The pass behavior is really the expected behavior. With pass you will/can still get the app-layer EVE json log entries so you still have some idea of what activity is occuring in the flow. If you do not wish to do any inspection of the flow past a point, bypass would be the keyword to use.
I don’t really have any recommendations since everyone has different priorities regarding threats and what they consider to be a threat for their environment and assets they are protecting in that environment.
I definitely agree on the doc update, I will make a note to see what we can do there.
JT