How to use Allowed Tools in Claude Code

Written by [object Object]

By Kevin Kern

May 29, 2025
2 min read

Claude Code has built in a command called /allowedTools which serves as a safeguard. It ensures that Claude operates within the boundaries you set.

That means you can explicit set permission for certain commands.

Like for example only allow to read files ReadFile or run only ls or cat and not rm bash commands.

This prevents Claude todo unintended or potential harmful operations

You can decide between ALLOWEDand DENIEDin Claude Code.

How a rule looks

โ†’ ToolName : permit every action
โ†’ ToolName(*) : permit any argument
โ†’ ToolName(filter) : permit matching calls only

Deny rules sit on top of allow rules. Claude walks the list from first to last.

Here are some example Rules you can get inspired

๐Ÿ”ง File actions

โ†’ Edit : change files
โ†’ ReadFile:* : read any file
โ†’ WriteFile(src/*) : write inside src/
โ†’ DeleteFile:* : remove files

๐Ÿ’ป Shell/Terminal

โ†’ Bash:* : every shell command (risky)
โ†’ Bash(ls *) : just ls
โ†’ Bash(git commit:*) : commit with any message
โ†’ Bash(npm install) : install packages

๐Ÿ“ฆ Package managers

โ†’ NPM:* : any npm call
โ†’ Pip:* : any pip call
โ†’ Cargo:* : any cargo call

๐Ÿงช Tests

โ†’ Vitest:* : run vitest
โ†’ Jest:* : run jest
โ†’ Pytest:* : run pytest

๐Ÿ’พ Version control

โ†’ Git:* : every git command
โ†’ Git(git commit:*) : commit only
โ†’ Git(git push) : push only

๐ŸŒ Network

โ†’ Curl:* : any curl call
โ†’ HTTP(GET https://api.example.com/*) : GET that API

Ways I set the list

โ†’ Interactive prompt : click Always allow when Claude asks
โ†’ Chat command : /allowed-tools add Edit
โ†’ Config file : .claude/settings.json for a repo or ~/.claude.json for every project
โ†’ CLI flag : claude --allowedTools Edit for a throw-away session

Example

Store your Tools Permissions in Claudes settings.json file:

  • User settings are defined in ~/.claude/settings.json applies to all projects.

  • Project settings are created inside your project directory .claude/settings.json

    If you want to narrow it to only local project settings then use .claude/settings.local.json (Claude Code configure git to ignore this file when created)

  • Enterprise settings are available too (See docs)

Setting up a clear allowed-tools list in Claude Code gives you safety when using Claude for Code Generation.

This helps avoid surprises, especially when it comes to shell commands or file edits.

https://docs.anthropic.com/en/docs/claude-code/settings#permissions

https://www.anthropic.com/engineering/claude-code-best-practices

Table of Contents

  1. How a rule looks
  2. Here are some example Rules you can get inspired
  3. Ways I set the list
  4. Example
  5. Links