"Always allow access" for sensitive file prompts does not persist across sessions
Bug Description
When Claude Code prompts for permission to edit a file it classifies as "sensitive," selecting option 2 ("Yes, and always allow access to [path] from this project") does not persist the exception. The same prompt reappears in every new session for the same file paths.
Environment
- Claude Code CLI (latest)
- macOS (Apple Silicon)
- Working directory:
~/.claude(PAI infrastructure project)
Steps to Reproduce
- Have
permissions.allow: ["*"]insettings.json - Have blanket
Write,Edit,Readallows in project-levelsettings.local.json - Trigger an edit to a file under a path Claude Code considers "sensitive" (e.g.,
~/.claude/MEMORY/LEARNING/SIGNALS/ratings.jsonl) - Claude Code prompts: "Claude requested permissions to edit [path] which is a sensitive file"
- Select option 2: "Yes, and always allow access to SIGNALS/ from this project"
- Start a new session
- Trigger the same edit → prompt reappears
Expected Behavior
Selecting "Yes, and always allow access to [path] from this project" should persist the exception (presumably in settings.local.json) so the prompt does not reappear in future sessions for the same path.
Actual Behavior
The exception is not persisted. The prompt appears every session regardless of:
permissions.allow: ["*"]insettings.json- Blanket tool allows (
Write,Edit,Read) in project-levelsettings.local.json - Repeatedly selecting option 2
Additional Context
The project-level settings.local.json (at ~/.claude/.claude/settings.local.json since the working directory is ~/.claude) contains:
{
"permissions": {
"allow": ["Bash", "Read", "Write", "Edit", "MultiEdit", "Glob", "Grep", ...]
}
}
The sensitive file detection appears to run before checking any permission settings, making it impossible to suppress via configuration. The "always allow" option should either write a durable exception to settings.local.json or respect the existing blanket allows for sensitive paths.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗