[BUG] /permissions UI accepts and hides invalid permission entries without validation
Resolved 💬 3 comments Opened Feb 28, 2026 by alexeyv Closed Mar 4, 2026
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
The /permissions UI (Add a new rule) accepts permission entries that lack the required tool wrapper (e.g., say * instead of Bash(say *)). It writes them to settings.json without any validation or warning. Then, when viewing permissions again via /permissions, the invalid entry is silently hidden -- it does not appear in the list.
This creates a confusing situation where:
- User adds a permission rule via the UI
- The rule appears to be accepted (no error)
- The rule is written to
settings.json - The permission does not actually work (tool still prompts for approval)
- Going back to
/permissionsshows no trace of the entry - The only way to discover the orphaned entry is to manually inspect
settings.json
What Should Happen?
Either:
- Validate on input: Reject entries without a valid tool wrapper, or auto-complete/suggest the correct format (e.g., prompt the user to wrap
say *asBash(say *)) - Display invalid entries: Show all entries from the file in the
/permissionsUI, even if invalid, with a warning indicator so the user can fix or remove them
Error Messages/Logs
No error messages are shown -- that is the problem. The entry is silently accepted and silently hidden.
Steps to Reproduce
- Run
/permissionsthen Add a new rule then Allow - Type
say *(without theBash()wrapper) - Entry is accepted, written to
settings.json - Ask Claude to run
say "hello"-- it still prompts for permission - Run
/permissionsagain -- thesay *entry is not visible in the list - Open
settings.jsonmanually --"say *"is there in the allow array
Claude Model
Opus
Is this a regression?
I don't know
Claude Code Version
Claude Code 2.1.50
Platform
Anthropic API
Operating System
macOS
Terminal/Shell
iTerm2
Additional Information
Related but distinct from #27686 (which is about the UI mangling valid input). This issue is specifically about:
- No input validation when adding permission rules via
/permissions - Invalid entries being silently hidden from the UI on subsequent views
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗