Permission rules don't match absolute paths outside project directory

Resolved 💬 4 comments Opened Feb 12, 2026 by w3geekery Closed Feb 15, 2026

Bug Description

Permission allow rules using absolute paths (or ~ paths) in ~/.claude/settings.json fail to auto-allow file operations when the target file is outside the project working directory. The permission system appears to check against the relative path (with ../ traversal) instead of the canonical absolute path.

Steps to Reproduce

  1. Set primary working directory to a deeply nested project, e.g.:

``
/Users/username/Projects/org/repos/app/package/scope/my-app
``

  1. Add global permission rules in ~/.claude/settings.json:

``json
{
"permissions": {
"allow": [
"Edit(/Users/username/.claude/mydata/*)",
"Edit(~/.claude/mydata/*)",
"Edit(**/.claude/mydata/data.json)"
]
}
}
``

  1. Ask Claude to edit /Users/username/.claude/mydata/data.json (absolute path provided)
  1. Expected: Edit is auto-allowed (matches absolute path rule)

Actual: Permission prompt fires every time

Root Cause

The permission prompt shows the file as:

Edit file
../../../../../../../.claude/mydata/data.json

The permission matcher appears to check against this relative display path rather than the canonical absolute path /Users/username/.claude/mydata/data.json. Since ../../../../../../../.claude/mydata/data.json doesn't match any of:

  • /Users/username/.claude/mydata/* (absolute path)
  • ~/.claude/mydata/* (home-relative path)
  • **/.claude/mydata/data.json (** glob doesn't match .. path segments)

...the rule never triggers and the user is prompted every time.

Additional Issue: "Allow for session" doesn't persist

When the permission prompt fires, selecting "Yes, and allow for this session" does NOT prevent the prompt from firing again on subsequent edits to the same file in the same session. The user is prompted on every single edit.

Impact

  • Users who store data files in ~/.claude/ (e.g., custom tools, time trackers, todo lists) get prompted on every edit regardless of allow rules
  • The only workaround is adding project-specific relative path rules (e.g., Edit(../../../../../../../.claude/mydata/*)) to every project's .claude/settings.local.json, which is fragile (different depth per project) and doesn't scale
  • Neither global allow rules nor per-session approval resolve the issue — user must approve every single operation

Expected Fix

The permission matcher should canonicalize/resolve the file path to its absolute form before checking against allow rules. This way, Edit(/Users/username/.claude/mydata/*) would match regardless of how deeply nested the current working directory is.

Environment

  • macOS (Darwin 24.6.0)
  • Claude Code (CLI)
  • Global settings in ~/.claude/settings.json
  • Project CWD 7+ levels deep from home directory

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗