[FEATURE] Support ~ tilde expansion in permissions.ask / permissions.allow patterns

Resolved 💬 1 comment Opened May 1, 2026 by renne Closed Jun 1, 2026

Summary

Permissions patterns in ~/.claude/settings.json (both ask and allow rules) require hardcoded absolute paths. This makes dotfiles non-portable across hosts with different usernames.

Current Behavior

{
  "permissions": {
    "ask": [
      "Edit(/home/alice/dotfiles/**)",
      "Write(/home/alice/dotfiles/**)"
    ]
  }
}

This breaks silently when the same dotfiles are used on a host where the username is bob (/home/bob/dotfiles/**). The rules simply don't fire — no error, no warning — and write-protection disappears.

Desired Behavior

{
  "permissions": {
    "ask": [
      "Edit(~/dotfiles/**)",
      "Write(~/dotfiles/**)"
    ]
  }
}

~ expands to the authenticated user's home directory at runtime, making the dotfiles portable.

Related Issues

  • #40076 — ** glob patterns in allow rules don't match paths outside the working directory. Without tilde expansion the pattern is a literal string and never matches anything, compounding that bug.

Use Case

Dotfiles repositories are shared across multiple machines that often have different usernames (e.g., user on workstation, root on server, ubuntu on cloud VM). Hardcoding /home/username/ defeats the portability benefit.

Proposed Implementation

When loading settings.json, expand ~ at the start of a pattern path to os.path.expanduser("~") (or the platform equivalent) before compiling glob matchers.

Workaround

None. Users must either:

  1. Hardcode their username (breaks portability)
  2. Skip the ask/allow rule entirely (loses write protection)
  3. Use an install script to rewrite settings.json per-host (fragile)

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗