anthropics
Built-in Plan agent ignores parent settings.json permissions and repeatedly prompts for pre-approved tools
Description
The built-in Plan agent repeatedly asks for permissions for tools that are already approved in my root ~/.claude/settings.json file. This makes the Plan agent workflow frustrating and interrupts the planning process.
Environment
- Claude Code Version: 2.0.28+ (Plan agent introduced in this version)
- Platform: macOS (Darwin 25.0.0)
- Configuration: Extensive permissions.allow list in
~/.claude/settings.json
Current Behavior
When Claude Code invokes the built-in Plan agent (subagent), it repeatedly requests permissions for Bash tools that are already approved in my root settings.json file.
I've noticed that it happens most often with piped (|) commands.
Expected Behavior
Built-in subagents like Plan should inherit or respect the permissions already configured in settings.json, similar to how the main Claude conversation respects these settings.
Root Cause Analysis
Based on documentation review:
- Subagents have their own separate tool permissions
- The
toolsfield inheritance (when omitted) only applies to custom subagents - Built-in subagents like Plan have predefined tool configurations that don't inherit from parent settings
- Users cannot customize built-in subagent permissions
Related Issues
This issue is related to but distinct from:
- #5465 - Task subagents fail to inherit permissions (MCP-specific)
- #4801 - Need better way to restrict subagent tool use
- #4750 - Ambiguity in Subagent Behavior in Plan Mode
- #8395 - User-Level Agent Rules and Rule Propagation
However, this specifically affects built-in agents like Plan, not just custom subagents or MCP scenarios.
Proposed Solution
- Option A: Built-in subagents should inherit permissions from parent
settings.jsonby default - Option B: Provide a way to configure built-in subagent permissions (e.g.,
.claude/agents/plan.override.md) - Option C: Add a setting like
"builtinAgentsInheritPermissions": true
Workarounds Attempted
None available. Cannot modify built-in agent configurations.
Impact
- Interrupts workflow with repeated permission prompts
- Makes Plan mode less useful despite being a valuable feature
- Undermines the purpose of pre-configuring extensive permission lists
+1 Happening consistently for me as well. Have looked for syntax errors/typos in settings.local.json (which makes the whole file get silently ignored, but that's another problem) and --dangerously-skip-permissions, neither of which allow the plan agent to operate without checking for every permissions.
This is a critical bug IMO because the expected workaround for users is to opt in to --dangerously-skip-permissions which we know is, as the flag states, dangerous. This is potential liability for Anthropic.
@brendanstennett I agree this should be treated as a critical bug.
Until they fix it, I was able to fix this by adding this permission:
{
"permissions": {
"allow": [
"Bash"
]
}
}
Thanks @PaulRBerg
Sadly, just a "Do anything you want with Bash" is just a very risky workaround. I've been using devcontainers to help alleviate the risks associated as well.
I know it's risky. But the alternative is to give 200+ approvals every day for commands that I have already approved. That would be a massive slowdown in productivity.
I urge the Anthropic team to fix this bug ASAP 🙏
I can't approve hundreds of sub-agent requests a day either I shouldn't have to resort to unsafe operations to work around it. Can someone from Anthropic please address this critical bug?
