[BUG] DisableBypassPermissionsMode: "disable" does not block --dangerously-skip-permissions CLI flag (v2.1.140)
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
- Place the policy at /Library/Application Support/ClaudeCode/managed-settings.json (root-owned).
{
"_comment": "Profile: HOST — macOS developer machine. NO MCP servers permitted on the host: allowedMcpServers is intentionally empty. All MCP workflows (ADO, Datadog, local tools) run inside the dev container, where the container's allowlist + egress firewall provide the trust boundary. The host policy exists as a backstop for the case where a developer runs claude outside the container. Deployed to /Library/Application Support/ClaudeCode/managed-settings.json via scripts/install-host.sh",
"allowManagedMcpServersOnly": true,
"allowManagedPermissionRulesOnly": true,
"allowedMcpServers": [],
"sandbox": {
"enabled": true,
"failIfUnavailable": true
},
"cleanupPeriodDays": 30,
"permissions": {
"disableBypassPermissionsMode": "disable",
"deny": [
"Read(~/.ssh/)",
"Read(~/.aws/)",
"Read(~/.kube/)",
"Read(~/.azure/)",
"Read(~/.config/gcloud/)",
"Read(~/.gnupg/)",
"Read(~/.docker/config.json)",
"Read(~/.netrc)",
"Read(~/.npmrc)",
"Read(~/.gradle/)",
"Read(~/.m2/settings.xml)",
"Read(/.env*)",
"Read(~/.anthropic/)",
"Read(~/Library/Keychains/)",
"Read(~/Library/Cookies/)",
"Read(~/Library/Application Support/Google/Chrome/)",
"Read(~/Library/Application Support/Firefox/)",
"Read(~/Library/Application Support/com.apple.sharedfilelist/)"
]
}
}
- Run claude --dangerously-skip-permissions -p "say hi" → succeeds.
- Expected: flag refused with an "administrator has disabled bypass mode" error.
What Should Happen?
- Expected: flag refused with an "administrator has disabled bypass mode" error.
Error Messages/Logs
swati.bagga@E1420862 ~ % claude --dangerously-skip-permissions -p "say hi"
Warning: claude.ai MCP servers blocked by enterprise policy: claude.ai Gmail, claude.ai Atlassian
Hi! How can I help you today?
swati.bagga@E1420862 ~ %
Steps to Reproduce
Support/ClaudeCode/managed-settings.json via scripts/install-host.sh",
"allowManagedMcpServersOnly": true,
"allowManagedPermissionRulesOnly": true,
"allowedMcpServers": [],
"sandbox": {
"enabled": true,
"failIfUnavailable": true
},
"cleanupPeriodDays": 30,
"permissions": {
"disableBypassPermissionsMode": "disable",
"deny": [
"Read(~/.ssh/)",
"Read(~/.aws/)",
"Read(~/.kube/)",
"Read(~/.azure/)",
"Read(~/.config/gcloud/)",
"Read(~/.gnupg/)",
"Read(~/.docker/config.json)",
"Read(~/.netrc)",
"Read(~/.npmrc)",
"Read(~/.gradle/)",
"Read(~/.m2/settings.xml)",
"Read(/.env*)",
"Read(~/.anthropic/)",
"Read(~/Library/Keychains/)",
"Read(~/Library/Cookies/)",
"Read(~/Library/Application Support/Google/Chrome/)",
"Read(~/Library/Application Support/Firefox/)",
"Read(~/Library/Application Support/com.apple.sharedfilelist/)"
]
}
}
- Run claude --dangerously-skip-permissions -p "say hi" → succeeds.
- Expected: flag refused with an "administrator has disabled bypass mode" error.
Claude Model
None
Is this a regression?
Yes, this worked in a previous version
Last Working Version
_No response_
Claude Code Version
v2.1.140
Platform
Anthropic API
Operating System
macOS
Terminal/Shell
Terminal.app (macOS)
Additional Information
_No response_
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗