{"slug": "your-claude-code-may-be-silently-approving-permissions-here-s-how-to-check", "title": "Your Claude Code May Be Silently Approving Permissions — Here's How to Check", "summary": "A bug in Claude Code on Windows 11 causes the first click to focus the window to inadvertently submit pending permission prompts, potentially approving or rejecting actions without user intent. The issue, filed as #76743, affects autonomous sessions and has been labeled by maintainers as a bug in the TUI and permissions layers. Anthropic has not yet released a fix, but users can check their session history for unintended approvals or rejections.", "body_md": "Come back from a coffee break, click on your Claude Code window to resume working, and — without touching the keyboard — you've just approved (or rejected) a permission prompt you never read.\n\nThat's not a hypothetical. That's issue #76743, filed against Claude Code on Windows 11, and the implications for safety are immediate.\n\nWhen Claude Code is running with a **permission prompt pending** and the window does not have focus, the user's first click on the window — intended only to give it focus — lands on the permission dialog and **submits an answer**. Approve, reject, or even \"always allow\" — whichever button was under the cursor when you clicked.\n\nThe reporter describes this happening repeatedly in a long-running orchestration session. Each time they returned to their machine and clicked into the window, the pending permission question was answered by the focus click itself. The session interpreted the resulting rejections as deliberate user \"stop\" commands and paused an autonomous overnight run — multiple times.\n\nA related incident in the same session: with UI latency, rapid clicks and keystrokes applied to a different prompt than the one visible when the input was made. The user typed an answer meant for option 1, which landed as option 2 on a permission prompt.\n\nThe maintainers labeled it `bug`\n\n, `has repro`\n\n, `platform:windows`\n\n, `area:tui`\n\n, and `area:permissions`\n\n— covering both the rendering layer and the authorization layer.\n\nYou're affected if you:\n\nTo reproduce:\n\nCheck your session history for unintended approvals or rejections:\n\n```\n# Look for permission decisions you don't remember making\nclaude log --recent\n```\n\nIf you're running autonomous overnight jobs on Windows, check whether your runs were paused by unexpected \"user stop\" commands.\n\nThere's no official fix yet. The issue was filed on July 11, 2026. Until Anthropic ships a patch, your options are:\n\nThe ideal fix from Anthropic: the first click that gives the window focus should be consumed as focus-only (standard \"click-through suppression\"), never delivered to a button. Alternatively, permission prompts could require an explicit keypress rather than accepting a possibly-accidental pointer click, or debounce input for a short interval after window activation.\n\nThis is a classic **click-through** bug. Windows delivers the click to whatever UI element is under the cursor at the moment of the click — and the permission dialog is rendered as an overlay on Claude Code's TUI. When the window doesn't have focus, the pending dialog is still rendered there, waiting for input. The click that gives the window focus passes through to whatever element is at that coordinate.\n\nStandard Windows UI guidelines recommend consuming the first click after focus activation (WM_ACTIVATE) without passing it to child controls. Claude Code's TUI layer, running in a terminal/ConPTY context, doesn't have access to that native window message handling — it simulates a GUI inside a terminal, so it needs to implement click-through suppression manually.\n\nThe reporter notes that accidental **grants** via focus clicks are the more concerning direction for safety. An \"always allow\" or \"approve\" that you didn't intend could let an agent execute operations you'd normally want to review.\n\n**Q: Does this affect Claude Code on macOS or Linux?**\n\nA: The issue is filed for Windows 11 specifically. The click-through mechanism is related to how Windows delivers mouse events to terminal applications. macOS and Linux have different window management behavior and are not known to be affected.\n\n**Q: Can this accidentally approve dangerous operations?**\n\nA: Yes — that's the safety concern. If a permission prompt for a file-write or network operation is pending, clicking to focus the window could inadvertently approve it. The reporter explicitly flagged accidental grants as \"the more concerning direction for safety.\"\n\n**Q: What if I already had unintended approvals?**\n\nA: Review your Claude Code session logs for unexpected permission decisions. Check whether your agent ran commands you didn't explicitly authorize. If you're concerned about a specific session, the `claude log`\n\ncommand can help you trace what happened.", "url": "https://wpnews.pro/news/your-claude-code-may-be-silently-approving-permissions-here-s-how-to-check", "canonical_source": "https://dev.to/terminalblog/your-claude-code-may-be-silently-approving-permissions-heres-how-to-check-4b4o", "published_at": "2026-07-11 18:51:01+00:00", "updated_at": "2026-07-11 19:14:09.056701+00:00", "lang": "en", "topics": ["ai-safety", "ai-tools", "developer-tools"], "entities": ["Claude Code", "Anthropic", "Windows 11"], "alternates": {"html": "https://wpnews.pro/news/your-claude-code-may-be-silently-approving-permissions-here-s-how-to-check", "markdown": "https://wpnews.pro/news/your-claude-code-may-be-silently-approving-permissions-here-s-how-to-check.md", "text": "https://wpnews.pro/news/your-claude-code-may-be-silently-approving-permissions-here-s-how-to-check.txt", "jsonld": "https://wpnews.pro/news/your-claude-code-may-be-silently-approving-permissions-here-s-how-to-check.jsonld"}}