anthropics
[BUG] Claude code keeps asking for permission despite already having it.
Environment
- Platform (select one):
- [ ] Anthropic API
- [X ] AWS Bedrock
- [ ] Google Vertex AI
- [ ] Other:
- Claude CLI version:
1.0.34 (Claude Code) - Operating System: 14.7.6 (23H626)
- Terminal: Terminal App
Bug Description
Despite claude having access to find command, it will continously ask for permission. Happens the same with grep and a bunch of other tools.
{
"permissions": {
"allow": [
...
"Bash(find:*)",
...
╭────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ Bash command │
│ │
│ find /Users/spyne/repo/pinot -name "*.java" -exec grep -l "CONFIG_OF_ZOOKEEEPER_SERVER\|CONFIG_OF_CONTROLLER_PORT" {} \; │
│ Find files that contain these constants │
│ │
│ Do you want to proceed? │
│ ❯ 1. Yes │
│ 2. Yes, and don't ask again for similar commands in /Users/spyne/repo/startree-pinot │
│ 3. No, and tell Claude what to do differently (esc)
Steps to Reproduce
- Jusk ask to build something.
Expected Behavior
It should continue given that it has the permissions
Actual Behavior
It stops and waits for user input
Additional Context
Using Claude 4 sonnet using Bedrock APIs
If Claude Code has a way to do something without asking permission, it will find another way so as to require permission.
There must be a "productivity" setting set really low by default somewhere...
This is constantly happening to me with grep and rg commands. It is very annoying. I have multiple claude.json files set up to allow them but it still asks me to approve them manually, like every 15 seconds.
Yep, "Yes, and don't ask again for similar commands..." doesn't actually take effect.
You can use: claude --dangerously-skip-permissions to byass this.
I'm using this all the time, does not work for me.
I tell it to be --dangerously-skip-permissions and then it becomes the head of HR/Legal like, do we really even know you? Lol
I agree, I have not found any good way to make it respect any kind of globbing in permissions. When it's running unit tests I have to give it permission CONSTANTLY. It seems to find new and ever more creative ways to invoke a unit test that require new permissions.
I'm also running into this issue, and it's incredibly painful. I've tried every combination of allows in settings.local.json but nothing is working.
3 weeks since this and no evidence that anyone is even working it. Is Anthropic even using this tool themselves?
Since the parents @bcherny and kat left, could be some orphan time.
I am working around this in 3 ways:
- "# Prefer internal tools vs command line commands like find and grep" - reduces some permission noise
- Using dev containers to run with
--dangerously-skip-permissions- https://docs.anthropic.com/en/docs/claude-code/devcontainer - Lastly, cc introduced hooks ❤️ - https://docs.anthropic.com/en/docs/claude-code/hooks if you want to code up your own security management/audit tool
Take help of cc to set up the last 2 :)
Same here, very annoying and reduce productivity.
Please priority this.
Hi, thanks for reporting this. I spent some time looking at this issue today. The permission system seems to be working correctly on my setup, so I need more details to repro it.
How permissions work today
- Permission rules like Bash(find:*) use prefix matching
- Complex commands are split in some cases and each part is checked separately for better security
- Commands with potential injection patterns may trigger permission prompts even if prefix is allowed
Please provide:
- Your exact settings.json permissions config
- Specific user prompt that being used
- Specific command being issued by Claude Code that required a permission prompt
Hi @kushal-thakkar
Thanks for sharing. I think some of the major bugs has been addressed already. This was reported a month back. 1 request is to please review the information shared in the issue above before responding.
Thank you to you and your team for building this amazing tool! 🙏
Hi, thanks for reporting this. I spent some time looking at this issue today. The permission system seems to be working correctly on my setup, so I need more details to repro it.
How permissions work today
- Permission rules like Bash(find:*) use prefix matching
- Complex commands are split in some cases and each part is checked separately for better security
- Commands with potential injection patterns may trigger permission prompts even if prefix is allowed
Please provide:
- Your exact settings.json permissions config
- Specific user prompt that being used
- Specific command being issued by Claude Code that required a permission prompt
I'm not sure if your 3rd point is causing it, but here is an example:
I have this set in the project .claude/settings.local.json and ~/.claude.json
{
"permissions": {
"allow": [
"Bash(find:*)",
"Bash(ls:*)",
"Bash(grep:*)",
"Bash(npm install:*)",
"Bash(npm test:*)",
"Bash(node:*)",
"Bash(npm run lint)",
"Bash(npm run build:*)",
"Bash(mkdir:*)",
"Bash(npx tsc:*)",
"Bash(npx jest:*)",
"Bash(rg:*)",
"Bash(npm run lint:*)",
"Bash(npx eslint:*)",
"Bash(npm run test:*)",
"Bash(sed:*)"
]
}
This is the typical response I get when it's searching for files or text. These all happened back to back. It prompted me 4 times to hit Yes (probably would have done it more but I exited), even though I have permissions for Bash(rg:*) and Bash(grep:*) allowed.
Bash(rg -n "api/time|api/v2/time" --type ts --type tsx --type js --type jsx)
⎿ Running…
╭────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ Bash command │
│ │
│ rg -n "api/time|api/v2/time" --type ts --type tsx --type js --type jsx │
│ Search for api/time calls in JavaScript/TypeScript files │
│
│ Do you want to proceed?
│
│ ❯ 1. Yes
⏺ Bash(rg -n "api/time|api/v2/time" -t ts -t js)
⎿ Running…
╭────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ Bash command │
│ │
│ rg -n "api/time|api/v2/time" -t ts -t js │
│ Search for api/time calls in JS/TS files │
│
│ Do you want to proceed?
│
│ ❯ 1. Yes
⏺ Bash(rg -n "api/time|api/v2/time" -t php)
⎿ Running…
╭────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ Bash command │
│ │
│ rg -n "api/time|api/v2/time" -t php │
│ Search for api/time calls in PHP files │
│ │
│ Do you want to proceed?
│
│ ❯ 1. Yes
Bash(grep -r "api/time\|api/v2/time" --include="*.php" . | head -20)
⎿ Running…
╭────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ Bash command │
│ │
│ grep -r "api/time\|api/v2/time" --include="*.php" . | head -20 │
│ Search for api/time in PHP files │
│ │
│ Do you want to proceed? │
│ ❯ 1. Yes
I've also had it do similar things with the grep command and npm run test commands. I think that last one might be because i don't have permissions for head, which I will add. But it seems like the others shouldn't be asking for permission.
This issue has been automatically locked since it was closed and has not had any activity for 7 days. If you're experiencing a similar issue, please file a new issue and reference this one if it's relevant.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}