Allow configuring protected directories in bypass permissions mode

Resolved 💬 11 comments Opened Mar 23, 2026 by floraldo Closed May 5, 2026

Problem

When using bypassPermissions mode (or --dangerously-skip-permissions), writes to .claude/, .git/, .vscode/, and .idea/ directories still prompt for confirmation. While the intent is safety, this creates friction in two scenarios:

1. Autonomous agent workflows (NightShift / Ralph loops)

Workers running in bypass mode need to write review/communication files to .claude/nightshift/. Every write triggers a permission prompt, breaking autonomous execution. The current exemptions (.claude/commands/, .claude/agents/, .claude/skills/) don't cover this.

2. Power user sessions with heavy .claude/rules/ editing

Users who frequently edit .claude/CLAUDE.md or .claude/rules/*.md get prompted repeatedly despite explicitly opting into bypass mode. The user already accepted the risk by enabling bypass — re-prompting for every .claude/ write undermines that choice.

Proposed Solution

Add a configurable setting to extend the exemption list:

{
  "permissions": {
    "defaultMode": "bypassPermissions",
    "bypassProtectedPaths": [
      ".claude/"
    ]
  }
}

Or alternatively, a broader toggle:

{
  "skipProtectedDirectoryPrompts": true
}

Alternatives considered

  • Moving files out of .claude/ — works but forces architectural compromises to work around a CLI limitation
  • Using option 2 ("allow all edits in dir") — only lasts per-session, resets on restart, and doesn't help headless/autonomous workers
  • skipDangerousModePermissionPrompt: true — already set, but this only skips the initial bypass mode confirmation, not the per-directory protections

Context

  • Claude Code v2.1.81
  • Platform: Windows 11 (Git Bash)
  • Use case: Monorepo with extensive .claude/ configuration (rules, skills, nightshift state, hooks)
  • The .claude/skills/ exemption already proves this is safe to configure — extending it to other .claude/ subdirs follows the same pattern

Who benefits

  • Anyone using bypassPermissions mode who edits .claude/ files frequently
  • Autonomous agent frameworks (NightShift, Ralph loops, CI pipelines) that need to write state files
  • Teams with custom .claude/ directory structures beyond commands/agents/skills

🤖 Generated with Claude Code

View original on GitHub ↗

This issue has 11 comments on GitHub. Read the full discussion on GitHub ↗