[BUG] The permissions.deny configuration not working
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
The permissions.deny configuration in settings.json does not appear to block file access as expected. This is a BIG security vulnerability.
What Should Happen?
The permissions.deny configuration in settings.json should block file access as expected.
Error Messages/Logs
Steps to Reproduce
This is my settings.json file, with the deny rules completely ignored.
2 "permissions": {
3 "deny": [
4 + "/credentials/",
5 + "**/.env*",
6 + "**/*.env",
7 + "/secrets/",
8 + "**/*.pem",
9 + "**/*.key",
10 + "**/credentials.json"
11 ]
12 }
13 }
Claude Model
None
Is this a regression?
Yes, this worked in a previous version
Last Working Version
_No response_
Claude Code Version
v2.1.7
Platform
Anthropic API
Operating System
macOS
Terminal/Shell
Terminal.app (macOS)
Additional Information
_No response_
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗