[BUG] Bypass permissions mode blocks Edit/Write on .claude/ files (v2.1.78 regression)
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
In Claude Code v2.1.78, Claude refuses to edit or write files under the .claude/ directory even when:
- Bypass permissions mode is enabled (
"defaultMode": "bypassPermissions") - Explicit allow rules are configured for
Edit(.claude/**),Write(.claude/**), andRead(.claude/**) skipDangerousModePermissionPrompt: trueis set
This is a regression — editing .claude/ files worked in prior versions. The behavior appears to have changed around the recent PreToolUse hook fix that prevented PreToolUse hooks returning "allow" from bypassing deny permission rules (including enterprise managed settings). This fix may have had the unintended side effect of blocking .claude/ file modifications even in bypass permissions mode.
Note: This is the inverse of #22055 / #25168 (which report Edit/Write going through when they shouldn't). The permission system around .claude/ paths appears broken in both directions — sometimes too permissive, sometimes too restrictive.
What Should Happen?
In bypass permissions mode, Claude should be able to freely edit and write files under .claude/ without any restrictions. The explicit allow rules (Edit(.claude/**), Write(.claude/**)) should also independently grant this access.
Error Messages/Logs
No explicit error message — Claude simply declines to make the edit, either skipping the file modification or stating it cannot modify the file, despite bypass permissions mode being active.
Steps to Reproduce
- Configure settings — create or update
~/.claude/settings.json:
``json``
{
"permissions": {
"allow": [
"Edit(.claude/**)",
"Write(.claude/**)",
"Read(.claude/**)"
],
"deny": [],
"ask": [],
"defaultMode": "bypassPermissions"
},
"skipDangerousModePermissionPrompt": true
}
- Start a Claude Code session (v2.1.78):
``bash``
claude
- Confirm bypass permissions is active — the status line should show bypass mode.
- Ask Claude to edit a file under
.claude/:
```
Edit .claude/settings.json and add a comment field
`
or
``
Create a new file at .claude/test.md with "hello world"
- Observe: Claude declines to make the modification despite bypass permissions mode being active and explicit allow rules being configured.
- Compare with non-
.claude/files: Editing files outside.claude/works normally in the same session, confirming bypass permissions mode is active for other paths.
Claude Model
Opus
Is this a regression?
Yes, this worked in a previous version
Last Working Version
Versions prior to v2.1.78 (exact last-working version not pinpointed, but the behavior changed around the PreToolUse hook permission fix)
Claude Code Version
2.1.78 (Claude Code)
Platform
Anthropic API
Operating System
macOS
Terminal/Shell
iTerm2
Additional Information
Full relevant settings.json (anonymized):
{
"permissions": {
"allow": [
"Edit(.claude/**)",
"Write(.claude/**)",
"Read(.claude/**)"
],
"deny": [],
"ask": [],
"defaultMode": "bypassPermissions"
},
"skipDangerousModePermissionPrompt": true
}
Related issues (same root cause — .claude/ permission system is broken in both directions):
- #22055 — Edit/Write tools bypass
permissions.askrules (the inverse: edits go through when they shouldn't) - #29639 — Configured file permissions not respected for
~/.claude/**paths (closed as duplicate) - #25168 — Permission bypass: Edit tool executed without approval when it should have been blocked
- #11226 — Security Gap: Hooks cannot be protected from modification (closed/locked, original issue)
Suspected cause: The recent fix that prevented PreToolUse hooks returning "allow" from bypassing deny permission rules may have introduced an overly broad restriction that now blocks .claude/ file modifications even in bypass permissions mode. The permission evaluation for .claude/ paths may have special-case logic that is now incorrectly overriding the bypass mode.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗