Path-pattern scanner false-positives on macOS usernames containing `.`, and "always allow" option fails to persist a rule (Bash and Write only; Edit unaffected)
Summary
Three related issues in the path-pattern security scanner that produces "suspicious Windows path pattern that requires manual approval":
- False positive on macOS usernames containing a period. Any path under
/Users/<username-with-period>./...matches because the literal<letter>./looks like a Windows drive-letter pattern (C:\). macOS allows periods in usernames; on my machine the username isjosejimenezjr.(a common abbreviation for "Jr.") so every home-directory path under/Users/josejimenezjr./...triggers the scanner. - "Yes, and always allow" doesn't persist. Selecting option 2 ("always allow access to
<folder>/from this project") does not write a rule to.claude/settings.local.json. Verified by file mtime and rule count remaining unchanged after multiple selections. - Pre-installed allow-rules are bypassed. Manually adding
Write(//path/**),Write(/path/**), andBash(<exact-prefix>:*)rules to.claude/settings.local.jsondoes not suppress the scanner. The scanner runs at a layer above the permission/allow-list system. - Tool coverage: scanner fires on Bash and Write tool calls but not on Edit. Edit-tool calls to the same paths use the standard out-of-cwd permission prompt (different wording: "allow all edits in
<folder>/during this session") and are correctly suppressed by auto mode for in-project files.
Environment
- Claude Code: 2.1.123 (latest published on npm at time of report)
- macOS, username
josejimenezjr.(legal trailing period in macOS username) - Auto mode (
bypassPermissions) active
Reproduction
- macOS account with a period in the username (e.g.
josejimenezjr.). - In Claude Code with auto mode on, run a Bash command that writes to a home-directory path:
````
echo test > /Users/josejimenezjr./test.txt
- Observe prompt:
> Claude requested permissions to write to /Users/josejimenezjr./test.txt, which contains a suspicious Windows path pattern that requires manual approval.
- Pick option 2 ("Yes, and always allow access to
josejimenezjr./from this project"). - Run the same command again. Expected: silent. Actual: prompts again.
- Inspect
<project>/.claude/settings.local.json: file mtime unchanged, no new rule added. - Pre-install the following rules manually in
.claude/settings.local.json:
``json`
"Write(//Users/josejimenezjr./**)",
"Write(/Users/josejimenezjr./**)",
"Bash(echo SCANNER_PROBE:*)"
echo SCANNER_PROBE_BASH > /Users/josejimenezjr./scanner_probe.txt`. Actual: still prompts.
Run a matching
- Use the Edit tool against an existing in-project file under home dir (e.g.
<project>/.claude/settings.local.json). Actual: silent (auto mode handles it correctly). Edit on an existing file outside the project working directory under home dir prompts with the standard "Yes, allow all edits during this session" prompt, not the scanner warning.
Workaround
None known. Option 2 fails silently. Manual allow-rules are not respected by this scanner. Affected users on macOS with periods in their username must manually approve every Bash and Write call to home-directory paths.
Related
- #41763 (
bypassPermissionssilently downgrades toacceptEditsafter approving suspicious-path prompt) - same scanner family.
This issue has 6 comments on GitHub. Read the full discussion on GitHub ↗