[BUG] Deny rules for Glob and Grep tools are bypassed when using the `path` parameter

Resolved 💬 3 comments Opened Mar 19, 2026 by f5sh Closed Apr 30, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Permission deny rules for the Glob and Grep tools are not enforced when the restricted directory is passed via the path parameter instead of being part of the pattern parameter. This allows access to files in explicitly denied directories.

What Should Happen?

The Glob call should be blocked by the deny rule. Claude should not be able to list or access any files under e.g. /Users/username/Private/.

Error Messages/Logs

Steps to Reproduce

  1. Add deny rules in ~/.claude/settings.json for a directory:
{
  "permissions": {
    "deny": [
      "Glob(/Users/username/Private/**)",
      "Grep(/Users/username/Private/**)"
    ]
  }
}
  1. Ask Claude to list files in /Users/username/Private/
  1. Claude calls the Glob tool with:
  • path = /Users/username/Private
  • pattern = *
  1. The call succeeds and returns all files in the denied directory.

Claude Model

Opus

Is this a regression?

I don't know

Last Working Version

_No response_

Claude Code Version

2.1.78 (Claude Code)

Platform

Other

Operating System

macOS

Terminal/Shell

Other

Additional Information

  • OS: macOS (Darwin 25.3.0)
  • Shell: zsh
  • Model: claude-opus-4-6

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗