Claude Code Auto-Mode Config: Classify Every Shell Command and Audit Your Rules

TL;DR: Claude Code 2.1.193's autoMode.classifyAllShell: true routes every shell command through the safety classifier — pair it with autoMode.environment to avoid false positives, then run claude auto-mode critique to catch ambiguous rules before they block routine work.

Auto-mode's classifier previously focused on shell commands that matched arbitrary-code-execution patterns. With classifyAllShell: true, every Bash and PowerShell command goes through the classifier — catching edge cases like curl requests or file writes that didn't look like "arbitrary code" but could still be destructive.

Three settings to configure together

1. Enable full-shell classification

{
  "autoMode": {
    "classifyAllShell": true
  }
}

Set this in ~/.claude/settings.json (personal) or in managed settings (org-wide). It takes effect immediately.

2. Tell the classifier what's trusted (or it will block routine work)

The classifier blocks anything "outside your environment" by default. Without context, your org's GitHub repos, internal S3 buckets, and CI endpoints look like external exfiltration targets. Fix this with autoMode.environment:

{
  "autoMode": {
    "classifyAllShell": true,
    "environment": [
      "$defaults",
      "Source control: github.com/acme-corp and all repos under it",
      "Trusted cloud buckets: s3://acme-build-artifacts, s3://acme-logs",
      "Trusted internal domains: *.corp.acme.com, api.internal.acme.com",
      "Key internal services: Jenkins at ci.acme.com, Artifactory at artifacts.acme.com"
    ]
  }
}

The "$defaults" entry keeps the built-in trust list (your current working repo and configured remotes). Entries are prose — write them the way you'd describe infrastructure to a new engineer; the classifier reads them as natural-language rules.

3. Inspect and audit your config

claude auto-mode defaults   # print the built-in allow/deny/environment rules
claude auto-mode config     # show effective config with $defaults expanded
claude auto-mode critique   # get AI feedback on your custom rules

claude auto-mode critique is the standout: it reviews your custom allow, soft_deny, and hard_deny entries and flags rules that are ambiguous, redundant, or likely to cause false positives. Run it after every config change — it catches subtle gaps like "never run migrations outside the migrations CLI" (correct) vs. "never run migrations" (also blocks list-migrations).

Rollout pattern

1. Add environment entries for your source-control org and key internal services — this resolves the most common false positives.
2. Enable classifyAllShell: true.
3. Run claude auto-mode config to verify the effective rules.
4. Run claude auto-mode critique to check your custom rules for gaps.
5. Add allow exceptions for patterns the classifier repeatedly flags but your team knows are safe.

One caution: omitting "$defaults" from any override array replaces the entire default list for that section. A soft_deny without "$defaults" discards built-in protection for force push and curl | bash. Always include "$defaults" unless you intend to own the full list.

Sources: Claude Code changelog | Auto-mode config reference