Skip to main content
The Trusted Folders feature provides workspace-level security by controlling whether Qwen Code trusts a project directory for executing code and loading project-specific configuration.

Overview

When enabled, Trusted Folders prevents Qwen Code from:
  • Executing tools that require user approval (shell, edit, write_file) in untrusted folders
  • Loading project-level .env files from untrusted folders
  • Using aggressive approval modes (YOLO, auto-edit) in untrusted folders
This protects you from accidentally running code in unknown or potentially malicious projects.

Enabling Folder Trust

Folder trust is disabled by default. Enable it in your user settings:
~/.qwen/settings.json
{
  "security": {
    "folderTrust": {
      "enabled": true
    }
  }
}
Once enabled, all folders are untrusted by default. You’ll need to explicitly trust each workspace.

Trust Levels

Qwen Code supports three trust levels:
TRUST_FOLDER
TrustLevel
Trust this specific folder only.Example: Trust ~/projects/my-app but not its parent directory.
TRUST_PARENT
TrustLevel
Trust the parent directory, making all sibling and child folders trusted.Example: Trust ~/projects so all projects within it are automatically trusted.
DO_NOT_TRUST
TrustLevel
Explicitly mark a folder as untrusted, overriding parent trust.Example: Untrust ~/projects/suspicious-repo even though ~/projects is trusted.

Configuration File

Trust rules are stored in ~/.qwen/trustedFolders.json:
~/.qwen/trustedFolders.json
{
  "/Users/username/projects": "TRUST_PARENT",
  "/Users/username/work/client-a": "TRUST_FOLDER",
  "/Users/username/downloads/random-repo": "DO_NOT_TRUST"
}

File Location

  • Default: ~/.qwen/trustedFolders.json
  • Override via environment variable: 
    export QWEN_CODE_TRUSTED_FOLDERS_PATH=/custom/path/trustedFolders.json

Managing Trust

Via Interactive Prompt

When you open an untrusted folder, Qwen Code will prompt you: 
This folder is not trusted.

Do you trust the authors of the files in this folder?

> Trust Folder
  Trust Parent Folder
  Do Not Trust
  Cancel
Select your choice to update the trust configuration.

Manually Editing trustedFolders.json

You can directly edit ~/.qwen/trustedFolders.json: 
{
  "/home/user/projects": "TRUST_PARENT",
  "/home/user/work/safe-repo": "TRUST_FOLDER",
  "/home/user/Downloads/untrusted-code": "DO_NOT_TRUST"
}
Tips:
  • Use absolute paths
  • Paths are case-sensitive
  • Use forward slashes (/) on all platforms
  • On Windows, use: C:/Users/username/projects (not backslashes)

Via IDE Integration

When using Qwen Code through VS Code, Zed, or JetBrains IDEs, trust status is inherited from the IDE’s workspace trust feature.

Trust Rules Evaluation

Qwen Code evaluates trust using the following logic:
  1. IDE Trust (highest priority): If running in an IDE that provides workspace trust, use that value.
  2. Explicit DO_NOT_TRUST: If the exact path is marked DO_NOT_TRUST, the folder is untrusted.
  3. TRUST_FOLDER: If the exact path is marked TRUST_FOLDER, the folder is trusted.
  4. TRUST_PARENT: If any parent directory is marked TRUST_PARENT, the folder is trusted.
  5. No matching rule: If no rule matches, the folder is untrusted (when trust is enabled).

Example Evaluation

Given this configuration: 
{
  "/home/user/projects": "TRUST_PARENT",
  "/home/user/projects/suspicious": "DO_NOT_TRUST"
}
Results:
  • /home/user/projects/my-appTrusted (parent is trusted)
  • /home/user/projects/another-appTrusted (parent is trusted)
  • /home/user/projects/suspiciousUntrusted (explicitly marked)
  • /home/user/Downloads/randomUntrusted (no matching rule)

Behavior in Untrusted Folders

Approval Mode Override

In untrusted folders, approval mode is forced to default (prompt before execution): 
# Even with --yolo, will use default mode in untrusted folder
qwen --yolo
# Output: Approval mode overridden to "default" because the current folder is not trusted.

Tool Execution

Tools requiring approval will always prompt:
  • bash / run_shell_command - Always requires approval
  • edit - Always requires approval
  • write_file - Always requires approval
Read-only tools work normally:
  • read - Works without approval
  • glob - Works without approval
  • grep - Works without approval
  • ls - Works without approval

Environment Variables

Project-level .env files are not loaded in untrusted folders:
  • .qwen/.env in project - Not loaded
  • .env in project - Not loaded
  • ~/.qwen/.env (user-level) - Always loaded
  • ~/.env (home directory) - Always loaded

Workspace Settings

Project-level settings are ignored in untrusted folders:
  • .qwen/settings.json in project - Ignored
  • ~/.qwen/settings.json (user-level) - Always applied

Use Cases

Trust All Personal Projects

{
  "/Users/username/projects": "TRUST_PARENT"
}
All folders under ~/projects are trusted.

Trust Specific Work Projects

{
  "/Users/username/work/project-a": "TRUST_FOLDER",
  "/Users/username/work/project-b": "TRUST_FOLDER"
}
Only specific projects are trusted.

Trust Everything Except Downloads

{
  "/Users/username": "TRUST_PARENT",
  "/Users/username/Downloads": "DO_NOT_TRUST"
}
Home directory is trusted, but Downloads folder is explicitly untrusted.

Trust Per-Organization

{
  "/Users/username/company-a": "TRUST_PARENT",
  "/Users/username/company-b": "TRUST_PARENT",
  "/Users/username/oss-projects": "TRUST_PARENT"
}
Organize projects by company/purpose and trust at that level.

Security Best Practices

  1. Enable folder trust if you work with code from unknown sources.
  2. Use TRUST_PARENT for directories where you manage all projects: 
    {
  "~/my-projects": "TRUST_PARENT"
}
  3. Use DO_NOT_TRUST for directories where you clone external code: 
    {
  "~/Downloads": "DO_NOT_TRUST",
  "~/external-repos": "DO_NOT_TRUST"
}
  4. Review trust before using YOLO mode - Check if the folder is trusted before enabling auto-approval.
  5. Combine with .qwenignore - Use .qwenignore to prevent Qwen Code from reading sensitive files even in trusted folders.

Checking Trust Status

You can check if the current folder is trusted by attempting a privileged operation. Qwen Code will indicate if the folder is untrusted: 
cd ~/Downloads/unknown-repo
qwen --yolo  # Will show override message if untrusted
Or check programmatically by inspecting the trust configuration.

Disabling Folder Trust

To disable folder trust:
~/.qwen/settings.json
{
  "security": {
    "folderTrust": {
      "enabled": false
    }
  }
}
When disabled:
  • All folders are treated as trusted
  • trustedFolders.json is ignored
  • Project .env files are loaded from all directories
  • Approval mode settings work as configured

IDE Integration

VS Code

Qwen Code respects VS Code’s workspace trust:
  • If the workspace is trusted in VS Code, Qwen Code trusts it
  • If the workspace is untrusted in VS Code, Qwen Code does not trust it
  • IDE trust takes precedence over trustedFolders.json

Zed

Similar to VS Code, Qwen Code inherits trust status from Zed’s workspace trust.

JetBrains IDEs

Qwen Code inherits trust status from JetBrains’ trusted projects feature.

Troubleshooting

Folder Not Trusted Despite Configuration

  1. Check the path in trustedFolders.json is absolute and correct: 
    pwd  # Get current directory
  2. Ensure paths use forward slashes: 
    // Correct
"/Users/username/projects": "TRUST_PARENT"

// Incorrect on Windows
"C:\\Users\\username\\projects": "TRUST_PARENT"
  3. Verify JSON syntax is valid: 
    cat ~/.qwen/trustedFolders.json | jq

Can’t Load Project .env

If project .env files aren’t loading:
  1. Check if folder trust is enabled
  2. Verify the folder is trusted
  3. Move sensitive keys to ~/.qwen/.env (always loaded)

Tools Always Require Approval

In untrusted folders, tools will always require approval. Either:
  1. Trust the folder in trustedFolders.json
  2. Use --approval-mode default explicitly
  3. Work with read-only tools that don’t require approval

See Also