Permission rules with absolute paths don't match when tool uses relative paths

Resolved 💬 3 comments Opened Mar 12, 2026 by justin-b Closed Mar 16, 2026

Description

Permission allow rules defined with absolute paths in settings.json don't match when a tool call presents the same file using a relative path.

Steps to reproduce

  1. Add an allow rule with an absolute path, e.g.:

``json
"Edit(/home/user/.local/worktrees/**)"
``

  1. Have Claude attempt an Edit where the resolved path falls under that directory, but the tool internally uses a relative path (e.g., ../../../.local/worktrees/somefile.py from a different working directory).
  1. The user is prompted for permission despite the rule existing.

Expected behavior

The permission system should resolve relative paths to absolute before matching against allow rules. Both ../../../.local/worktrees/somefile.py (from the appropriate CWD) and /home/user/.local/worktrees/somefile.py should match the same rule.

Actual behavior

The relative path does not match the absolute-path rule, and the user is prompted every time.

Additional context

This also appears to affect Search/Grep tool calls — rules for Read don't cover Search on the same paths, suggesting these are treated as separate permission types. (This part may be by design rather than a bug, but it's worth noting since it's a common source of unexpected prompts.)

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗