CloudCodeTree LogoCloudCodeTree
HomeResumeAI NewsContactSchedule
CloudCodeTree Logo
CloudCodeTree
← Back to AI News
Claude Code Week 23: Auto Mode on Every Cloud Provider — and a Guardrail Before Touching Your Shell Startup Files

Photo: cottonbro studio / Pexels

Claude Code Week 23: Auto Mode on Every Cloud Provider — and a Guardrail Before Touching Your Shell Startup Files

Chris Harper

2 min read

Jun 18, 2026 · 12:08 UTC

AI
Workflow
Claude Code
Best Practices

TL;DR: One env var enables Claude Code auto mode on Bedrock, Vertex, and Foundry — no permission prompts in CI. Claude also now pauses before writing .zshenv, .npmrc, or .pre-commit-config.yaml, even in acceptEdits mode.

Auto mode on third-party providers (v2.1.158)

Auto mode was Claude.ai-only until Week 23. Now it runs on Opus 4.7 and 4.8 across AWS Bedrock, Google Vertex AI, and Microsoft Foundry:

export CLAUDE_CODE_ENABLE_AUTO_MODE=1
# Then Shift+Tab inside Claude Code to cycle to auto mode
# or set permissionMode: "auto" in managed settings

Auto mode runs a background classifier on every proposed action. Safe actions — reading files, running tests, editing source — proceed without prompts. Risky ones — network calls to new hosts, writing sensitive paths — pause for confirmation. For CI pipelines, this replaces the blunt --dangerously-skip-permissions with an approach that actually maintains a safety boundary.

Protected file writes (v2.1.160)

Even in acceptEdits mode, Claude now prompts before writing:

  • Shell startup files: .zshenv, .bash_login, .bashrc, .profile
  • Git config: ~/.config/git/config
  • Build tool configs: .npmrc, .bazelrc, .pre-commit-config.yaml

These are never auto-approved in any permission mode except bypassPermissions. The reason: a prompt injection that silently rewrites .npmrc can redirect every package install to a malicious registry; one targeting .pre-commit-config.yaml bypasses your commit hooks on every subsequent commit — the SymJack attack pattern. If you need to write these files legitimately, Claude asks once and proceeds.

Also in Week 23: /plugin list --enabled

Run /plugin list --enabled inside a session (or claude plugin list from the shell) to see active plugins inline without opening the plugin menu. Add --disabled to see what's installed but off — handy when debugging unexpected session behavior from a plugin you forgot you had.

Sources: Claude Code Week 23 digest, Auto mode on third-party providers, Protected paths