[MODEL] ExitPlanMode requests permissions already in allow list
Type of Behavior Issue: Other unexpected behavior
What You Asked Claude to Do:
During plan mode validation, I was reviewing a proposed implementation plan. The plan required running gh issue edit and gh issue comment commands.
What Claude Actually Did:
Claude called ExitPlanMode with:
{
"allowedPrompts": [
{"tool": "Bash", "prompt": "update GitHub issue body"},
{"tool": "Bash", "prompt": "add GitHub issue comment"}
]
}
This created permission request prompts during plan approval asking me to authorize "update GitHub issue body" and "add GitHub issue comment", even though I already had these permissions granted.
Expected Behavior:
Claude should have:
- Read
.claude/settings.local.jsonbefore callingExitPlanMode - Checked that
Bash(gh *)andBash(gh issue edit:*)already cover these commands - Called
ExitPlanMode()WITHOUTallowedPromptsparameter - Not created redundant permission prompts
Files Affected:
Read (should have been checked):
.claude/settings.local.json- Contains existingBash(gh *)permission
Permission Mode:
Accept Edits was OFF (manual approval required)
Can You Reproduce This:
Yes, every time with the same prompt
Steps to Reproduce:
- Add to
.claude/settings.local.json:
``json``
{
"permissions": {
"allow": ["Bash(gh *)"]
}
}
- Ask Claude to validate a plan that requires
ghcommands - Claude enters plan mode
- Claude calls
ExitPlanModewithallowedPromptsforghcommands - User receives redundant permission prompts for already-granted permissions
Claude Model: Sonnet
Impact: Medium - Extra work to approve redundant permissions
Claude Code Version: 2.1.7 (Claude Code)
Platform: Anthropic API
Additional Context:
This appears to be a gap in Claude's ExitPlanMode tool instructions. The tool definition says "Only request permissions you actually need" but doesn't instruct Claude to check existing permissions first. This creates friction for users who have pre-configured their allow lists.
Root cause: Claude's system prompt or tool definition should include:
- "Read
.claude/settings.local.jsonbefore usingallowedPrompts" - "Only include commands NOT already in the allow list"
- Or the tool implementation should auto-filter redundant requests
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗