[BUG] --dangerously-skip-permissions does not bypass project-level "ask" rules in .claude/settings.json

Resolved 💬 3 comments Opened May 18, 2026 by NYBaywatch Closed Jun 18, 2026

What's Wrong?

--dangerously-skip-permissions does not bypass ask rules defined in a project's
.claude/settings.json. The flag is documented as "Bypass all permission checks,"
but project-level ask patterns still trigger prompts (interactive) or denials
(--print mode), even when the global session is launched with the flag.

Edit/Write rules are most affected; this is similar in spirit to the
already-fixed #42696, but the cause here is not subagent inheritance — it's
the project ask list being applied on top of bypass mode.

What Should Happen?

Per CLI help text, --dangerously-skip-permissions should skip all permission
checks regardless of source (project settings, global settings, mode). Project
ask rules should not fire when the session is in bypass mode.

Error Messages/Logs

In --print mode the model surfaces the denial directly:

The write was blocked by the permission system. Want me to retry (you'll get a prompt to approve), or write it to .vec-from-here/tmp/test.md instead (pre-approved)?

In interactive mode, the standard permission prompt fires:

Do you want to overwrite prompt1_extract_and_map.md? ❯ 1. Yes 2. Yes, allow all edits during this session (shift+tab) 3. No

Steps to Reproduce

  1. Create a folder repro/ with a .claude/settings.json:

``json
{
"permissions": {
"allow": ["Read(**)"],
"ask": ["Write(**)", "Edit(**)", "Bash(*)"]
}
}
``

  1. From repro/, run:

``
claude --dangerously-skip-permissions --print "write hello to test.md"
``

  1. Observed: Write is denied — the model reports

"The write was blocked by the permission system."

  1. Now go to a sibling folder with no .claude/ directory and run the same

command:

``
claude --dangerously-skip-permissions --print "write hello to test.md"
``

  1. Observed: Write succeeds silently — confirming the flag works in general,

but is silently overridden by project-level ask rules.

The same symptom occurs in interactive mode (not just --print).

Regression

I don't know — I haven't tested older versions for this specific path.

Claude Code Version

2.1.143 (Claude Code)

Platform

Anthropic API

OS

Windows

Terminal/Shell

PowerShell (Windows Terminal)

Additional Information

  • Global ~/.claude/settings.json has "permissions": {"defaultMode": "auto"}

and "skipDangerousModePermissionPrompt": true — neither changes the outcome.

  • The project's .claude/settings.local.json only contains allow entries

(no ask/deny), so it isn't the override source.

  • Removing or narrowing the ask list in the project's settings.json is a

workaround.

  • Surface area suggestion: either bypass mode should truly bypass project ask

rules (matching the docs), or the CLI help text should be updated to clarify
that project ask rules are honored even in bypass mode.

Related (closed/different cause): #42696, #54850, #32466, #37939.
Related (open, different mode/scenario): #55255.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗