Docs: bypassPermissions scoping to cwd is undocumented
Summary
The bypassPermissions permission mode prompts for files outside the current working directory, even when the path is not in a protected directory (.git, .claude, .vscode, etc.). This behavior is not documented.
Expected behavior per docs
The documentation states:
bypassPermissions mode disables permission prompts and safety checks so tool calls execute immediately. Writes to protected paths are the only actions that still prompt.
This implies the only restriction is protected directories — there is no mention of working directory scope.
Actual behavior
With "defaultMode": "bypassPermissions" set in ~/.claude/settings.json, reading a file outside the cwd (e.g. ~/code/mongo-c-driver/README.rst) still produces a permission prompt, even though that path is not a protected directory.
Related
- The
acceptEditsmode docs do explicitly mention working directory scope andadditionalDirectories—bypassPermissionsdocs do not. - Workaround: add frequently accessed directories to
additionalDirectoriesin settings.
Request
Please document whether bypassPermissions is implicitly scoped to the cwd + additionalDirectories, and if so, make that explicit in the permission modes reference.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗