permissions.allow accumulates entries even with bypassPermissions mode
Bug Description
When defaultMode: "bypassPermissions" is set in settings.local.json, every Bash command execution still gets recorded in the permissions.allow array. This causes the file to grow indefinitely and eventually break other Claude Code sessions due to parse errors.
Steps to Reproduce
- Set
permissions.defaultModeto"bypassPermissions"in.claude/settings.local.json:
{
"permissions": {
"allow": [],
"defaultMode": "bypassPermissions"
}
}
- Run any Bash commands during a session (e.g.
git status,curl ...,npm run build)
- Check
.claude/settings.local.jsonafter the session — theallowarray now contains entries for every command that was executed
Expected Behavior
When bypassPermissions is active, commands should not be recorded in the allow list, since:
- Permissions are already bypassed — recording serves no purpose
- Long commands (especially
curlwith inline JSON payloads) create massive entries - The file eventually becomes unparseable, blocking other Claude Code sessions from starting
Actual Behavior
Every Bash execution is appended to permissions.allow, even trivial ones like claude --version. After a heavy session (e.g. running agent swarms with many API calls), the file grows to 100+ entries with multi-KB inline commands, causing:
The :* pattern must be at the end. Move :* to the end for prefix matching...
Files with errors are skipped entirely, not just the invalid settings.
This error prevents opening new Claude Code sessions in other terminal tabs until the file is manually cleaned.
Suggested Fix
Either:
- Don't record to
allowwhenbypassPermissionsis active (preferred) - Add a config option like
permissions.recordAllowed: falseto disable recording - At minimum, sanitize/truncate long command entries before recording
Environment
- Claude Code version: 2.1.38
- OS: macOS (Darwin 25.2.0)
- Permission mode:
bypassPermissions
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗