bypassPermissions mode still shows dialog for .claude/hooks/ edits despite permissions.allow settings

Resolved 💬 3 comments Opened Apr 11, 2026 by Tech-Fumi Closed Apr 15, 2026

Description

When using --dangerously-skip-permissions (bypassPermissions mode), Claude Code still shows a 3-choice approval dialog when editing files under .claude/hooks/:

Do you want to make this edit to pre-tool-use-model-role-policy.py?
❯ 1. Yes
  2. Yes, and allow Claude to edit its own settings for this session
  3. No

This happens even when permissions.allow in settings.json contains patterns like:

  • Edit(~/.claude/**)
  • Edit(/home/fumi/.claude/**)
  • Edit(~/.claude/hooks/*.py)

Expected behavior

In --dangerously-skip-permissions mode, if permissions.allow already contains a matching pattern for the file being edited, the dialog should not appear.

Actual behavior

The built-in .claude/ self-edit protection overrides permissions.allow and still shows the dialog, even with --dangerously-skip-permissions.

Investigation findings

From official docs (confirmed): "writes to sensitive directories like .git, .claude, and .vscode still require confirmation" even in bypassPermissions mode. The exceptions documented are only commands/, agents/, and skills/ subdirectories — .claude/hooks/ is NOT in the exceptions list.

Workaround

We implemented a PreToolUse hook that explicitly returns {"permissionDecision": "allow"} for trusted delegated sessions (verified via environment variable nonce). This bypasses the dialog. Note: sys.exit(0) from a hook is insufficient — only an explicit allow JSON response bypasses the built-in gate.

Request

Either:

  1. Allow permissions.allow patterns to override the .claude/ built-in protection in bypassPermissions mode, OR
  2. Extend the exceptions list (currently commands/, agents/, skills/) to include hooks/ when bypassPermissions mode is active and a matching permissions.allow entry exists, OR
  3. Document the PreToolUse hook workaround in the official docs

Environment

  • Claude Code version: latest
  • Platform: Linux
  • Mode: --dangerously-skip-permissions (bypassPermissions)

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗