[DOCS] Permissions docs omit the `find -exec`/`-delete` exception for `Bash(find:*)` allow rules

Resolved 💬 2 comments Opened Apr 17, 2026 by coygeek Closed May 10, 2026

Documentation Type

Incorrect/outdated documentation

Documentation Location

https://code.claude.com/docs/en/permissions

Section/Topic

The Bash permission rule syntax sections, especially wildcard patterns, allow-rule behavior, and Bash-specific limitations

Current Documentation

The docs currently say:

Bash rules support glob patterns with *. Wildcards can appear at any position in the command.
Check allow rules (from allowed_tools and settings.json). If a rule matches, the tool is approved.
--allowedTools ... Tools that execute without prompting for permission.

No current Claude Code docs page in the mirror explains that Bash(find:*) no longer auto-approves find commands that use -exec or -delete.

What's Wrong or Missing?

Changelog v2.1.113 introduced a security-sensitive exception: Bash(find:*) allow rules no longer auto-approve find -exec or find -delete.

The current docs still describe matching Bash allow rules and --allowedTools entries as straightforward auto-approval, but they do not document this find exception anywhere. That leaves the current guidance outdated for users who rely on Bash permission patterns or SDK/CLI allowed-tools settings and expect Bash(find:*) to behave like other matching prefixes.

Suggested Improvement

Add a short security note to the Bash permission docs explaining that Bash(find:*) does not auto-approve find invocations containing -exec or -delete, even when the rule would otherwise match.

Suggested content:

  • Add the exception to https://code.claude.com/docs/en/permissions near the Bash wildcard/limitations guidance
  • Cross-reference it from settings, headless, cli-reference, and Agent SDK permissions pages where allow rules or allowedTools are described as auto-approving matching tool calls
  • Include a concrete example pair such as find . -name '*.ts' versus find . -delete / find . -exec rm {} \;

Impact

Medium - Makes feature difficult to understand

Additional Context

Affected Pages:

| Page | Context |
|------|---------|
| https://code.claude.com/docs/en/permissions | Primary permission-rule reference; explains Bash wildcards and says matching allow rules are approved |
| https://code.claude.com/docs/en/settings | Defines permissions.allow as rules that allow tool use and points readers to permission-rule syntax |
| https://code.claude.com/docs/en/headless | Says --allowedTools lets Claude use tools without prompting |
| https://code.claude.com/docs/en/cli-reference | Says --allowedTools tools execute without prompting for permission |
| https://code.claude.com/docs/en/agent-sdk/permissions | Says allow rules approve matching tool calls in the SDK permission flow |
| https://code.claude.com/docs/en/agent-sdk/python | Describes allowed_tools as auto-approving listed tools without prompting |
| https://code.claude.com/docs/en/agent-sdk/typescript | Describes allowedTools as auto-approving listed tools without prompting |
| https://code.claude.com/docs/en/agent-sdk/quickstart | Introduces allowedTools as a way to pre-approve tools |
| https://code.claude.com/docs/en/agent-sdk/agent-loop | Describes allowed_tools / allowedTools as auto-approving listed tools |
| https://code.claude.com/docs/en/skills | Says the allowed-tools field lets Claude use listed tools without prompting |
| https://code.claude.com/docs/en/slash-commands | Repeats the same allowed-tools auto-approval behavior for slash-command frontmatter |

Total scope: 11 pages affected

Source: Changelog v2.1.113

Exact changelog entry: Security: Bash(find:*) allow rules no longer auto-approve find -exec/-delete

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗