How to Fix Subagent Permission Issues in Claude Code

April 21, 2026 · Based on GitHub Issues #51287, #51288, #51289, #51286

The problem: You grant permissions to your parent Claude Code session, but child subagents re-prompt for the same permissions — or silently fail. This is a known bug affecting v2.1.111+.

What's happening

When you accept a permission in the parent session (via UI prompt or --dangerously-skip-permissions), that grant lives in the parent's session memory only. Child subagents spawned via the Agent tool start with a fresh permission state.

This means:

Edit/Write permissions don't propagate — even if your settings.json allows them for specific paths (#51287)
Runtime-accepted grants are invisible to children — the child has no way to know what the parent accepted (#51289)
additionalDirectories globs don't propagate — children can't access paths the parent was given access to (#51286)

Workarounds

1. Pre-declare all permissions in settings.json

Instead of accepting permissions at runtime, declare them upfront:

{
  "permissions": {
    "allow": [
      "Edit",
      "Write",
      "Read",
      "Bash(git *)",
      "Bash(npm *)"
    ],
    "deny": [
      "Bash(rm -rf *)",
      "Bash(git push --force *)"
    ]
  }
}

Pre-declared permissions are read from settings.json at session start, so both parent and child agents see them.

Tip: Run npx @gaebalai/cc-guard --shield to set up a complete permission + hook configuration that works for both parent and subagent sessions.

2. Use hooks instead of permission grants

Hooks execute for every tool call regardless of the session. A PreToolUse hook that auto-approves safe patterns works identically for parent and child:

// In settings.json
{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Edit",
        "hooks": [{
          "type": "command",
          "command": "bash ~/.claude/hooks/auto-approve-project-edits.sh"
        }]
      }
    ]
  }
}

3. Avoid runtime permission grants when using subagents

If you know you'll spawn subagents, set everything up in settings.json before starting the session. Runtime grants are ephemeral — they won't survive subagent dispatch.

4. Use worktree isolation

If subagents need to edit files, use isolation: "worktree" in your Agent tool call. Each subagent gets its own git worktree with full write access, avoiding permission conflicts entirely.

The root cause

Claude Code's permission model was designed for single-session use. The Agent tool dispatches child processes that inherit some parent state but not runtime permission grants. This is an architectural limitation that Anthropic will likely need to address at the framework level.

Until then, the safest approach is: if subagents need a permission, declare it in settings.json, not at runtime.

Related resources

Survival Guide — 66 sections covering permission issues and more
Risk Assessment — check if your subagent setup is at risk
cc-guard — one command to install hooks that work for parent and child sessions