permissions.allow accumulates entries even with bypassPermissions mode

Resolved 💬 3 comments Opened Feb 10, 2026 by ETSportFits Closed Feb 13, 2026

Bug Description

When defaultMode: "bypassPermissions" is set in settings.local.json, every Bash command execution still gets recorded in the permissions.allow array. This causes the file to grow indefinitely and eventually break other Claude Code sessions due to parse errors.

Steps to Reproduce

  1. Set permissions.defaultMode to "bypassPermissions" in .claude/settings.local.json:
{
  "permissions": {
    "allow": [],
    "defaultMode": "bypassPermissions"
  }
}
  1. Run any Bash commands during a session (e.g. git status, curl ..., npm run build)
  1. Check .claude/settings.local.json after the session — the allow array now contains entries for every command that was executed

Expected Behavior

When bypassPermissions is active, commands should not be recorded in the allow list, since:

  • Permissions are already bypassed — recording serves no purpose
  • Long commands (especially curl with inline JSON payloads) create massive entries
  • The file eventually becomes unparseable, blocking other Claude Code sessions from starting

Actual Behavior

Every Bash execution is appended to permissions.allow, even trivial ones like claude --version. After a heavy session (e.g. running agent swarms with many API calls), the file grows to 100+ entries with multi-KB inline commands, causing:

The :* pattern must be at the end. Move :* to the end for prefix matching...
Files with errors are skipped entirely, not just the invalid settings.

This error prevents opening new Claude Code sessions in other terminal tabs until the file is manually cleaned.

Suggested Fix

Either:

  1. Don't record to allow when bypassPermissions is active (preferred)
  2. Add a config option like permissions.recordAllowed: false to disable recording
  3. At minimum, sanitize/truncate long command entries before recording

Environment

  • Claude Code version: 2.1.38
  • OS: macOS (Darwin 25.2.0)
  • Permission mode: bypassPermissions

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗