claude-code icon indicating copy to clipboard operation
claude-code copied to clipboard
Published 2 hours ago verified publisher icon anthropics

Permissions Configuration Bypass in Local Settings Enforcement

Open ccdatatraits opened this issue 6 months ago • 0 comments

The user has configured their local .claude/settings.local.json to deny file listing operations:

{ "permissions": { "allow": [], "deny": [ "Bash(ls:)", "LS", "Search(pattern: "")" ] } }

However, they can still list files even after running the /clear command, indicating the permission settings aren't being properly enforced.

Environment:

  • Platform: darwin
  • Terminal: tmux
  • Version: 1.0.35
  • Feedback ID: c769e31a-6137-429a-be4c-491d436abe23

Errors: The error logs show Invalid settings errors with Expected object, received null validation failures in the Claude Code CLI, suggesting there's an issue with how the local settings are being parsed or applied.

This appears to be a security/configuration bug where local permission restrictions are being bypassed, specifically for file listing operations.

ccdatatraits avatar Jun 29 '25 10:06 ccdatatraits