Bypass permissions mode silently downgrades to autoaccept-edits during session

Resolved 💬 3 comments Opened Apr 2, 2026 by qraveh Closed Apr 2, 2026

Summary

During a long Claude Code session with permission mode set to bypass, the mode silently switches to autoaccept edits without user action. The user must manually switch back, but the downgrade can recur multiple times in the same session. Only starting a new session fully resolves it.

Environment

  • Claude Code: Desktop app on Windows 11 (10.0.26200)
  • Model: Claude Opus 4.6 (1M context)
  • Session length: ~3 hours, 600+ API calls, 5.2 MB JSONL, 32% context usage
  • Permission mode: Bypass permissions (set at session start)

Reproduction

Observed 5 times in a single session. The downgrade correlates with operations that touch files outside the project root directory, but we could not isolate a single deterministic trigger.

Strongest correlation: Write/Edit to paths outside project root

| Occurrence | What preceded downgrade | Tools used |
|---|---|---|
| 1 | git push to origin (after earlier edits to docs/) | Bash (git push) |
| 2 | git push to origin (after earlier memory file edits) | Bash (git push) |
| 3 | Write to C:\BugTracker\, Edit to ~/.claude/memory/ | Write + Edit |
| 4 | Two parallel Explore agents reading across C:\SelectiveMirror\, ~/.claude/, C:\BugTracker\ | Agent (Explore) x2 |
| 5 | Three Write calls creating new files in ~/.claude/memory/ | Write x3 |

What did NOT trigger it

| Action | Result |
|---|---|
| git push alone (no prior out-of-project writes in same turn) | No downgrade |
| Bash echo > /tmp/file (outside project, via Bash not Write tool) | Sandbox prompt appeared but mode stayed bypass — different mechanism |
| Hundreds of Write/Edit calls to files inside the project root | No downgrade |

Observed behavior

  1. User sets permission mode to "bypass permissions"
  2. Session proceeds normally (edits, tests, git operations within project)
  3. At some point, the UI shows permission mode has changed to "autoaccept edits"
  4. User manually switches back to bypass
  5. Downgrade recurs (happened 5 times in one session)

Expected behavior

Bypass permissions mode should remain set for the entire session unless the user explicitly changes it.

Notes

  • The downgrade appears to be persistent within the session — switching back to bypass doesn't prevent future downgrades
  • We could not produce a 100% reliable reproduction — the correlation with out-of-project file operations is strong but not confirmed as causal
  • The session involved Write/Edit to three distinct directory trees: C:\SelectiveMirror\ (project root), C:\BugTracker\, and C:\Users\raveh\.claude\memory\
  • Parallel Agent (Explore) tool calls that read across multiple directory trees also correlated with one occurrence
  • EnterPlanMode / ExitPlanMode was used 3 times in the session but did not directly correlate with any downgrade (downgrades happened many turns after plan exits)

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗