Background agents (run_in_background: true) can't perform write operations even when those operations are in permissions.allow. Read-only operations work fine.
This is a known bug. The workaround: use bypassPermissions mode and add hooks for safety.
Set agents to mode: "bypassPermissions" to skip the broken permissions layer, then use PreToolUse hooks to enforce safety rules:
{
"hooks": {
"PreToolUse": [
{
"matcher": "Bash",
"hooks": [{
"type": "command",
"command": "bash ~/.claude/hooks/destructive-guard.sh"
}]
}
]
}
}Hooks fire regardless of permission mode — they run at the process level and cannot be bypassed by the model.
npx cc-safe-setup591 hooks. 8,872 tests.
cc-safe-setup · 591 hooks · 8,872 tests · GitHub