[FEATURE] Allow bypassPermissions mode to fully bypass .claude/ directory protections (or provide an opt-in override)
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
Since v2.1.78, bypassPermissions mode blocks or prompts for edits to the .claude/ directory — and explicit permission rules like Edit(.claude/**) and Write(.claude/**) do not override this protection. We have both of these configured in our settings.json and they are ignored for .claude/ paths. At least 5 issues have been filed about this (#35908, #35915, #35646, #35718, #35895), all closed as duplicates or "working as intended."
This breaks a core workflow for teams running automated Claude Code agents. Our agents need to edit files in .claude/ constantly — specifically .claude/skills/*/SKILL.md files. We use PostToolUse hooks that automatically update skill documentation when agents modify files in related code systems. With .claude/ writes blocked and no permission rule able to override the protection, this entire automated documentation pipeline breaks, and unattended agent execution becomes impossible.
The current behavior also contradicts the official documentation, which explicitly states:
bypassPermissionsmode skips permission prompts. Writes to.git,.claude,.vscode, and.ideadirectories still prompt for confirmation to prevent accidental corruption of repository state and local configuration. Writes to.claude/commands,.claude/agents, and.claude/skillsare exempt and do not prompt, because Claude routinely writes there when creating skills, subagents, and commands.
— code.claude.com/docs/en/permissions
The documented exemption for .claude/commands, .claude/agents, and .claude/skills is not honored in practice. Edits to these subdirectories are also blocked or prompt for confirmation despite the docs saying they shouldn't.
Beyond the documentation contradiction, there is no escape hatch. Even explicit Edit(.claude/**) and Write(.claude/**) allow rules in settings.json are ignored for .claude/ paths. Users who have deliberately opted into bypassPermissions mode and configured explicit allow rules for these paths have no way to make this work.
Proposed Solution
Any of the following would resolve this (in order of preference):
Option A (Preferred): Allow explicit permission rules to override .claude/ protection
Honor Edit(.claude/**) and Write(.claude/**) allow rules when configured in settings.json. These rules already exist in the permission system's syntax — they just don't work for .claude/ paths. Alternatively, add a setting like "protectClaudeDir": false. This preserves the default protection while giving teams an explicit opt-out.
Option B: New permission mode with zero restrictions
Add a mode (e.g., "unrestricted" or "fullBypass") that truly skips all permission checks including .claude/ directory protection. This preserves the current bypassPermissions behavior for users who want it while giving power users a way to fully automate.
Option C (Minimum): Honor the documented exemptions
Make the actual behavior match the documentation. Writes to .claude/commands, .claude/agents, and .claude/skills should not prompt in bypassPermissions mode, as already documented.
Alternative Solutions
There is no viable workaround. The only option is manually approving each .claude/ edit, which:
- Defeats the purpose of
bypassPermissionsmode - Makes unattended agent execution impossible
- Breaks hook-driven automation (hooks can't pause for manual approval)
We've tried adding explicit allow rules (Edit(.claude/**), Write(.claude/**)) to settings.json — these are ignored for .claude/ paths.
Priority
Critical - Blocking my work
Feature Category
Configuration and settings
Use Case Example
Our team's concrete workflow that this blocks:
- We document every major code system in
.claude/skills/*/SKILL.mdfiles (~80 skill files) - We have a PostToolUse hook that detects when an agent modifies files in a documented system
- The hook triggers a subagent to update the relevant
SKILL.mdwith any new patterns, constraints, or architectural changes - This keeps documentation in sync with the codebase automatically
With .claude/ writes blocked in bypassPermissions mode:
- The subagent cannot write the updated skill file
- The hook-triggered workflow fails silently or prompts (blocking the unattended agent)
- Documentation drifts out of sync with the code
Additional Context
Related issues (all reporting the same problem):
| Issue | Title | Status |
|-------|-------|--------|
| #35908 | Bypass permissions mode blocks Edit/Write on .claude/ files | Closed |
| #35915 | --dangerously-skip-permissions not working on latest release | Closed (duplicate) |
| #35895 | Claude Code v2.1.78 rejecting edits in .claude dir in dontAsk mode | Open |
| #35646 | Protected directory prompt in bypassPermissions has no override | Closed |
| #35718 | --dangerously-skip-permissions does not bypass "modify config files" prompt for ~/.claude/ writes | Closed |
Community comment from @patricklafrance on #35915 (link) highlighting the documentation contradiction:
Which kind of contradict the documentation: > bypassPermissions mode skips permission prompts. Writes to .claude/commands, .claude/agents, and .claude/skills are exempt and do not prompt, because Claude routinely writes there when creating skills, subagents, and commands.
This issue has 6 comments on GitHub. Read the full discussion on GitHub ↗