[MODEL] ExitPlanMode requests permissions already in allow list

Resolved 💬 2 comments Opened Jan 14, 2026 by randynov Closed Feb 27, 2026

Type of Behavior Issue: Other unexpected behavior

What You Asked Claude to Do:
During plan mode validation, I was reviewing a proposed implementation plan. The plan required running gh issue edit and gh issue comment commands.

What Claude Actually Did:
Claude called ExitPlanMode with:

{
  "allowedPrompts": [
    {"tool": "Bash", "prompt": "update GitHub issue body"},
    {"tool": "Bash", "prompt": "add GitHub issue comment"}
  ]
}

This created permission request prompts during plan approval asking me to authorize "update GitHub issue body" and "add GitHub issue comment", even though I already had these permissions granted.

Expected Behavior:
Claude should have:

  1. Read .claude/settings.local.json before calling ExitPlanMode
  2. Checked that Bash(gh *) and Bash(gh issue edit:*) already cover these commands
  3. Called ExitPlanMode() WITHOUT allowedPrompts parameter
  4. Not created redundant permission prompts

Files Affected:
Read (should have been checked):

  • .claude/settings.local.json - Contains existing Bash(gh *) permission

Permission Mode:
Accept Edits was OFF (manual approval required)

Can You Reproduce This:
Yes, every time with the same prompt

Steps to Reproduce:

  1. Add to .claude/settings.local.json:

``json
{
"permissions": {
"allow": ["Bash(gh *)"]
}
}
``

  1. Ask Claude to validate a plan that requires gh commands
  2. Claude enters plan mode
  3. Claude calls ExitPlanMode with allowedPrompts for gh commands
  4. User receives redundant permission prompts for already-granted permissions

Claude Model: Sonnet

Impact: Medium - Extra work to approve redundant permissions

Claude Code Version: 2.1.7 (Claude Code)

Platform: Anthropic API

Additional Context:
This appears to be a gap in Claude's ExitPlanMode tool instructions. The tool definition says "Only request permissions you actually need" but doesn't instruct Claude to check existing permissions first. This creates friction for users who have pre-configured their allow lists.

Root cause: Claude's system prompt or tool definition should include:

  • "Read .claude/settings.local.json before using allowedPrompts"
  • "Only include commands NOT already in the allow list"
  • Or the tool implementation should auto-filter redundant requests

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗