Background agents (run_in_background: true) can't perform write operations even when those operations are in permissions.allow. Read-only operations work fine.
This is a known bug. The workaround: use bypassPermissions mode and add hooks for safety.
Set agents to mode: "bypassPermissions" to skip the broken permissions layer, then use PreToolUse hooks to enforce safety rules:
{
"hooks": {
"PreToolUse": [
{
"matcher": "Bash",
"hooks": [{
"type": "command",
"command": "bash ~/.claude/hooks/destructive-guard.sh"
}]
}
]
}
}
Hooks fire regardless of permission mode — they run at the process level and cannot be bypassed by the model.
npx cc-safe-setup
892 example hooks. 213 test files.
cc-safe-setup · 892 example hooks · 213 test files · GitHub