[BUG] Absolute path deny rules incorrectly affect relative path files in v1.0.103

Resolved 💬 3 comments Opened Sep 4, 2025 by cateiru Closed Sep 4, 2025

Environment

  • Platform (select one):
  • [ ] Anthropic API
  • [ ] AWS Bedrock
  • [x] Google Vertex AI
  • [ ] Other: <!-- specify -->
  • Claude CLI version: v1.0.103
  • Operating System: macOS 15.6.1 <!-- e.g. macOS 14.3, Windows 11, Ubuntu 22.04 -->
  • Terminal: iTerm2 <!-- e.g. iTerm2, Terminal App -->

Bug Description

<!-- A clear and concise description of the bug -->

When specifying deny with an absolute path like Edit(//lib/**)[^1] in the permissions of /User/[path_to]/.claude/settings.local.json, the deny rule is incorrectly applied to files in /User/[path_to]/lib/** as well.

The problem does not occur with v1.0.102, so this appears to be a bug that was introduced in v1.0.103.

Steps to Reproduce

  1. Add the following configuration to /User/[path_to_your_repository]/.claude/settings.local.json

``json
{
"permissions": {
"allow": [],
"deny": ["Edit(//lib/**)", "Write(//lib/**)"]
}
}
``

  1. Try to write to /User/[path_to_your_repository]/lib/example.txt
  2. Error message is displayed

Expected Behavior

<!-- What you expected to happen -->

  • Even when Edit(//lib/**) is set to deny, the deny rule should not be applied to files with relative paths like lib/**

Actual Behavior

<!-- What actually happened -->

claude-code-allowed-tools-broken-demo - main! ❯ claude --version
1.0.103 (Claude Code)
claude-code-allowed-tools-broken-demo - main! ❯ claude
╭───────────────────────────────────────────────────────────────────────────╮
│ ✻ Welcome to Claude Code!                                                 │
│                                                                           │
│   /help for help, /status for your current setup                          │
│                                                                           │
│   cwd: /Users/*******/repositories/claude-code-allowed-tools-broken-demo  │
╰───────────────────────────────────────────────────────────────────────────╯

> This is a test of write permissions. Please try writing to @lib/example.txt.
  ⎿  Read lib/example.txt (2 lines)

⏺ I'll test the write permissions by writing to the lib/example.txt file.

⏺ Update(lib/example.txt)
  ⎿  Error: Permission to edit /Users/*******/repositories/claude-code-allowed-tools-broken-demo/lib/example.txt has been denied.

⏺ Write permissions are denied for lib/example.txt. The file cannot be edited due to permission restrictions.

Additional Context

<!-- Add any other context about the problem here, such as screenshots, logs, etc. -->

This issue may also be related to the following issues:

[^1]: Identity and Access Management - Anthropic

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗