--dangerously-skip-permissions does not bypass Edit permission prompts

[AaronHallAttorney]

Bug Description

Two related permission bugs when running claude --dangerously-skip-permissions:

Bug A: The --dangerously-skip-permissions CLI flag does not bypass Edit permission prompts. Claude still prompts for Edit approval when editing files in .claude/skills/.

Bug B: Selecting option 2 ("allow all edits during this session") does not persist — subsequent edits to files in different subdirectories prompt again.

Reproduction Steps

1. Configure settings at all three levels (user, project, sub-project) with Edit in the allow list
2. Launch: claude --dangerously-skip-permissions
3. Execute a plan that edits multiple files across .claude/skills/auto/SKILL.md and .claude/skills/_email-common/classification.md
4. Observe: Edit permission prompts appear ~10 times despite the flag

Settings Configuration

All three layers explicitly allow Edit:

Level	File	defaultMode	Edit in allow?
User	~/.claude/settings.json	"default"	Yes (bare Edit)
Project	cc/.claude/settings.json	"default"	Yes (bare Edit + Edit(.claude/**))
Local sub-project	cc/aaron/.claude/settings.local.json	"bypassPermissions"	Yes (bare Edit)

User-level settings also has "skipDangerousModePermissionPrompt": true.

Suspected Root Cause

The project-level defaultMode: "default" appears to override the sub-project's defaultMode: "bypassPermissions". The settings merge logic seems to pick the most restrictive defaultMode from the hierarchy rather than the most specific (deepest) one.

Additionally, for Bug B: "Allow all edits in _email-common/" creates a scoped session rule. Subsequent edits to auto/SKILL.md (a different directory) don't match the scope — prompting again. The unscoped "allow all edits during this session" variant should work universally, but both scoped and unscoped options are offered inconsistently.

Workaround

Moving "defaultMode": "bypassPermissions" to the parent project settings (cc/.claude/settings.json) resolves the issue, but this is overly broad — it affects all sub-projects when only one should have bypass enabled.

Expected Behavior

1. --dangerously-skip-permissions should bypass all tool permission prompts regardless of settings hierarchy
2. When defaultMode: "bypassPermissions" is set at any level in the hierarchy that applies to the current working directory, it should be respected
3. "Allow all edits during this session" (option 2) should persist for the entire session regardless of target directory

Environment

• Platform: Windows 11 Pro (win32)
• Shell: bash (Git Bash)
• Claude Code: latest

[Perlover]

I also ran into this problem. I have version 2.1.79, and it's just terrible.

The thing is, I run the claude code with the option --dangerously-skip-permissions expecting it to silently do everything required for editing so that I can leave it running. However, with this option, it keeps stumbling over the .claude/skills directory in the project:

 Do you want to make this edit to SKILL.md?                                                                                                                                                                                                                                                                                   
 ❯ 1. Yes                                  
   2. Yes, allow all edits during this session (shift+tab)
   3. No                                                  

Every time, it asks for permission, and if you give any permission like 1) or 2), it switches from "bypass permissions on" mode to "accept edits on" mode, essentially disabling the mode set by the --dangerously-skip-permissions option!

This is just an awful bug, and it needs to be fixed as soon as possible because it prevents me from working properly.

Platform: Ubuntu 24.04
Shell: bash
Claude Code: 2.1.79

[xlurie]

Confirmed on v2.1.79 (DevContainer, Linux) — .claude/skills/ and .claude/agents/
both prompt despite being documented as exempt.

Working workaround: binary patch to extension.js that auto-approves all protected
directory writes in bypassPermissions mode. Covers this bug since it matches
all .claude/ subpaths including the supposedly-exempt ones.

Patch details and script: #35942 (comment)

[yurukusa]

/tmp/gh-comment-body.txt

[Kretsche49]

👍 Same issue here on macOS, Claude Code 2.1.81. Affects all open terminal sessions simultaneously. Filed #37181 before finding this duplicate.