[BUG] --dangerously-skip-permissions does not bypass project-level "ask" rules in .claude/settings.json
What's Wrong?
--dangerously-skip-permissions does not bypass ask rules defined in a project's.claude/settings.json. The flag is documented as "Bypass all permission checks,"
but project-level ask patterns still trigger prompts (interactive) or denials
(--print mode), even when the global session is launched with the flag.
Edit/Write rules are most affected; this is similar in spirit to the
already-fixed #42696, but the cause here is not subagent inheritance — it's
the project ask list being applied on top of bypass mode.
What Should Happen?
Per CLI help text, --dangerously-skip-permissions should skip all permission
checks regardless of source (project settings, global settings, mode). Projectask rules should not fire when the session is in bypass mode.
Error Messages/Logs
In --print mode the model surfaces the denial directly:
The write was blocked by the permission system. Want me to retry (you'll get a prompt to approve), or write it to .vec-from-here/tmp/test.md instead (pre-approved)?
In interactive mode, the standard permission prompt fires:
Do you want to overwrite prompt1_extract_and_map.md? ❯ 1. Yes 2. Yes, allow all edits during this session (shift+tab) 3. No
Steps to Reproduce
- Create a folder
repro/with a.claude/settings.json:
``json``
{
"permissions": {
"allow": ["Read(**)"],
"ask": ["Write(**)", "Edit(**)", "Bash(*)"]
}
}
- From
repro/, run:
````
claude --dangerously-skip-permissions --print "write hello to test.md"
- Observed: Write is denied — the model reports
"The write was blocked by the permission system."
- Now go to a sibling folder with no
.claude/directory and run the same
command:
````
claude --dangerously-skip-permissions --print "write hello to test.md"
- Observed: Write succeeds silently — confirming the flag works in general,
but is silently overridden by project-level ask rules.
The same symptom occurs in interactive mode (not just --print).
Regression
I don't know — I haven't tested older versions for this specific path.
Claude Code Version
2.1.143 (Claude Code)
Platform
Anthropic API
OS
Windows
Terminal/Shell
PowerShell (Windows Terminal)
Additional Information
- Global
~/.claude/settings.jsonhas"permissions": {"defaultMode": "auto"}
and "skipDangerousModePermissionPrompt": true — neither changes the outcome.
- The project's
.claude/settings.local.jsononly containsallowentries
(no ask/deny), so it isn't the override source.
- Removing or narrowing the
asklist in the project'ssettings.jsonis a
workaround.
- Surface area suggestion: either bypass mode should truly bypass project
ask
rules (matching the docs), or the CLI help text should be updated to clarify
that project ask rules are honored even in bypass mode.
Related (closed/different cause): #42696, #54850, #32466, #37939.
Related (open, different mode/scenario): #55255.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗