[DOCS] Permission mode docs do not define the safe env-var allowlist for Bash auto-approval
Documentation Type
Unclear/confusing documentation
Documentation Location
https://code.claude.com/docs/en/permission-modes
Section/Topic
acceptEdits mode auto-approval rules for Bash commands with environment-variable prefixes
Current Documentation
The docs currently say:
acceptEditsmode lets Claude create and edit files in your working directory without prompting. In addition to file edits,acceptEditsmode auto-approves common filesystem Bash commands:mkdir,touch,rm,rmdir,mv,cp, andsed. These commands are also auto-approved when prefixed with safe environment variables such asLANG=CorNO_COLOR=1, or process wrappers such astimeout,nice, ornohup. Like file edits, auto-approval applies only to paths inside your working directory oradditionalDirectories. Paths outside that scope, writes to protected paths, and all other Bash commands still prompt.
What's Wrong or Missing?
A. The safe-env-var boundary is not defined
The page gives examples of "safe environment variables" but never says whether that set is fixed, which variable names are treated as safe, or that bare assignments to other environment variables should still require a permission prompt.
B. That missing boundary makes permission behavior hard to predict
Readers can reasonably infer from "such as LANG=C or NO_COLOR=1" that other NAME=value <filesystem command> prefixes may also be auto-approved. For security-sensitive permission behavior, the docs should state the rule explicitly instead of leaving it implicit.
Suggested Improvement
Update the acceptEdits section to make the rule explicit.
Before:
These commands are also auto-approved when prefixed with safe environment variables such asLANG=CorNO_COLOR=1...
After:
These commands are auto-approved only when the prefix uses Claude Code's built-in safe environment-variable allowlist (for exampleLANG,TZ, andNO_COLOR). Bare assignments to other environment variables still require a permission prompt.
If the allowlist is intentionally implementation-defined, add a short note that only a small built-in allowlist is exempt and that arbitrary env-var prefixes are not.
Impact
Medium - Makes feature difficult to understand
Additional Context
Affected Pages:
| Page | Line(s) | Context |
|------|---------|---------|
| https://code.claude.com/docs/en/permission-modes | 107-110 | acceptEdits auto-approval examples mention safe env vars but not the fixed boundary |
| https://code.claude.com/docs/en/permissions | 141-147 | Bash no-prompt behavior is described here, but there is no cross-reference explaining which env-var prefixes are actually safe |
Total scope: 2 pages affected
Version context: Clarify this permission boundary for v2.1.145 behavior and later so users can predict when Bash commands with env-var prefixes should still prompt.
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗