File Reference Syntax Bypasses Configured Deny Permissions
Resolved 💬 4 comments Opened Aug 18, 2025 by unwnu Closed Jan 5, 2026
Bug Description
@ file reference syntax bypasses tool-specific deny permissions in .claude/settings.json
Body:
The @ file reference syntax bypasses tool-specific file access restrictions configured in .claude/settings.json, allowing Claude to read files that should be denied.
Steps to Reproduce
- Configure tool-specific deny permissions in .claude/settings.json:
{
"permissions": {
"deny": [
"Read(*appsettings*)",
"Edit(*appsettings*)",
"Write(*appsettings*)",
"Bash(*appsettings*)"
]
}
}
- Use the @ syntax to reference a file matching the denied pattern: @appsettings.json read
- Claude successfully reads and displays the file content despite deny rules
Expected Behavior
Claude should respect the deny permissions and refuse to access the file with an error message, since the @ syntax likely uses the Read tool internally.
Actual Behavior
Claude reads and displays the full file content, completely bypassing the configured Read(appsettings) deny permission.
Environment Info
- Platform: darwin
- Terminal: tmux
- Version: 1.0.83
- Feedback ID: daba2a04-4ee5-45e3-8b31-9e9b1c6508d3
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗