bypassPermissions mode still shows dialog for .claude/hooks/ edits despite permissions.allow settings
Description
When using --dangerously-skip-permissions (bypassPermissions mode), Claude Code still shows a 3-choice approval dialog when editing files under .claude/hooks/:
Do you want to make this edit to pre-tool-use-model-role-policy.py?
❯ 1. Yes
2. Yes, and allow Claude to edit its own settings for this session
3. No
This happens even when permissions.allow in settings.json contains patterns like:
Edit(~/.claude/**)Edit(/home/fumi/.claude/**)Edit(~/.claude/hooks/*.py)
Expected behavior
In --dangerously-skip-permissions mode, if permissions.allow already contains a matching pattern for the file being edited, the dialog should not appear.
Actual behavior
The built-in .claude/ self-edit protection overrides permissions.allow and still shows the dialog, even with --dangerously-skip-permissions.
Investigation findings
From official docs (confirmed): "writes to sensitive directories like .git, .claude, and .vscode still require confirmation" even in bypassPermissions mode. The exceptions documented are only commands/, agents/, and skills/ subdirectories — .claude/hooks/ is NOT in the exceptions list.
Workaround
We implemented a PreToolUse hook that explicitly returns {"permissionDecision": "allow"} for trusted delegated sessions (verified via environment variable nonce). This bypasses the dialog. Note: sys.exit(0) from a hook is insufficient — only an explicit allow JSON response bypasses the built-in gate.
Request
Either:
- Allow
permissions.allowpatterns to override the.claude/built-in protection in bypassPermissions mode, OR - Extend the exceptions list (currently
commands/,agents/,skills/) to includehooks/when bypassPermissions mode is active and a matchingpermissions.allowentry exists, OR - Document the PreToolUse hook workaround in the official docs
Environment
- Claude Code version: latest
- Platform: Linux
- Mode:
--dangerously-skip-permissions(bypassPermissions)
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗