VS Code: bypassPermissions mode still shows permission prompts despite correct settings

Resolved 💬 3 comments Opened Apr 5, 2026 by Christophe-Rogiers Closed Apr 9, 2026

Bug Description

The VS Code extension (v2.1.92) still shows "Make this edit to [file]?" permission prompts despite bypassPermissions mode being fully and correctly configured at every level.

Environment

  • Extension version: 2.1.92 (anthropic.claude-code-2.1.92-win32-x64)
  • OS: Windows 11 Enterprise 10.0.26200
  • Workspace: UNC path (\server\share\...)
  • VS Code settings, global Claude settings, and project Claude settings are all correctly configured (see below)

Configuration (all verified correct)

VS Code settings.json

{
  "claudeCode.allowDangerouslySkipPermissions": true,
  "claudeCode.initialPermissionMode": "bypassPermissions"
}

Global ~/.claude/settings.json

{
  "permissions": {
    "defaultMode": "bypassPermissions",
    "dangerousOperations": "allow",
    "allow": ["Bash(*)", "Read(*)", "Edit(*)", "Write(*)", "Glob(*)", "Grep(*)", "..."]
  }
}

Project .claude/settings.json

{
  "permissions": {
    "allow": ["*"]
  }
}

Project .claude/settings.local.json

{
  "permissions": {
    "defaultMode": "bypassPermissions"
  }
}

Verified: CLI flags ARE correct

Inspected the running process via Get-CimInstance Win32_Process and confirmed the CLI is launched with:

claude.exe --permission-mode bypassPermissions --allow-dangerously-skip-permissions --permission-prompt-tool stdio ...

All three flags are present and correct. The CLI should auto-approve all tools in this mode.

Root Cause Analysis

After inspecting the minified extension source (extension.js), the issue appears to be in the requestToolPermission method. The extension provides a canUseTool callback to the SDK and sets --permission-prompt-tool stdio. The callback always forwards permission requests to the webview UI without checking the current permission mode:

// extension.js (deminified)
async requestToolPermission(channelId, toolName, inputs, suggestions, signal) {
    // Only auto-allows Chrome MCP tools
    if (this.channels.get(channelId)?.chromeMcpState.status === "connected" 
        && toolName.startsWith("mcp__claude-in-chrome__"))
        return { behavior: "allow", updatedInput: inputs };
    
    // ALL other tools: always sends to webview UI — no permission mode check!
    let result = await this.sendRequest(channelId, {
        type: "tool_permission_request",
        toolName, inputs, suggestions
    }, signal);
    return result.result;
}

Expected behavior: When the permission mode is bypassPermissions, the requestToolPermission callback should auto-approve ({ behavior: "allow" }) without forwarding to the webview.

Actual behavior: Every tool call is forwarded to the webview, which shows the "Make this edit to [file]?" prompt regardless of permission mode.

Steps to Reproduce

  1. Configure all settings as shown above
  2. Open a workspace on a UNC path in VS Code
  3. Start a new Claude Code session (panel)
  4. Ask Claude to edit any file
  5. Observe the "Make this edit to [file]?" Yes/No prompt appears

Expected Behavior

In bypassPermissions mode, all tool calls should be auto-approved without user interaction, matching the CLI behavior.

Additional Context

  • The settings were active before the session was started (not a settings-load race condition)
  • Restarting VS Code / opening new sessions does not help
  • The issue has persisted for multiple days across sessions
  • The initialPermissionMode getter in the extension correctly resolves to "bypassPermissions" (verified the logic in minified source)

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗