[BUG] Tool permission denial not enforced — WebFetch executed after user selected "No"
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
When Claude Code prompts the user for permission to execute a tool call, selecting the "No" option did not prevent the tool from executing. The tool ran anyway and returned results, which Claude then used in its response.
This was previously reported and closed as fixed in #33235, but is still reproducible on Linux.
This makes the permission system meaningless. Users have a reasonable expectation that denying a tool call is a hard stop. In my case, I denied a WebFetch call because I wanted to provide that context myself. Claude proceeded to fetch and summarize the page anyway, then incorporated that scraped content into the conversation — overriding my intent.
What Should Happen?
Tool does not execute. Claude acknowledges the denial and asks the user for context or adjusts its approach.
Error Messages/Logs
Steps to Reproduce
- Start a Claude Code session
- Trigger a tool call that requires permission (e.g. WebFetch on an external URL)
- When the permission prompt appears, select the "No" / deny option
- Observe: tool executes anyway and result is used by Claude
Claude Model
Sonnet (default)
Is this a regression?
Yes, this worked in a previous version
Last Working Version
_No response_
Claude Code Version
2.1.72
Platform
Anthropic API
Operating System
Other Linux
Terminal/Shell
Xterm
Additional Information
<img width="1594" height="1980" alt="Image" src="https://github.com/user-attachments/assets/163ecf80-0b4a-454f-a1b2-adfc59a35641" />
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗