claude-code icon indicating copy to clipboard operation
claude-code copied to clipboard
Published 1 month ago verified publisher icon anthropics

[BUG] Using dangerously-skip-permissions on a new folder skips trust check and breaks hooks

Open christophercolumbusdog opened this issue 4 months ago • 8 comments

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

When you typically start normal claude in a new folder, you get a warning like:

> claude

 Do you trust the files in this folder?

 /Users/PERSON/data/newFolder

 Claude Code may read, write, or execute files contained in this directory. This can pose security risks, so
 only use files from trusted sources.

 Learn more ( https://docs.claude.com/s/claude-code-security )

 ❯ 1. Yes, proceed
   2. No, exit

 Enter to confirm · Esc to exit

However, if you go into a new folder and run claude --dangerously-skip-permissions, it will skip the folder trust check, but it will not mark the folder as trusted.

What Should Happen?

Either Claude Code should still ask you whether you trust the folder in --dangerously-skip-permissions mode, or the folder/workspace should automatically be marked as trusted when running in that mode.

All hooks and plugins should then work in the new folder, even if you've only ever run Claude with --dangerously-skip-permissions in that folder.

Error Messages/Logs

From the debug logging:

84:[DEBUG] Skipping SessionStart:startup hook execution - workspace trust not accepted
124:[DEBUG] Trust not accepted for current directory - skipping plugin installations
162:[DEBUG] Skipping SubagentStop hook execution - workspace trust not accepted
167:[DEBUG] Skipping UserPromptSubmit hook execution - workspace trust not accepted
1057:[DEBUG] Skipping Stop hook execution - workspace trust not accepted

Steps to Reproduce

  1. Create a hook to run on STOP, such as:
{
  "hooks": {
    "Stop": [
      {
        "hooks": [
          {
            "type": "command",
            "command": "echo 'hello'"
          }
        ]
      }
    ]
  }
}
  1. Create a new folder inside of which Claude Code has never been launched
  2. Launch Claude Code with claude --dangerously-skip-permissions --debug. Notice the folder trust prompt is never shown.
  3. Give it a test prompt, and let it respond and stop
  4. Check debug logs for skipped hook checks

Claude Model

Sonnet (default)

Is this a regression?

I don't know

Last Working Version

No response

Claude Code Version

2.0.27

Platform

Other

Operating System

macOS

Terminal/Shell

Warp

Additional Information

No response

christophercolumbusdog avatar Oct 27 '25 05:10 christophercolumbusdog

A workaround for now could be to use claude --allow-dangerously-skip-permissions It will provide the trust prompt.

Loui2 avatar Oct 27 '25 18:10 Loui2

Is this a regression?

Yes, this is a regression. This wasn't a problem in earlier versions.

I'm not sure which version introduced this bug - but I'm currently on v2.0.28

PaulRBerg avatar Oct 28 '25 13:10 PaulRBerg

While we are it, could we get a little more visual hints when a hook is failing? The only way to figure this out is to run claude --debug and open the log file. But it'd be helpful if there was some sort of red error icon somewhere in the bottom of the terminal UI.

PaulRBerg avatar Oct 28 '25 13:10 PaulRBerg

@ddworken has a fix that will come out in the next version.

We do typically show a system warning when a hook fails to run. This issue happens to occur before hooks would even run -- would it be helpful to show the number of hook executions by type in /status?

dicksontsai avatar Oct 29 '25 05:10 dicksontsai

Would it be helpful to show the number of hook executions by type in /status

Yes, definitely

PaulRBerg avatar Oct 29 '25 09:10 PaulRBerg

@dicksontsai That's great!! I am looking at https://github.com/ddworken?tab=overview&from=2025-09-01&to=2025-09-30 and https://github.com/anthropics/claude-code/blame/7a05427a4b02a0b0bc6ab671d89a75adf90d7f1c/CHANGELOG.md and I cannot see the fix that you mention. When do you think it will be available?

kovkev avatar Nov 05 '25 22:11 kovkev

Obviously --allow-dangerously-skip-permissions should not have trust checks to begin with. This is a ridiculous bug. I run in a sandboxed environment and it took many hours to see why this was causing my hooks to not work.

I only even have to use -allow-dangerously-skip-permissions in a sandbox specifically to workaround the litany of other bugs in your broken half-baked security model.

And I only even need hooks to workaround countless other bugs and model misbehavior.

Still open after a month. Do you guys ever do any work at anthropic?

em avatar Nov 23 '25 09:11 em

This issue has been inactive for 30 days. If the issue is still occurring, please comment to let us know. Otherwise, this issue will be automatically closed in 30 days for housekeeping purposes.

github-actions[bot] avatar Dec 23 '25 10:12 github-actions[bot]