Tools & Permissions

TL;DR

Claude Code uses built-in tools (Read, Edit, Bash, Grep, etc.) to interact with your codebase. A permission system lets you control which tools run automatically and which ask for approval.

How Tools & Permissions Work Together

Every time Claude wants to do something in your project, it goes through this flow. The permission system is the gatekeeper.

1
Claude decides to use a tool
e.g., Edit, Bash, Read
2
Permission check
Is this tool allowed?
Auto-allowed
Runs immediately
?
Needs approval
Asks you first
Denied
Blocked entirely
3
Tool executes
Result returned to Claude
Explain Like I'm 12
Claude Code has a toolbox — reading files, editing code, running commands. But it always asks you first before doing anything risky. You can tell it "always allow reading files" but "always ask before deleting things". You're in control.

What are Tools?

Tools are the actions Claude Code can take in your project. Without tools, Claude would just be a chatbot — it could talk about your code, but it couldn't actually touch it. Tools give Claude hands.

When you ask Claude to "fix the bug in auth.js", it doesn't just guess at a solution. It uses the Read tool to look at the file, the Grep tool to search for related code, the Edit tool to make changes, and maybe the Bash tool to run your tests. Each of these is a separate tool call that Claude decides to make.

Here are the key tools Claude Code has access to:

Tool What It Does
Read Reads the contents of a file. This is how Claude looks at your code.
Edit Makes targeted edits to a file — inserts, replaces, or removes lines.
Write Creates a new file or completely overwrites an existing one.
Bash Runs shell commands in your terminal. Tests, builds, git — anything you'd type yourself.
Grep Searches file contents for patterns. Like grep but optimized for Claude.
Glob Finds files by name patterns. Useful for locating files across your project.
Agent Spawns a sub-agent for complex multi-step tasks. Think of it as Claude delegating work.
WebFetch Fetches content from a URL. Handy for pulling docs or API references.

Each tool is designed for a specific job. Claude picks the right tool for the task at hand, just like you'd pick a screwdriver instead of a hammer when tightening a screw.

The Permission System

Here's the thing about giving an AI tools: you want it to be helpful, but you also want to stay in control. That's what the permission system is for. It's the layer between "Claude wants to do something" and "Claude actually does it."

There are three permission modes:

Auto-allow — The tool runs immediately without asking. Best for safe, read-only operations like reading files or searching code.

Ask — Claude pauses and shows you what it wants to do. You approve or reject. This is the default for most tools.

Deny — The tool is completely blocked. Claude can't use it, period. Useful for locking down sensitive operations.

You configure these in your settings file. Here's what a typical configuration looks like:

{
  "permissions": {
    "Read": "auto-allow",
    "Grep": "auto-allow",
    "Glob": "auto-allow",
    "Edit": "ask",
    "Write": "ask",
    "Bash": "ask",
    "WebFetch": "deny"
  }
}

This setup lets Claude freely read and search your code (fast and safe), but it has to ask before making any changes or running commands. And it can't fetch anything from the web at all.

Permission Levels

Let's break down the defaults and reasoning for each tool. Understanding this table is the key to configuring Claude Code for your workflow.

Tool Default Permission Why
Read Ask Safe — only reads, never modifies. Good candidate for auto-allow.
Edit Ask Modifies files. You probably want to review changes before they happen.
Write Ask Creates or overwrites files. Needs your attention.
Bash Ask Can run any shell command. Always review these carefully.
Grep Ask Read-only search. Safe to auto-allow.
Glob Ask Read-only file listing. Safe to auto-allow.
Agent Ask Spawns sub-tasks. Review what it plans to do.
WebFetch Ask Makes network requests. Consider your security needs.

Notice the defaults are all "Ask" — Claude Code ships conservative on purpose. You loosen things up as you get comfortable.

For CI/CD pipelines and automated environments, you can restrict tools even further using the --allowedTools flag:

claude --allowedTools "Read,Grep,Glob,Edit" --task "Fix lint errors"

This tells Claude it can only use those four tools. Everything else is off the table. It's like giving someone a toolbox with only the tools they need for the specific job.

Best Practices

Auto-allow safe tools. Read, Grep, and Glob are read-only. They can't break anything. Auto-allowing them makes Claude much faster because it doesn't have to pause and wait for your approval just to look at a file.

Always review Bash commands. The Bash tool can run anything your terminal can. That includes rm -rf, git push --force, and other commands you'd want to think twice about. Keep it on "Ask" mode.

Use --allowedTools for CI. In automated pipelines, you don't have a human to approve things. Restrict the tool set to exactly what the task needs. No more, no less.

Start strict, loosen over time. Begin with everything on "Ask". As you see which tools Claude uses responsibly, promote them to "Auto-allow". This builds trust incrementally.

Never auto-allow destructive operations in production environments. Tools like Bash and Write can modify or delete data. In production, always require explicit approval. A few extra seconds of review can save you from a very bad day.

Test Yourself

Q: Name 3 tools Claude Code can use.

Read, Edit, Bash, Grep, Glob, Write, Agent, WebFetch (any 3 count).

Q: What are the 3 permission modes?

Auto-allow, Ask, and Deny.

Q: Which tools are safe to auto-allow?

Read-only tools like Read, Grep, and Glob. They can't modify anything, so they're safe to let run without approval.

Q: How do you restrict tools in CI?

Use the --allowedTools flag. For example: claude --allowedTools "Read,Grep,Edit" --task "Fix lint errors"