Preflight Checklist
What's Wrong?
GitHub Issue Draft for Claude Code Team
Related Work Item: BUGFIX-003
Target Repository: https://github.com/anthropics/claude-code/issues
Created: 2025-12-31
Status: Draft - Ready to submit
Issue Title
[Bug] VSCode Extension: .claude/settings.local.json permissions not respected for Bash/Write/Edit operations (even with bypassPermissions mode)
Issue Type
Bug Report
Environment
Claude Code Version: Latest (VSCode Extension)
VSCode Version: Latest
OS: Windows 11
Extension Environment: VSCode Claude Code Extension
Summary
The .claude/settings.local.json permission configuration system appears to only work for Read-type tools (Read, Glob, Grep) but does NOT respect allow/deny rules for Bash commands, Write operations, or Edit operations in the VSCode extension environment.
Critical Finding: Even with bypassPermissions mode enabled (which should bypass ALL permission checks), users still receive approval prompts for Bash, Write, and Edit operations.
Expected Behavior
When .claude/settings.local.json contains:
{
"permissions": {
"defaultMode": "dontAsk",
"allow": [
"Read(**)",
"Glob",
"Grep",
"Task",
"Bash(dir:*)"
],
"deny": [
"Read(.env)",
"Read(.env.*)",
"Read(secrets/**)",
"Read(credentials.json)",
"Read(.aws/**)",
"Read(.git/config)",
"Read(../**)"
]
}
}AND VSCode setting claudeCode.initialPermissionMode is set to "acceptEdits" or "bypassPermissions",
Expected: All allowed operations should execute without approval prompts, including:
- Bash commands matching
Bash(dir:*)
- Write operations (creating files)
- Edit operations (modifying files)
Actual Behavior
What Works (No Prompts):
- ✅ Read(**) tool
- ✅ Glob tool
- ✅ Grep tool
What Still Prompts (Despite Configuration):
- ❌ Bash commands - ALL types (simple commands, pipelines, git operations)
- ❌ Write tool - Creating new files
- ❌ Edit tool - Modifying existing files
Critical Issue: Even with VSCode initialPermissionMode set to "bypassPermissions" (which should bypass ALL permission checks), the following still prompted:
- Bash command:
cat thoughts/project/work/doing/.limit
- Write operation: Creating new file
- Edit operation: Modifying existing file
Reproduction Steps
Configuration Setup
- Create
.claude/settings.local.json in project root:
{
"permissions": {
"defaultMode": "dontAsk",
"allow": [
"Read(**)",
"Glob",
"Grep",
"Task",
"Bash(dir:*)"
],
"deny": [
"Read(.env)",
"Read(.env.*)",
"Read(secrets/**)",
"Read(credentials.json)",
"Read(.aws/**)",
"Read(.git/config)",
"Read(../**)"
]
}
}
- Open VSCode Settings (Ctrl+,)
- Search for "claude"
- Set
Claude Code: Initial Permission Mode to "acceptEdits"
- Restart Claude Code session
Test Case 1: Read Operations (These Work)
- Use Read tool to read any project file
- Use Glob tool to search files
- Use Grep tool to search content
Test Case 2: Bash Commands (These Fail)
- Execute:
cat thoughts/project/work/doing/.limit
- Result: Approval prompt appears ❌
- Execute:
ls -la
- Result: Approval prompt appears ❌
- Execute:
git status
- Result: Approval prompt appears ❌
Test Case 3: Write/Edit Operations (These Fail)
- Use Write tool to create new file
- Result: Approval prompt appears ❌
- Use Edit tool to modify existing file
- Result: Approval prompt appears ❌
Test Case 4: bypassPermissions Mode (Critical Finding)
- Change VSCode setting to
"bypassPermissions"
- Repeat Bash/Write/Edit tests
- Result: ALL still prompt ❌
This suggests the permission system is not properly integrated for these operation types.
Root Cause Analysis
Based on extensive testing, the VSCode extension appears to have two separate permission pathways:
Pathway 1 (Works): Read-type tools (Read, Glob, Grep, Task)
- These properly respect
.claude/settings.local.json allow/deny rules
- Correctly work with
defaultMode: "dontAsk"
Pathway 2 (Broken): Bash/Write/Edit operations
- These do NOT respect
.claude/settings.local.json allow/deny rules
- Do NOT respect VSCode
initialPermissionMode setting
- Even
bypassPermissions mode (which should skip ALL checks) still prompts
Hypothesis: Bash/Write/Edit operations may use a different permission check mechanism that is not connected to the configuration system.
Impact
Severity: Medium-High
User Impact:
- Users cannot configure non-destructive read-only operations (like checking WIP limits) without approval prompts
- Workflow friction persists despite correct configuration
bypassPermissions mode not working as expected is particularly concerning
Workaround:
- None available for Bash/Write/Edit operations
- Users must manually approve each operation
Additional Context
Testing Environment Details
- Tested with fresh VSCode restart after each configuration change
- Verified only one
.claude/settings.local.json file exists (no conflicts)
- Tested all four
initialPermissionMode values: default, acceptEdits, plan, bypassPermissions
- Bash patterns tested:
Bash(cat:*), Bash(ls:*), Bash(pwd), Bash(git status), Bash(dir:*)
Configuration Files Verified
.claude/settings.local.json:
{
"permissions": {
"defaultMode": "dontAsk",
"allow": [
"Read(**)",
"Glob",
"Grep",
"Task",
"Bash(dir:*)"
],
"deny": [
"Read(.env)",
"Read(.env.*)",
"Read(secrets/**)",
"Read(credentials.json)",
"Read(.aws/**)",
"Read(.git/config)",
"Read(../**)"
]
}
}VSCode settings.json:
{
"claudeCode.initialPermissionMode": "acceptEdits"
}Expected vs Actual Permission Matrix
| Tool/Operation |
.claude/settings.local.json |
acceptEdits Mode |
bypassPermissions Mode |
Expected |
Actual |
| Read(**) |
✅ Configured |
N/A |
N/A |
No prompt |
✅ No prompt |
| Glob |
✅ Configured |
N/A |
N/A |
No prompt |
✅ No prompt |
| Grep |
✅ Configured |
N/A |
N/A |
No prompt |
✅ No prompt |
| Bash(dir:*) |
✅ Configured |
✅ Enabled |
✅ Bypass ALL |
No prompt |
❌ Still prompts |
| Write |
N/A |
✅ Enabled |
✅ Bypass ALL |
No prompt |
❌ Still prompts |
| Edit |
N/A |
✅ Enabled |
✅ Bypass ALL |
No prompt |
❌ Still prompts |
Suggested Fix
- Verify Bash/Write/Edit operations use the same permission check pathway as Read/Glob/Grep tools
- Ensure
bypassPermissions mode actually bypasses all permission checks (currently not working)
- Document permission system architecture so users understand which settings control which operations
Related Issues
(Search for similar issues - #15772 ]
Questions for Claude Code Team
- Is
.claude/settings.local.json supposed to work for Bash/Write/Edit operations in VSCode extension?
- Should
bypassPermissions mode eliminate ALL prompts? (Currently it doesn't for Bash/Write/Edit)
- Is there separate configuration needed for Bash/Write/Edit permissions in VSCode?
- Is this behavior expected, or is it a bug?
Reported By: SpearIT Project Framework Team
Date: 2025-12-31
Contact: (Add your GitHub username when submitting)
What Should Happen?
Expected: All allowed operations should execute without approval prompts, including:
- Bash commands matching
Bash(dir:*)
- Bash commands like (cat, ls, grep)
Error Messages/Logs
Steps to Reproduce
See description above.
Claude Model
Sonnet (default)
Is this a regression?
I don't know
Last Working Version
No response
Claude Code Version
Model: Claude Sonnet 4.5 (model ID: claude-sonnet-4-5-20250929) - VSCode ext 2.0.75
Platform
Anthropic API
Operating System
Windows
Terminal/Shell
PowerShell
Additional Information
No response
Preflight Checklist
What's Wrong?
GitHub Issue Draft for Claude Code Team
Related Work Item: BUGFIX-003
Target Repository: https://github.com/anthropics/claude-code/issues
Created: 2025-12-31
Status: Draft - Ready to submit
Issue Title
[Bug] VSCode Extension:
.claude/settings.local.jsonpermissions not respected for Bash/Write/Edit operations (even withbypassPermissionsmode)Issue Type
Bug Report
Environment
Claude Code Version: Latest (VSCode Extension)
VSCode Version: Latest
OS: Windows 11
Extension Environment: VSCode Claude Code Extension
Summary
The
.claude/settings.local.jsonpermission configuration system appears to only work for Read-type tools (Read, Glob, Grep) but does NOT respect allow/deny rules for Bash commands, Write operations, or Edit operations in the VSCode extension environment.Critical Finding: Even with
bypassPermissionsmode enabled (which should bypass ALL permission checks), users still receive approval prompts for Bash, Write, and Edit operations.Expected Behavior
When
.claude/settings.local.jsoncontains:{ "permissions": { "defaultMode": "dontAsk", "allow": [ "Read(**)", "Glob", "Grep", "Task", "Bash(dir:*)" ], "deny": [ "Read(.env)", "Read(.env.*)", "Read(secrets/**)", "Read(credentials.json)", "Read(.aws/**)", "Read(.git/config)", "Read(../**)" ] } }AND VSCode setting
claudeCode.initialPermissionModeis set to"acceptEdits"or"bypassPermissions",Expected: All allowed operations should execute without approval prompts, including:
Bash(dir:*)Actual Behavior
What Works (No Prompts):
What Still Prompts (Despite Configuration):
Critical Issue: Even with VSCode
initialPermissionModeset to"bypassPermissions"(which should bypass ALL permission checks), the following still prompted:cat thoughts/project/work/doing/.limitReproduction Steps
Configuration Setup
.claude/settings.local.jsonin project root:{ "permissions": { "defaultMode": "dontAsk", "allow": [ "Read(**)", "Glob", "Grep", "Task", "Bash(dir:*)" ], "deny": [ "Read(.env)", "Read(.env.*)", "Read(secrets/**)", "Read(credentials.json)", "Read(.aws/**)", "Read(.git/config)", "Read(../**)" ] } }Claude Code: Initial Permission Modeto"acceptEdits"Test Case 1: Read Operations (These Work)
Test Case 2: Bash Commands (These Fail)
cat thoughts/project/work/doing/.limitls -lagit statusTest Case 3: Write/Edit Operations (These Fail)
Test Case 4: bypassPermissions Mode (Critical Finding)
"bypassPermissions"This suggests the permission system is not properly integrated for these operation types.
Root Cause Analysis
Based on extensive testing, the VSCode extension appears to have two separate permission pathways:
Pathway 1 (Works): Read-type tools (Read, Glob, Grep, Task)
.claude/settings.local.jsonallow/deny rulesdefaultMode: "dontAsk"Pathway 2 (Broken): Bash/Write/Edit operations
.claude/settings.local.jsonallow/deny rulesinitialPermissionModesettingbypassPermissionsmode (which should skip ALL checks) still promptsHypothesis: Bash/Write/Edit operations may use a different permission check mechanism that is not connected to the configuration system.
Impact
Severity: Medium-High
User Impact:
bypassPermissionsmode not working as expected is particularly concerningWorkaround:
Additional Context
Testing Environment Details
.claude/settings.local.jsonfile exists (no conflicts)initialPermissionModevalues:default,acceptEdits,plan,bypassPermissionsBash(cat:*),Bash(ls:*),Bash(pwd),Bash(git status),Bash(dir:*)Configuration Files Verified
.claude/settings.local.json:{ "permissions": { "defaultMode": "dontAsk", "allow": [ "Read(**)", "Glob", "Grep", "Task", "Bash(dir:*)" ], "deny": [ "Read(.env)", "Read(.env.*)", "Read(secrets/**)", "Read(credentials.json)", "Read(.aws/**)", "Read(.git/config)", "Read(../**)" ] } }VSCode
settings.json:{ "claudeCode.initialPermissionMode": "acceptEdits" }Expected vs Actual Permission Matrix
.claude/settings.local.jsonacceptEditsModebypassPermissionsModeSuggested Fix
bypassPermissionsmode actually bypasses all permission checks (currently not working)Related Issues
(Search for similar issues - #15772 ]
Questions for Claude Code Team
.claude/settings.local.jsonsupposed to work for Bash/Write/Edit operations in VSCode extension?bypassPermissionsmode eliminate ALL prompts? (Currently it doesn't for Bash/Write/Edit)Reported By: SpearIT Project Framework Team
Date: 2025-12-31
Contact: (Add your GitHub username when submitting)
What Should Happen?
Expected: All allowed operations should execute without approval prompts, including:
Bash(dir:*)Error Messages/Logs
Steps to Reproduce
See description above.
Claude Model
Sonnet (default)
Is this a regression?
I don't know
Last Working Version
No response
Claude Code Version
Model: Claude Sonnet 4.5 (model ID: claude-sonnet-4-5-20250929) - VSCode ext 2.0.75
Platform
Anthropic API
Operating System
Windows
Terminal/Shell
PowerShell
Additional Information
No response