[BUG] Claude Code loads and exports .env on startup, even with read permissions denied

[gndk]

Environment

• Platform (select one):
  • [ ] Anthropic API
  • [ ] AWS Bedrock
  • [ ] Google Vertex AI
  • [ ] Other:
• Claude CLI version: 1.0.73 (Claude Code)
• Operating System: macOS & Ubuntu 22.04
• Terminal: iterm2 & ghostyy

Bug Description

Claude Code loads and exports .env on startup, even with read permissions denied.

Steps to Reproduce

1. Start CC in empty directory, ask it "check APP_ENV env var". It will output empty.
2. Add .env with "APP_ENV=dev".
3. Start CC again, ask it "check APP_ENV env var". It will output "dev".
4. Add permissions.deny config for .env and .env.*, per https://docs.anthropic.com/en/docs/claude-code/settings#excluding-sensitive-files
5. Start CC again, ask it "check APP_ENV env var". It will output "dev". Ask it "whats in .env". It won't be able to read the file because of the permissions settings.

Expected Behavior

Either don't load .env files and export the variables as env vars OR at least document it.

The permissions should not be ignored either way.

Actual Behavior

Claude Code loads .env on startup, even with permissions denied in settings.json.

Additional Context

It is NOT inheriting it from my shell session. The var is not set there.

[github-actions[bot]]

Found 3 possible duplicate issues:

1. https://github.com/anthropics/claude-code/issues/401
2. https://github.com/anthropics/claude-code/issues/3403
3. https://github.com/anthropics/claude-code/issues/3501

This issue will be automatically closed as a duplicate in 3 days.

• If your issue is a duplicate, please close it and 👍 the existing issue instead
• To prevent auto-closure, add a comment or 👎 this comment

🤖 Generated with Claude Code

[s-celles]

Here is an example of a claude code session...

❯ claude
╭───────────────────────────────────────────────────╮
│ ✻ Welcome to Claude Code!                         │
│                                                   │
│   /help for help, /status for your current setup  │
│                                                   │
│   cwd: /home/scelles-admin/test-claude            │
╰───────────────────────────────────────────────────╯

 Tips for getting started:

 1. Run /init to create a CLAUDE.md file with instructions for Claude
 2. Use Claude to help with file analysis, editing, bash commands and git
 3. Be as specific as you would with another engineer for the best results

> peux tu lire le fichier env

● Read(env)
  ⎿  Error reading file

● Le fichier env n'existe pas. Voulez-vous que je vérifie s'il y a des fichiers similaires comme .env ou .env.example ?

● List(.)
  ⎿  Listed 2 paths (ctrl+r to expand)

● Le répertoire est vide. Il n'y a aucun fichier env ou .env dans le répertoire courant.

> peux tu lire le fichier .env

● Read(.env)
  ⎿  Read 2 lines (ctrl+r to expand)

● Le fichier .env contient :
  PASSWORD=ClaudeIsNice

> pourquoi tu ne respectes pas ~/.claude/settings.json

● Je ne vois pas de fichier ~/.claude/settings.json dans votre répertoire de travail actuel. Ce fichier de configuration Claude
  Code se trouve normalement dans votre répertoire home.

● Read(../.claude/settings.json)
  ⎿  No (tell Claude what to do differently)

> voici ce qu'il contient

● D'accord, pouvez-vous me montrer le contenu de votre fichier ~/.claude/settings.json ? Cela m'aiderait à comprendre quels
  paramètres je ne respecte pas.

> {
    "permissions": {
      "deny": [
        "Read(./.env)",
        "Read(./.env.*)",
        "Read(./secrets/**)",
        "Read(./config/credentials.json)"
      ]
    }
  }

● Je comprends maintenant. Votre fichier ~/.claude/settings.json configure des permissions qui interdisent la lecture de
  fichiers .env, mais j'ai quand même pu lire le fichier .env dans votre répertoire.

  Cela suggère que soit :
  1. Les permissions dans settings.json ne sont pas correctement appliquées
  2. Il y a un problème avec la configuration des hooks de permissions

  Vous devriez vérifier votre configuration Claude Code ou signaler ce problème sur
  https://github.com/anthropics/claude-code/issues car les permissions définies dans settings.json devraient normalement bloquer
   l'accès aux fichiers .env.

(english translation)

❯ claude
╭───────────────────────── ──────────────────────────╮
│ ✻ Welcome to Claude Code! │
│ │
│ /help for help, /status for your current setup │
│ │
│ cwd: /home/scelles-admin/test-claude │
╰───────────────────────── ──────────────────────────╯ 

Tips for getting started: 

1. Run /init to create a CLAUDE.md file with instructions for Claude
2. Use Claude to help with file analysis, editing, bash commands, and git
3. Be as specific as you would with another engineer for the best results

> can you read the env file?

● Read(env)
⎿ Error reading file

● The env file doesn't exist. Do you want me to check for similar files like .env or .env.example?

● List(.)
⎿ Listed 2 paths (ctrl+r to expand)

● The directory is empty. There are no env or .env files in the current directory.

> Can you read the .env file?

● Read(.env)
⎿ Read 2 lines (ctrl+r to expand)

● The .env file contains:
PASSWORD=ClaudeIsNice

> Why aren't you respecting ~/.claude/settings.json?

● I don't see a ~/.claude/settings.json file in your current working directory. This Claude Code configuration file is normally located in your home directory.

● Read(../.claude/settings.json)
⎿ No (tell Claude what to do differently)

> Here's what it contains.

● Okay, can you show me the contents of your ~/.claude/settings.json file? This would help me understand which
settings I'm violating.

> {
"permissions": {
"deny": [
"Read(./.env)",
"Read(./.env.*)",
"Read(./secrets/**)",
"Read(./config/credentials.json)"
]
}
}

● I understand now. Your ~/.claude/settings.json file configures permissions that prohibit reading
.env files, but I was still able to read the .env file in your directory.

This suggests that either:
1. The permissions in settings.json are not being applied correctly
2. There is a problem with the configuration of the permission hooks

You should check your Claude Code configuration or report this issue at
https://github.com/anthropics/claude-code/issues because the permissions set in settings.json should normally block
access to .env files.

[s-celles]

I did it according to https://claude.ai/share/b416df22-ecfc-43e3-a938-dbb5426e21b9

[timmygee]

It seems that at least the Bash() rule is reading the .env

Actually if you get claude to run the printenv command the values from .env will be there. Even when adding a deny rule for that file.

Claude should take the environment in from what is running, not from some arbitrary .env file. Or at least provide an option for the .env to be ignored.

I have also reported this in #6323

[RobinDaugherty]

This seems to happen with the native binary installation, and does not seem to affect claude when installed by npm.

The VSCode extension seems to include/install the native binary (and is therefore afflicted by this issue), and I was able to fix it by replacing the file native_binary/claude within the installed extension with a symlink to my npm-installed claude executable.

[rsanheim]

This is a dupe of https://github.com/anthropics/claude-code/issues/401 - I tracked it down to the native binary version of claude code and how Bun works. There are full details and reproduction steps in #401.

Still waiting on any acknowledgement or response from Anthropic .

[github-actions[bot]]

This issue has been inactive for 30 days. If the issue is still occurring, please comment to let us know. Otherwise, this issue will be automatically closed in 30 days for housekeeping purposes.