anthropics
VSCode Extension: Permissions not persisting
Environment
- Claude Code VSCode Extension
- macOS
Issue
Permissions saved in .claude/settings.local.json are not being respected. The extension repeatedly asks for tool permissions that have already been allowed.
Current settings.local.json
{
"permissions": {
"allow": [
"Bash(find:*)",
"mcp__enhanced-cot__chainofthought",
"mcp__MCP_DOCKER__fetch",
"mcp__MCP_DOCKER__get-library-docs"
],
"deny": [],
"ask": []
}
}
Expected behavior
Tools in the allow array should not prompt for permission.
Actual behavior
Extension prompts for permission repeatedly, same as if no settings existed.
Notes
- This worked correctly in CLI
- Global
~/.claude/settings.jsonexists and has different schema (no permissions block) - Project-level
.claude/settings.local.jsonhas permissions but they're ignored
Area - Claude Code, CLI, Windows, Mac OS
This is my problem too: my allow section looks like this:
{
"permissions": {
"allow": [
"Bash(git *)",
"Bash(poetry *)",
"Bash(DJANGO_ENV=* poetry *)",
"Bash(TEST_ENV=* *)",
"Bash(python *)",
"Bash(node *)",
"Bash(npm *)",
"Bash(npx *)",
"Bash(powershell *)",
"Bash(cmd *)",
"Bash(mkdir *)",
"Bash(rmdir *)",
"Bash(del *)",
"Bash(rm *)",
"Bash(cp *)",
"Bash(mv *)",
"Bash(move *)",
"Bash(copy *)",
"Bash(cat *)",
"Bash(echo *)",
"Bash(dir *)",
"Bash(ls *)",
"Bash(tree *)",
"Bash(find *)",
"Bash(findstr *)",
"Bash(grep *)",
"Bash(curl *)",
"Bash(wget *)",
"Bash(timeout *)",
"Bash(ping *)",
"Bash(netstat *)",
"Bash(tasklist *)",
"Bash(taskkill *)",
"Bash(test *)",
"Bash(touch *)",
"Bash(tee *)",
"Bash(cut *)",
"Bash(xargs *)",
"Bash(bash *)",
"Bash(sh *)",
"Bash(if *)",
"Bash(for *)",
"Bash(while *)",
"Bash(time *)",
"Bash(export *)",
"Bash(*)",
"WebSearch",
"WebFetch(*)"
],
"deny": [],
"ask": []
},
"outputStyle": "default",
"spinnerTipsEnabled": false
}
WHEN I ask for commit
THEN Claude asks me for git commit approval.
AND
THEN all the "allow" section gets wiped out (no entries at all)
THEN new entry is created with this specific command just approved
All I need to get is Claude Code working with all the tools it needs - the environment is controlled, it can REALLY do whatever it needs, I want it to get all approvals once for good and forget this topic.
I'm experiencing this too, but in cli with the sandbox enabled. Here's what the agent an I worked out together:
Tested on: Claude Code CLI version 2.0.58
Discovery
Project-level .claude/settings.json or .claude/settings.local.json that contain ANY sandbox section will completely override (not merge
with) all user-level sandbox settings from ~/.claude/settings.json.
What This Means
If you have:
- User settings (
~/.claude/settings.json) withsandbox.filesystem.write.allowOnlypaths - Project settings (
.claude/settings.local.json) with ANYsandboxconfiguration
Result: All user-level sandbox paths are completely ignored. The settings are not additive - project settings replace user settings entirely.
Why This Matters
This creates a confusing situation where:
- Users configure sandbox paths in user settings
- Project adds a
sandboxsection (even just"sandbox": { "enabled": true }) - All user-level paths stop working
- Writes fail with "Read-only file system" despite being in user allowOnly
- No indication that project settings are overriding user settings
Expected Behavior
Settings should be additive/merged:
- User settings provide system-wide defaults
- Project settings add project-specific paths
- Combined allowOnly list = user paths + project paths
Actual Behavior
Settings are replaced:
- If project has
sandboxsection, it completely replaces usersandboxsection - User paths are lost entirely
- No warning or indication this is happening
