[DOCS] Permissions docs omit the `find -exec`/`-delete` exception for `Bash(find:*)` allow rules
Documentation Type
Incorrect/outdated documentation
Documentation Location
https://code.claude.com/docs/en/permissions
Section/Topic
The Bash permission rule syntax sections, especially wildcard patterns, allow-rule behavior, and Bash-specific limitations
Current Documentation
The docs currently say:
Bash rules support glob patterns with *. Wildcards can appear at any position in the command.
Checkallowrules (fromallowed_toolsand settings.json). If a rule matches, the tool is approved.
--allowedTools ... Tools that execute without prompting for permission.
No current Claude Code docs page in the mirror explains that Bash(find:*) no longer auto-approves find commands that use -exec or -delete.
What's Wrong or Missing?
Changelog v2.1.113 introduced a security-sensitive exception: Bash(find:*) allow rules no longer auto-approve find -exec or find -delete.
The current docs still describe matching Bash allow rules and --allowedTools entries as straightforward auto-approval, but they do not document this find exception anywhere. That leaves the current guidance outdated for users who rely on Bash permission patterns or SDK/CLI allowed-tools settings and expect Bash(find:*) to behave like other matching prefixes.
Suggested Improvement
Add a short security note to the Bash permission docs explaining that Bash(find:*) does not auto-approve find invocations containing -exec or -delete, even when the rule would otherwise match.
Suggested content:
- Add the exception to
https://code.claude.com/docs/en/permissionsnear the Bash wildcard/limitations guidance - Cross-reference it from
settings,headless,cli-reference, and Agent SDK permissions pages where allow rules orallowedToolsare described as auto-approving matching tool calls - Include a concrete example pair such as
find . -name '*.ts'versusfind . -delete/find . -exec rm {} \;
Impact
Medium - Makes feature difficult to understand
Additional Context
Affected Pages:
| Page | Context |
|------|---------|
| https://code.claude.com/docs/en/permissions | Primary permission-rule reference; explains Bash wildcards and says matching allow rules are approved |
| https://code.claude.com/docs/en/settings | Defines permissions.allow as rules that allow tool use and points readers to permission-rule syntax |
| https://code.claude.com/docs/en/headless | Says --allowedTools lets Claude use tools without prompting |
| https://code.claude.com/docs/en/cli-reference | Says --allowedTools tools execute without prompting for permission |
| https://code.claude.com/docs/en/agent-sdk/permissions | Says allow rules approve matching tool calls in the SDK permission flow |
| https://code.claude.com/docs/en/agent-sdk/python | Describes allowed_tools as auto-approving listed tools without prompting |
| https://code.claude.com/docs/en/agent-sdk/typescript | Describes allowedTools as auto-approving listed tools without prompting |
| https://code.claude.com/docs/en/agent-sdk/quickstart | Introduces allowedTools as a way to pre-approve tools |
| https://code.claude.com/docs/en/agent-sdk/agent-loop | Describes allowed_tools / allowedTools as auto-approving listed tools |
| https://code.claude.com/docs/en/skills | Says the allowed-tools field lets Claude use listed tools without prompting |
| https://code.claude.com/docs/en/slash-commands | Repeats the same allowed-tools auto-approval behavior for slash-command frontmatter |
Total scope: 11 pages affected
Source: Changelog v2.1.113
Exact changelog entry: Security: Bash(find:*) allow rules no longer auto-approve find -exec/-delete
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗