"Always allow access" for sensitive file prompts does not persist across sessions

Resolved 💬 3 comments Opened Apr 3, 2026 by espcoder Closed Apr 6, 2026

Bug Description

When Claude Code prompts for permission to edit a file it classifies as "sensitive," selecting option 2 ("Yes, and always allow access to [path] from this project") does not persist the exception. The same prompt reappears in every new session for the same file paths.

Environment

  • Claude Code CLI (latest)
  • macOS (Apple Silicon)
  • Working directory: ~/.claude (PAI infrastructure project)

Steps to Reproduce

  1. Have permissions.allow: ["*"] in settings.json
  2. Have blanket Write, Edit, Read allows in project-level settings.local.json
  3. Trigger an edit to a file under a path Claude Code considers "sensitive" (e.g., ~/.claude/MEMORY/LEARNING/SIGNALS/ratings.jsonl)
  4. Claude Code prompts: "Claude requested permissions to edit [path] which is a sensitive file"
  5. Select option 2: "Yes, and always allow access to SIGNALS/ from this project"
  6. Start a new session
  7. Trigger the same edit → prompt reappears

Expected Behavior

Selecting "Yes, and always allow access to [path] from this project" should persist the exception (presumably in settings.local.json) so the prompt does not reappear in future sessions for the same path.

Actual Behavior

The exception is not persisted. The prompt appears every session regardless of:

  • permissions.allow: ["*"] in settings.json
  • Blanket tool allows (Write, Edit, Read) in project-level settings.local.json
  • Repeatedly selecting option 2

Additional Context

The project-level settings.local.json (at ~/.claude/.claude/settings.local.json since the working directory is ~/.claude) contains:

{
  "permissions": {
    "allow": ["Bash", "Read", "Write", "Edit", "MultiEdit", "Glob", "Grep", ...]
  }
}

The sensitive file detection appears to run before checking any permission settings, making it impossible to suppress via configuration. The "always allow" option should either write a durable exception to settings.local.json or respect the existing blanket allows for sensitive paths.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗