File Reference Syntax Bypasses Configured Deny Permissions

Resolved 💬 4 comments Opened Aug 18, 2025 by unwnu Closed Jan 5, 2026

Bug Description
@ file reference syntax bypasses tool-specific deny permissions in .claude/settings.json

Body:

The @ file reference syntax bypasses tool-specific file access restrictions configured in .claude/settings.json, allowing Claude to read files that should be denied.

Steps to Reproduce

  1. Configure tool-specific deny permissions in .claude/settings.json:
  {
    "permissions": {
      "deny": [
        "Read(*appsettings*)",
        "Edit(*appsettings*)",
        "Write(*appsettings*)",
        "Bash(*appsettings*)"
      ]
    }
  }
  1. Use the @ syntax to reference a file matching the denied pattern: @appsettings.json read
  2. Claude successfully reads and displays the file content despite deny rules

Expected Behavior

Claude should respect the deny permissions and refuse to access the file with an error message, since the @ syntax likely uses the Read tool internally.

Actual Behavior

Claude reads and displays the full file content, completely bypassing the configured Read(appsettings) deny permission.

Environment Info

  • Platform: darwin
  • Terminal: tmux
  • Version: 1.0.83
  • Feedback ID: daba2a04-4ee5-45e3-8b31-9e9b1c6508d3

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗