--dangerously-skip-permissions bypass drops after 'Always allow' on sensitive file

Resolved 💬 3 comments Opened May 2, 2026 by ReformingPunk Closed May 2, 2026

Description

When running with --dangerously-skip-permissions, editing a sensitive file (e.g. ~/.zshrc) triggers a permission prompt as expected. However, selecting "Always allow" on that prompt causes the bypass mode to drop for the rest of the session. Subsequent operations that should be bypassed (e.g. curl) start requiring permission again.

Steps to reproduce

  1. Start Claude Code with --dangerously-skip-permissions
  2. Ask Claude to edit ~/.zshrc via Bash (e.g. echo "# comment" >> ~/.zshrc)
  3. A permission prompt appears for the sensitive file — select "Always allow"
  4. Ask Claude to run a command that would normally be bypassed, e.g. curl https://httpbin.org/get
  5. A permission prompt appears for curl — bypass is no longer active

Expected behavior

Bypass mode should remain active for non-sensitive operations after approving a sensitive file prompt. The sensitive file prompt is correct, but approving it should not revoke bypass for everything else.

Actual behavior

After selecting "Always allow" on a sensitive file prompt, bypass mode drops entirely. All subsequent tool calls that were previously bypassed now require permission.

Notes

  • Possibly related to #45290 (bypass resets mid-session), but this has a specific, reproducible trigger: the "Always allow" approval on a sensitive file
  • skipDangerousModePermissionPrompt: true is set in settings.json
  • Non-sensitive file operations (Edit, Write) that were already granted "always allow" in prior sessions continue to work without prompts, which initially made it seem like bypass was still active

Environment

  • Claude Code version: 2.1.91
  • Platform: macOS (darwin 25.4.0)
  • Shell: zsh
  • Launch method: CLI alias claude --dangerously-skip-permissions

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗