[FEATURE] Allow specific-path rules in allow to bypass generic ask rule (whitelist)
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
There is currently no way to whitelist specific files for silent access while still prompting for everything else. The allow and ask lists cannot be combined to achieve this. A specific path rule in allow
does not take precedence over a generic tool entry in ask.
Consider this settings.json:
{
"permissions": {
"allow": [
"Read(/project/Scripts/main.py)",
"Read(/project/Scripts/utils.py)"
],
"ask": [
"Read"
]
}
}
The expected behavior is that the two listed files are read silently, while any other Read call triggers a prompt. The actual behavior is that the generic Read in ask takes precedence — Claude prompts for
permission even on the explicitly allowed files.
Leaving "Read" out of the ask permissions won't fix this example either. Because then it defaults to allowing reads on every file in the project.
Proposed Solution
A specific rule (e.g. Read(/path/to/file)) in allow should take precedence over a generic rule (e.g. Read) in ask, consistent with the principle that more specific rules override more general ones.
Alternative Solutions
_No response_
Priority
High - Significant impact on productivity
Feature Category
Configuration and settings
Use Case Example
A developer is working on a specific feature in a larger codebase. They want to give Claude exactly the context it needs for the task. Not because the project contains secrets, but to keep Claude's
context focused and to stay aware of when it reaches outside the expected scope. With the current behavior, they have to choose between prompting on every file (including ones they've already approved) or
allowing all reads freely.
Additional Context
_No response_
This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗