permissions.allow rules do not override protected path prompts in bypassPermissions mode
Resolved 💬 3 comments Opened Apr 12, 2026 by stevenfreedman Closed Apr 16, 2026
Description
permissions.allow rules with path-specific patterns do not suppress permission prompts for protected paths (.claude/, .git/, etc.), even in bypassPermissions mode. Users who explicitly opt into allowing these paths in their settings are still prompted.
Steps to Reproduce
- Add path-specific allow rules to
~/.claude/settings.json:
``json``
{
"permissions": {
"allow": [
"Edit(//.claude/**)",
"Write(//.claude/**)",
"Read(//.claude/**)",
"Edit(//.git/**)",
"Write(//.git/**)",
"Read(//.git/**)"
]
}
}
- Launch Claude Code with
--permission-mode bypassPermissions - Attempt to edit a file in
.claude/(e.g.,.claude/noice-deployments.yaml)
Expected Behavior
The edit should auto-approve since:
- The user is in
bypassPermissionsmode (explicitly accepting all risk) - The path is explicitly listed in
permissions.allow
Actual Behavior
Claude still prompts:
Do you want to make this edit to noice-deployments.yaml?
1. Yes
2. Yes, allow all edits during this session (shift+tab)
3. No
Environment
- Claude Code version: latest (April 2026)
- Plan: Max 20X
- OS: Ubuntu 24.04
- Model: Claude Opus 4.6
Additional Context
- This also affects
Bashcommands targeting protected paths (e.g.,rm ~/.claude/...) even withBash(*)in the allow list - The protected path check appears to be a separate enforcement layer that runs independently of and takes precedence over
permissions.allowrules - Workaround: approve once per session via the prompt (option 2), but this defeats the purpose of
bypassPermissionsmode --permission-mode autois not available on Max plans, sobypassPermissions+ allow rules is the only path to zero-prompt workflows for Max users
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗