Permission patterns not working on Windows/WSL - session-level allow ignored

Resolved 💬 5 comments Opened Jan 14, 2026 by KenM-BT Closed Feb 28, 2026

Bug Report: Permission Prompts Not Respecting Configuration

Issue Summary

Claude Code continues to prompt for file edit/write permissions on every tool call, despite:

  1. Explicit glob patterns configured in .claude/settings.local.json
  2. User selecting "Yes, allow all edits during this session" (Shift+Tab option)
  3. Multiple Claude restarts

Critical Finding: Session-level "allow all" permission does NOT persist between tool calls - prompts reappear on every subsequent Edit/Write operation.

Environment

  • OS: Windows 11 (Version 10.0.26200.7462)
  • Environment: WSL (Windows Subsystem for Linux) with Ubuntu
  • Shell: Bash in WSL
  • Claude Code Version: 2.1.7
  • Working Directory: /mnt/d/Projects/MyCompany/MyProject (Windows drive mounted in WSL)
  • Windows Terminal: Running Claude Code in WSL sessions

Development Setup

Running Claude Code in WSL Ubuntu, accessing Windows filesystem via /mnt/d/. Using Windows Terminal with multiple tabs, each running a separate Claude Code session in WSL.

Expected Behavior

  1. Glob Patterns Should Work:
  • Pattern Edit(**/*.md) should allow all .md file edits without prompting
  • Pattern Edit(.claude/**/*) should allow all files in .claude/ directory without prompting
  1. Session-Level Allow Should Persist:
  • When user selects "Yes, allow all edits during this session" (Shift+Tab)
  • No further prompts should appear for the entire Claude Code session
  • This should persist across multiple tool calls in the same session

Actual Behavior

  1. Glob Patterns Have No Effect:
  • Despite having Edit(**/*.md), Edit(**/*.ts), etc. in settings
  • Claude still prompts on EVERY file edit
  • Example: Prompted when editing .claude/context/active-rag-chatbot.md
  1. Session-Level Allow Does NOT Persist:
  • User selects "allow all edits during this session"
  • Next Edit/Write tool call prompts again
  • Repeats on every single tool call
  1. Inconsistent Behavior:
  • Some files don't prompt (e.g., CLAUDE.md in root)
  • Other files always prompt (e.g., files in .claude/context/)
  • No clear pattern to which files bypass prompts

Configuration Files

.claude/settings.json (shared)

{
  "hooks": {
    "Notification": [...],
    "PostToolUse": [...]
  },
  "permissions": {
    "allow": [
      "Bash(docker compose ps:*)",
      "Bash(git status:*)",
      "Bash(git commit:*)",
      ...
    ]
  }
}

.claude/settings.local.json (user-specific)

{
  "permissions": {
    "allow": [
      "Bash(docker compose:*)",
      "Bash(npm run test:*)",
      "WebSearch",
      "Skill(code-review:code-review)",

      // These patterns should work but DON'T:
      "Write(**/*.md)",
      "Write(**/*.ps1)",
      "Write(**/*.sh)",
      "Write(**/*.ts)",
      "Write(**/*.html)",
      "Write(**/*.css)",
      "Write(**/*.scss)",
      "Write(**/*.py)",
      "Write(.claude/**/*)",

      "Edit(**/*.md)",
      "Edit(**/*.ps1)",
      "Edit(**/*.sh)",
      "Edit(**/*.ts)",
      "Edit(**/*.html)",
      "Edit(**/*.css)",
      "Edit(**/*.scss)",
      "Edit(**/*.py)",
      "Edit(.claude/**/*)"
    ]
  }
}

Reproduction Steps

  1. Configure .claude/settings.local.json with glob patterns like Edit(**/*.md)
  2. Start Claude Code in WSL: claude --model sonnet
  3. Ask Claude to edit any .md file
  4. Observe: Permission prompt appears despite pattern
  5. Select "Yes, allow all edits during this session" (Shift+Tab)
  6. Ask Claude to edit another file
  7. Observe: Permission prompt appears again despite session-level allow

Workaround

Using --dangerously-skip-permissions flag:

claude --model sonnet --dangerously-skip-permissions

Result: ✅ No permission prompts - works perfectly

Note: This is an acceptable workaround for single-developer environments with Git tracking, but defeats the purpose of the permission system.

Impact

Severity: High - Makes Claude Code nearly unusable for interactive development workflows without using the dangerous bypass flag.

Affected Users:

  • Windows/WSL users (WSL Ubuntu accessing Windows filesystem)
  • Users with glob patterns in settings
  • Anyone relying on session-level permission grants
  • Multi-tab WSL workflow users

Additional Context

  • Permission patterns for Bash() commands seem to work correctly
  • Permission patterns for Skill() seem to work correctly
  • Only Edit() and Write() glob patterns appear broken
  • Issue persists across Claude Code restarts
  • Issue exists in fresh Claude Code sessions
  • Running in WSL environment, accessing Windows drives via /mnt/ mount points

Potential Root Causes

  1. Glob pattern matcher not working correctly on WSL/Windows filesystem mount paths
  2. Session state not persisting between tool calls
  3. Hidden directory (.claude/) handling issues
  4. Path normalization issues between WSL paths and Windows paths
  5. Cross-filesystem permission handling (WSL accessing NTFS via /mnt/)

Related Issues

(Please link if there are existing reports)

Contact

GitHub: (your handle if you want)
Discord: (if applicable)

---

Generated: 2026-01-14
Environment: WSL Ubuntu on Windows 11, multi-tab development workflow

View original on GitHub ↗

This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗