Issue Station
Sign In
Tools hereToolbox

claude-code - 💡(How to fix) Fix Path-pattern scanner false-positives on macOS usernames containing `.`, and "always allow" option fails to persist a rule (Bash and Write only; Edit unaffected) [3 comments, 2 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
anthropics/claude-code#54856Fetched 2026-04-30 06:34:00
View on GitHub
Comments
3
Participants
2
Timeline
10
Reactions
0
Author
josejimenezjr0josejimenezjr0
Participants
github-actions[bot]github-actions[bot]josejimenezjr0josejimenezjr0
Timeline (top)
labeled ×5commented ×3cross-referenced ×2

Three related issues in the path-pattern security scanner that produces "suspicious Windows path pattern that requires manual approval":

  1. False positive on macOS usernames containing a period. Any path under /Users/<username-with-period>./... matches because the literal <letter>./ looks like a Windows drive-letter pattern (C:\). macOS allows periods in usernames; on my machine the username is josejimenezjr. (a common abbreviation for "Jr.") so every home-directory path under /Users/josejimenezjr./... triggers the scanner.
  2. "Yes, and always allow" doesn't persist. Selecting option 2 ("always allow access to <folder>/ from this project") does not write a rule to .claude/settings.local.json. Verified by file mtime and rule count remaining unchanged after multiple selections.
  3. Pre-installed allow-rules are bypassed. Manually adding Write(//path/**), Write(/path/**), and Bash(<exact-prefix>:*) rules to .claude/settings.local.json does not suppress the scanner. The scanner runs at a layer above the permission/allow-list system.
  4. Tool coverage: scanner fires on Bash and Write tool calls but not on Edit. Edit-tool calls to the same paths use the standard out-of-cwd permission prompt (different wording: "allow all edits in <folder>/ during this session") and are correctly suppressed by auto mode for in-project files.

Root Cause

  1. False positive on macOS usernames containing a period. Any path under /Users/<username-with-period>./... matches because the literal <letter>./ looks like a Windows drive-letter pattern (C:\). macOS allows periods in usernames; on my machine the username is josejimenezjr. (a common abbreviation for "Jr.") so every home-directory path under /Users/josejimenezjr./... triggers the scanner.
  2. "Yes, and always allow" doesn't persist. Selecting option 2 ("always allow access to <folder>/ from this project") does not write a rule to .claude/settings.local.json. Verified by file mtime and rule count remaining unchanged after multiple selections.
  3. Pre-installed allow-rules are bypassed. Manually adding Write(//path/**), Write(/path/**), and Bash(<exact-prefix>:*) rules to .claude/settings.local.json does not suppress the scanner. The scanner runs at a layer above the permission/allow-list system.
  4. Tool coverage: scanner fires on Bash and Write tool calls but not on Edit. Edit-tool calls to the same paths use the standard out-of-cwd permission prompt (different wording: "allow all edits in <folder>/ during this session") and are correctly suppressed by auto mode for in-project files.

Fix Action

Workaround

None known. Option 2 fails silently. Manual allow-rules are not respected by this scanner. Affected users on macOS with periods in their username must manually approve every Bash and Write call to home-directory paths.

Code Example

echo test > /Users/josejimenezjr./test.txt

---

"Write(//Users/josejimenezjr./**)",
   "Write(/Users/josejimenezjr./**)",
   "Bash(echo SCANNER_PROBE:*)"
RAW_BUFFERClick to expand / collapse

Summary

Three related issues in the path-pattern security scanner that produces "suspicious Windows path pattern that requires manual approval":

  1. False positive on macOS usernames containing a period. Any path under /Users/<username-with-period>./... matches because the literal <letter>./ looks like a Windows drive-letter pattern (C:\). macOS allows periods in usernames; on my machine the username is josejimenezjr. (a common abbreviation for "Jr.") so every home-directory path under /Users/josejimenezjr./... triggers the scanner.
  2. "Yes, and always allow" doesn't persist. Selecting option 2 ("always allow access to <folder>/ from this project") does not write a rule to .claude/settings.local.json. Verified by file mtime and rule count remaining unchanged after multiple selections.
  3. Pre-installed allow-rules are bypassed. Manually adding Write(//path/**), Write(/path/**), and Bash(<exact-prefix>:*) rules to .claude/settings.local.json does not suppress the scanner. The scanner runs at a layer above the permission/allow-list system.
  4. Tool coverage: scanner fires on Bash and Write tool calls but not on Edit. Edit-tool calls to the same paths use the standard out-of-cwd permission prompt (different wording: "allow all edits in <folder>/ during this session") and are correctly suppressed by auto mode for in-project files.

Environment

  • Claude Code: 2.1.123 (latest published on npm at time of report)
  • macOS, username josejimenezjr. (legal trailing period in macOS username)
  • Auto mode (bypassPermissions) active

Reproduction

  1. macOS account with a period in the username (e.g. josejimenezjr.).
  2. In Claude Code with auto mode on, run a Bash command that writes to a home-directory path: 
    echo test > /Users/josejimenezjr./test.txt
  3. Observe prompt:

    Claude requested permissions to write to /Users/josejimenezjr./test.txt, which contains a suspicious Windows path pattern that requires manual approval.

  4. Pick option 2 ("Yes, and always allow access to josejimenezjr./ from this project").
  5. Run the same command again. Expected: silent. Actual: prompts again.
  6. Inspect <project>/.claude/settings.local.json: file mtime unchanged, no new rule added.
  7. Pre-install the following rules manually in .claude/settings.local.json: 
    "Write(//Users/josejimenezjr./**)",
"Write(/Users/josejimenezjr./**)",
"Bash(echo SCANNER_PROBE:*)"
    Run a matching echo SCANNER_PROBE_BASH > /Users/josejimenezjr./scanner_probe.txt. Actual: still prompts.
  8. Use the Edit tool against an existing in-project file under home dir (e.g. <project>/.claude/settings.local.json). Actual: silent (auto mode handles it correctly). Edit on an existing file outside the project working directory under home dir prompts with the standard "Yes, allow all edits during this session" prompt, not the scanner warning.

Workaround

None known. Option 2 fails silently. Manual allow-rules are not respected by this scanner. Affected users on macOS with periods in their username must manually approve every Bash and Write call to home-directory paths.

Related

  • #41763 (bypassPermissions silently downgrades to acceptEdits after approving suspicious-path prompt) - same scanner family.

extent analysis

TL;DR

The path-pattern security scanner in Claude Code may be fixed by updating the scanner's logic to correctly handle macOS usernames with periods and ensuring that "always allow" options persist and are respected.

Guidance

  • The scanner's false positives on macOS usernames with periods can be mitigated by modifying the scanner's pattern-matching logic to account for this valid character in usernames.
  • To address the issue of "always allow" options not persisting, verify that the .claude/settings.local.json file is being written to correctly and that the file's permissions allow for modifications.
  • Pre-installed allow-rules not being respected by the scanner may indicate a layering issue, where the scanner is running at a level that bypasses the permission/allow-list system, and thus may require adjustments to how rules are applied or the scanner's integration with the permission system.
  • Testing with different tool calls (e.g., Bash, Write, Edit) can help isolate which components of the system are correctly handling permissions and which are not.

Example

No specific code snippet can be provided without modifying the existing scanner logic, but an example of how the pattern-matching might be adjusted could involve adding a check for the username format in macOS paths.

Notes

The provided information suggests that the issue is specific to the interaction between the path-pattern security scanner and macOS usernames with periods, as well as the persistence and respect of "always allow" options and pre-installed rules. The solution may involve updates to the scanner's logic and its integration with the permission system.

Recommendation

Apply a workaround by manually adjusting the scanner's configuration or logic to handle macOS usernames with periods correctly until a formal update is available that addresses these issues. This is because the current behavior causes significant inconvenience for users with such usernames, and a targeted workaround can mitigate the issue while awaiting a comprehensive fix.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#LLM response#prompt template#agent execution#callback error#memory management

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING

claude-code - 💡(How to fix) Fix Path-pattern scanner false-positives on macOS usernames containing `.`, and "always allow" option fails to persist a rule (Bash and Write only; Edit unaffected) [3 comments, 2 participants]