Permission rules with absolute paths don't match when tool uses relative paths
Description
Permission allow rules defined with absolute paths in settings.json don't match when a tool call presents the same file using a relative path.
Steps to reproduce
- Add an allow rule with an absolute path, e.g.:
``json``
"Edit(/home/user/.local/worktrees/**)"
- Have Claude attempt an Edit where the resolved path falls under that directory, but the tool internally uses a relative path (e.g.,
../../../.local/worktrees/somefile.pyfrom a different working directory).
- The user is prompted for permission despite the rule existing.
Expected behavior
The permission system should resolve relative paths to absolute before matching against allow rules. Both ../../../.local/worktrees/somefile.py (from the appropriate CWD) and /home/user/.local/worktrees/somefile.py should match the same rule.
Actual behavior
The relative path does not match the absolute-path rule, and the user is prompted every time.
Additional context
This also appears to affect Search/Grep tool calls — rules for Read don't cover Search on the same paths, suggesting these are treated as separate permission types. (This part may be by design rather than a bug, but it's worth noting since it's a common source of unexpected prompts.)
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗