Trusted folders give you control over which projects can be used with Bob Shell. You must approve a folder before Bob Shell loads any project-specific configurations, protecting you from potentially malicious code.

When you run Bob Shell from a folder for the first time, a trust dialog appears automatically, prompting you to make a choice:

• Trust folder: Grant full trust to the current folder (for example, my-project)
• Trust parent folder: Grant trust to the parent directory (for example, safe-projects), which automatically trusts all of its subdirectories. Use this option if you keep all your safe projects in one location
• Don't trust: Mark the folder as untrusted. Bob Shell operates in a restricted safe mode

Your choice is saved in ~/.bob/trustedFolders.json, so you are only asked once per folder.

When a folder is untrusted, Bob Shell runs in restricted safe mode to protect you. Safe mode disables the following features:

The .bob/settings.json file from the project is not loaded. Safe mode prevents loading of custom tools and other potentially dangerous configurations.

Any .env files from the project are not loaded.

You cannot install, update, or uninstall extensions.

You are always prompted before any tool runs, even if you have auto-approval enabled globally.

Files are not automatically loaded into context from directories specified in local settings.

Bob Shell will not attempt to connect to any MCP servers.

Custom commands from .toml files are not loaded, including both project-specific and global user commands.

Granting trust to a folder unlocks the full functionality of Bob Shell for that workspace.

You can change trust decisions or view all your settings using these methods:

Run the /permissions slash command from within Bob Shell. The interactive dialog appears, allowing you to change the trust level for the current folder.

To see a complete list of all your trusted and untrusted folder rules, inspect the contents of the ~/.bob/trustedFolders.json file in your home directory.

Bob Shell determines trust using the following order of operations:

1. IDE trust signal: If you are using the IDE integration, Bob Shell first asks the IDE if the workspace is trusted. The IDE's response takes highest priority.

2. Local trust file: If the IDE is not connected, Bob Shell checks the ~/.bob/trustedFolders.json file.

Unlike interactive mode, non-interactive sessions never display the trust dialog. Bob Shell operates silently based on pre-existing trust decisions.

In non-interactive sessions, trust decisions are determined automatically in this order:

1. IDE trust signal: If connected to an IDE companion, the IDE's trust status is used
2. Local trust file: Bob Shell checks ~/.bob/trustedFolders.json for existing trust decisions
3. Default behavior: If no trust decision exists, the folder is treated as trusted

When a folder is untrusted in non-interactive mode, additional restrictions apply beyond those listed in "Impact of untrusted folders":

• Approval mode forced to default: Any --yolo or --approval-mode flags are overridden to prevent auto-approval. Bob Shell is limited to a set of tools that don't require approval (such as reading files or folders)

For secure automation and CI/CD pipelines, establish trust decisions before running non-interactive commands:

1. Run an interactive session first to set trust preferences via the dialog.
2. Manually configure ~/.bob/trustedFolders.json.

Since non-interactive mode defaults to trusted for folders without explicit decisions, pre-configuring trust is essential for security-sensitive environments.

• Trust only folders containing code you have reviewed or created yourself
• Use the "Trust parent folder" option for directories containing multiple safe projects
• Regularly review your trusted folders list in ~/.bob/trustedFolders.json
• When working with unfamiliar code, start in untrusted mode to understand the project before granting trust