Global permissions not being applied at session start - prompts for already-configured MCP tools

Resolved 💬 3 comments Opened Feb 19, 2026 by shahzaibyounis Closed Feb 22, 2026

Claude Code is prompting for permissions on MCP tools that are already configured in the global permissions.allow list in ~/.claude.json. This happens at every session start, even though the permissions were previously granted and saved.

Steps to Reproduce

  1. Grant permission for MCP tools (e.g., mcp__ado__work_list_team_iterations)
  2. Verify the permission is saved in ~/.claude.json under permissions.allow
  3. Exit Claude Code and start a new session
  4. Attempt to use the same MCP tool again
  5. Claude Code prompts for permission again despite it being in the config

Expected Behavior

  • Global permissions in ~/.claude.jsonpermissions.allow should be loaded at session start
  • Previously-approved tools should not prompt for permission again
  • Project-level allowedTools should inherit or respect global permissions

Actual Behavior

  • Claude Code prompts for permissions on every session start
  • Global permissions exist but are not being applied
  • Project-level allowedTools array remains empty even after global permission is granted

Evidence from ~/.claude.json

Global permissions show approved tools:

"permissions": {
  "allow": [
    "mcp__ado__work_list_team_iterations",
    "mcp__ado__wit_get_work_items_for_iteration",
    "mcp__ado__wit_get_work_items_batch_by_ids",
    // ... other approved tools
  ]
}

But project-level config shows empty allowedTools:

"projects": {
  "/path/to/project": {
    "allowedTools": [],
    // ... rest of project config
  }
}

Environment

  • Claude Code version: 2.1.47
  • Platform: macOS (Darwin 25.3.0)
  • Shell: zsh
  • Install method: native
  • MCP servers: ADO (Azure DevOps) MCP tools via official marketplace

Possible Root Cause

The permission system may not be:

  1. Reading global permissions.allow at session initialization, OR
  2. Properly syncing global permissions to project-level allowedTools, OR
  3. Checking both global and project-level permissions during tool execution

Related Question

Is there a difference between how permissions.allow (global) and allowedTools (project-level) should work? Should tools approved globally automatically be available at the project level, or do they require separate approval?

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗