--dangerously-skip-permissions bypass drops after 'Always allow' on sensitive file
Description
When running with --dangerously-skip-permissions, editing a sensitive file (e.g. ~/.zshrc) triggers a permission prompt as expected. However, selecting "Always allow" on that prompt causes the bypass mode to drop for the rest of the session. Subsequent operations that should be bypassed (e.g. curl) start requiring permission again.
Steps to reproduce
- Start Claude Code with
--dangerously-skip-permissions - Ask Claude to edit
~/.zshrcvia Bash (e.g.echo "# comment" >> ~/.zshrc) - A permission prompt appears for the sensitive file — select "Always allow"
- Ask Claude to run a command that would normally be bypassed, e.g.
curl https://httpbin.org/get - A permission prompt appears for
curl— bypass is no longer active
Expected behavior
Bypass mode should remain active for non-sensitive operations after approving a sensitive file prompt. The sensitive file prompt is correct, but approving it should not revoke bypass for everything else.
Actual behavior
After selecting "Always allow" on a sensitive file prompt, bypass mode drops entirely. All subsequent tool calls that were previously bypassed now require permission.
Notes
- Possibly related to #45290 (bypass resets mid-session), but this has a specific, reproducible trigger: the "Always allow" approval on a sensitive file
skipDangerousModePermissionPrompt: trueis set insettings.json- Non-sensitive file operations (Edit, Write) that were already granted "always allow" in prior sessions continue to work without prompts, which initially made it seem like bypass was still active
Environment
- Claude Code version: 2.1.91
- Platform: macOS (darwin 25.4.0)
- Shell: zsh
- Launch method: CLI alias
claude --dangerously-skip-permissions
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗