[BUG] Bypass permissions mode blocks Edit/Write on .claude/ files (v2.1.78 regression)

Resolved 💬 3 comments Opened Mar 18, 2026 by oconnorjoseph Closed Mar 18, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

In Claude Code v2.1.78, Claude refuses to edit or write files under the .claude/ directory even when:

  1. Bypass permissions mode is enabled ("defaultMode": "bypassPermissions")
  2. Explicit allow rules are configured for Edit(.claude/**), Write(.claude/**), and Read(.claude/**)
  3. skipDangerousModePermissionPrompt: true is set

This is a regression — editing .claude/ files worked in prior versions. The behavior appears to have changed around the recent PreToolUse hook fix that prevented PreToolUse hooks returning "allow" from bypassing deny permission rules (including enterprise managed settings). This fix may have had the unintended side effect of blocking .claude/ file modifications even in bypass permissions mode.

Note: This is the inverse of #22055 / #25168 (which report Edit/Write going through when they shouldn't). The permission system around .claude/ paths appears broken in both directions — sometimes too permissive, sometimes too restrictive.

What Should Happen?

In bypass permissions mode, Claude should be able to freely edit and write files under .claude/ without any restrictions. The explicit allow rules (Edit(.claude/**), Write(.claude/**)) should also independently grant this access.

Error Messages/Logs

No explicit error message — Claude simply declines to make the edit, either skipping the file modification or stating it cannot modify the file, despite bypass permissions mode being active.

Steps to Reproduce

  1. Configure settings — create or update ~/.claude/settings.json:

``json
{
"permissions": {
"allow": [
"Edit(.claude/**)",
"Write(.claude/**)",
"Read(.claude/**)"
],
"deny": [],
"ask": [],
"defaultMode": "bypassPermissions"
},
"skipDangerousModePermissionPrompt": true
}
``

  1. Start a Claude Code session (v2.1.78):

``bash
claude
``

  1. Confirm bypass permissions is active — the status line should show bypass mode.
  1. Ask Claude to edit a file under .claude/:

``
Edit .claude/settings.json and add a comment field
`
or
`
Create a new file at .claude/test.md with "hello world"
``

  1. Observe: Claude declines to make the modification despite bypass permissions mode being active and explicit allow rules being configured.
  1. Compare with non-.claude/ files: Editing files outside .claude/ works normally in the same session, confirming bypass permissions mode is active for other paths.

Claude Model

Opus

Is this a regression?

Yes, this worked in a previous version

Last Working Version

Versions prior to v2.1.78 (exact last-working version not pinpointed, but the behavior changed around the PreToolUse hook permission fix)

Claude Code Version

2.1.78 (Claude Code)

Platform

Anthropic API

Operating System

macOS

Terminal/Shell

iTerm2

Additional Information

Full relevant settings.json (anonymized):

{
  "permissions": {
    "allow": [
      "Edit(.claude/**)",
      "Write(.claude/**)",
      "Read(.claude/**)"
    ],
    "deny": [],
    "ask": [],
    "defaultMode": "bypassPermissions"
  },
  "skipDangerousModePermissionPrompt": true
}

Related issues (same root cause — .claude/ permission system is broken in both directions):

  • #22055 — Edit/Write tools bypass permissions.ask rules (the inverse: edits go through when they shouldn't)
  • #29639 — Configured file permissions not respected for ~/.claude/** paths (closed as duplicate)
  • #25168 — Permission bypass: Edit tool executed without approval when it should have been blocked
  • #11226 — Security Gap: Hooks cannot be protected from modification (closed/locked, original issue)

Suspected cause: The recent fix that prevented PreToolUse hooks returning "allow" from bypassing deny permission rules may have introduced an overly broad restriction that now blocks .claude/ file modifications even in bypass permissions mode. The permission evaluation for .claude/ paths may have special-case logic that is now incorrectly overriding the bypass mode.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗