error: File is in a directory that is denied by your permission settings.
The global deny pattern Read(**/token) blocks the entire internal/token/ directory, and no project-level allow can override it.
Impact
This is a critical usability issue for projects with:
internal/token/directories (common in lexer/parser implementations)- Any path containing words that might match security patterns (
token,secret,key, etc.) - Go projects following standard naming conventions
Workaround
Currently, the only workaround is to remove the deny rule from user settings, which defeats the purpose of having project-specific security configurations.
Suggested Fix
Either:
- Priority-based override: Allow project-level settings to explicitly override user-level settings with a special syntax like
"allow-override": ["Read(internal/token/**)"]
- Scope-based matching: Make deny patterns only match files that look like actual secrets (e.g.,
*.key,*.pem,token.json,api_token.env) rather than any path containing the word "token"
- Documentation: At minimum, clearly document this limitation so users understand they cannot use project-level allow to override user-level deny
Environment
- Platform: Windows 11 (MINGW64/Git Bash)
- Claude Code Version: 2.x
- Settings location: User settings in
~/.claude/settings.json - Project settings:
.claude/settings.local.json
Related Issues
- #9924 (Documentation update for security override behavior)
- #10906 (Plan agent ignores parent settings.json permissions)
This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗