[BUG] Security: permissions.deny rules not working
Resolved 💬 4 comments Opened May 21, 2026 by collimarco Closed Jul 7, 2026
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
Claude can read an example.key file (or any other key file) inside the project directory even if the ~/.claude/settings.json clearly forbids that:
{
"theme": "auto",
"model": "opus",
"sandbox": {
"enabled": true,
"failIfUnavailable": true,
"allowUnsandboxedCommands": false,
"autoAllowBashIfSandboxed": false,
"filesystem": {
"denyRead": ["//**"],
"allowRead": [
"~/Sites/example"
]
}
},
"permissions": {
"deny": [
"Read(/**/*.key)"
]
}
}
What Should Happen?
Claude should not be able to read those sensitive files, and should respect permissions.
Error Messages/Logs
Steps to Reproduce
- Create that
~/.claude/settings.jsonfile with the content above - Create an
example.keyfile in the project directory - Ask Claude to read that file
Claude Model
Opus
Is this a regression?
I don't know
Last Working Version
_No response_
Claude Code Version
2.1.140 (Claude Code)
Platform
Anthropic API
Operating System
macOS
Terminal/Shell
Terminal.app (macOS)
Additional Information
_No response_
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗