Detailed Analysis
A Reddit user's accidental broad permission grant to Claude Code within the Claude.ai desktop application highlights a recurring friction point in AI-integrated development tools: the gap between how permissions are granted (quickly, in a moment of distraction) and how they are revoked (obscurely, across multiple possible configuration surfaces). The user clicked "always allow" on a broad file access prompt while focused on their work, and subsequently found themselves unable to locate the relevant configuration to reverse the decision. Their attempts — running `/permissions` in the desktop app and searching for `~/.claude/settings.json` — were reasonable first instincts, but as they discovered, the desktop app and the terminal-based Claude Code CLI do not necessarily share the same configuration architecture or in-app tooling surface.
The resolution pathway is actually multifaceted, reflecting the fact that "Claude Code access to repositories" may refer to two distinct permission layers that the user conflated into one. The first is the Anthropic GitHub App authorization, which operates at the GitHub account level and can be revoked directly through GitHub's Settings > Applications > Authorized GitHub Apps panel. This is the authoritative control point for repository-level read/write access granted to Claude via OAuth. The second layer is local filesystem permissions — the "always allow" rules governing Claude Code's ability to traverse directories on the user's machine — which are stored in `~/.claude/settings.json` at the user level or `.claude/settings.json` at the project level, and can be edited or managed via the `/permissions` command in Claude Code's terminal interface. On macOS, a third layer exists: system-level file access grants managed under System Settings > Privacy & Security > Files and Folders, where Claude Desktop may appear as a registered application.
The confusion the user experienced points to a meaningful UX challenge Anthropic faces as it bridges Claude Code — originally a terminal-first power-user tool — into a more consumer-accessible desktop application. The `/permissions` command not working in the desktop app context, and the `settings.json` file being difficult to locate for users unfamiliar with hidden directories, suggests the desktop app's permission management interface has not fully caught up to the CLI's capabilities. For developers accustomed to the terminal workflow, these configuration files are intuitive; for the broader audience the desktop app targets, the absence of a visible, in-app permissions management panel creates exactly the kind of anxiety the Reddit poster expressed.
This incident sits within a broader pattern in the AI tooling ecosystem: permission prompts during moments of user focus are systematically likely to result in over-grants, and the asymmetry between granting and revoking access erodes user trust even when no harm occurs. Tools like GitHub Copilot, Cursor, and other AI coding assistants have faced similar criticism. Anthropic's Claude Code, given its explicit design to operate autonomously across filesystems and execute shell commands, carries a higher stakes profile than autocomplete-style tools — making clear, accessible, reversible permission management not merely a convenience feature but a foundational trust requirement for broad adoption.
Read original article →