agent-tools

Reference for configuring tool permissions when launching Claude Code agents. Use when setting up --allowedTools flags, restricting file access, or configuring agent permissions.

9 stars

Best use case

agent-tools is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Reference for configuring tool permissions when launching Claude Code agents. Use when setting up --allowedTools flags, restricting file access, or configuring agent permissions.

Teams using agent-tools should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/agent-tools/SKILL.md --create-dirs "https://raw.githubusercontent.com/jpoutrin/product-forge/main/plugins/product-design/skills/agent-tools/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/agent-tools/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How agent-tools Compares

Feature / Agentagent-toolsStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Reference for configuring tool permissions when launching Claude Code agents. Use when setting up --allowedTools flags, restricting file access, or configuring agent permissions.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

Related Guides

SKILL.md Source

# Claude Code Tools Reference

Configure tool permissions when launching parallel Claude Code agents.

## Available Tools

| Tool | Description | Use Case |
|------|-------------|----------|
| `Read` | Read files | Always needed for context |
| `Write` | Create new files | Creating new code files |
| `Edit` | Modify existing files | Updating existing code |
| `Bash` | Execute shell commands | Running tests, builds, git |
| `Glob` | Find files by pattern | File discovery |
| `Grep` | Search file contents | Code search |
| `WebFetch` | Fetch web content | Documentation lookup |
| `WebSearch` | Search the web | Research |
| `TodoWrite` | Manage task lists | Progress tracking |
| `Task` | Launch sub-agents | Delegation |
| `NotebookEdit` | Edit Jupyter notebooks | Data science |
| `mcp__<server>` | MCP server tools | External integrations |

## CLI Syntax

Each tool is a separate quoted argument:

```bash
claude --allowedTools "Tool1" "Tool2" "Tool3(...)" --print "prompt"
```

Example with multiple tools:

```bash
claude --allowedTools "Read" "Edit" "Bash(pytest:*)" --print "implement feature"
```

## Path-Specific Restrictions

Restrict file operations to specific directories using gitignore-style patterns.

### Path Pattern Syntax

| Pattern | Meaning | Example |
|---------|---------|---------|
| `//path` | Absolute filesystem path | `Edit(//Users/alice/src/**)` |
| `~/path` | Home directory relative | `Read(~/.zshrc)` |
| `/path` | Relative to settings file | `Edit(/src/**/*.ts)` |
| `path` | Relative to current directory | `Read(src/**)` |

### Examples

```bash
# Allow editing only in src/ directory
claude --allowedTools "Edit(/src/**)" --print "..."

# Allow editing TypeScript files only
claude --allowedTools "Edit(/src/**/*.ts)" --print "..."

# Multiple path restrictions
claude --allowedTools "Read" "Edit(/apps/users/**)" "Edit(/tests/**)" --print "..."

# Absolute path restriction
claude --allowedTools "Edit(//tmp/scratch.txt)" --print "..."
```

## Bash Command Restrictions

Restrict which shell commands can be executed using prefix matching.

### Syntax

```bash
Bash(command:*)
```

The `:*` wildcard only works at the **END** of patterns (prefix matching).

### Pattern Examples

| Pattern | Matches | Does NOT Match |
|---------|---------|----------------|
| `Bash(pytest:*)` | `pytest`, `pytest apps/` | `python -m pytest` |
| `Bash(npm run test:*)` | `npm run test`, `npm run test:unit` | `npm run build` |
| `Bash(git log:*)` | `git log --oneline` | `git commit` |
| `Bash(git status:*)` | `git status` | `git push` |
| `Bash(mypy:*)` | `mypy apps/` | `python -m mypy` |
| `Bash(ruff:*)` | `ruff check .` | `python -m ruff` |

### Example

```bash
claude --allowedTools "Bash(pytest:*)" "Bash(mypy:*)" "Bash(ruff:*)" "Read" --print "run tests"
```

### Security Note

Claude Code prevents bypass via shell operators (`&&`, `;`, `||`). Be aware:
- Different invocations may bypass patterns (`python -m pytest` vs `pytest`)
- For URL restrictions, prefer `WebFetch(domain:...)` over `Bash(curl:*)`

## WebFetch Domain Restrictions

Restrict web fetches to specific domains:

```bash
claude --allowedTools "WebFetch(domain:github.com)" "WebFetch(domain:docs.python.org)" --print "..."
```

## MCP Tool Restrictions

### Allow All Tools from a Server

```bash
claude --allowedTools "mcp__puppeteer" --print "..."
```

### Allow Specific Tool Only

```bash
claude --allowedTools "mcp__puppeteer__puppeteer_navigate" --print "..."
```

**Note:** MCP permissions do NOT support wildcards (`*`).

## Recommended Configurations

### By Task Type

| Task Type | Recommended `--allowedTools` |
|-----------|------------------------------|
| **Implementation** | `"Read" "Write" "Edit(/apps/myapp/**)" "Bash(pytest:*)" "Bash(mypy:*)" "Glob" "Grep"` |
| **Code Review** | `"Read" "Glob" "Grep"` (read-only) |
| **Testing Only** | `"Read" "Bash(pytest:*)" "Bash(npm test:*)"` |
| **Documentation** | `"Read" "Write(/docs/**)" "Edit(/docs/**)" "WebFetch"` |
| **Full Access** | `--dangerously-skip-permissions` |

### For Parallel Development

When using git worktrees for isolation, `--dangerously-skip-permissions` is safe:
- Each agent runs in an isolated worktree
- Agents can only affect files in their workspace
- Main branch remains protected until explicit merge

```bash
# Safe in isolated worktree
claude --dangerously-skip-permissions --print "$(cat prompts/task-001.txt)"
```

### For Granular Control

When agents share a workspace, use path-scoped permissions:

```bash
claude \
  --allowedTools \
    "Read" \
    "Write(/apps/users/**)" \
    "Edit(/apps/users/**)" \
    "Bash(pytest apps/users/:*)" \
    "Bash(mypy apps/users/:*)" \
    "Glob" \
    "Grep" \
  --print "$(cat prompts/task-001.txt)"
```

## Complete Examples

### Django App Implementation Agent

```bash
claude \
  --allowedTools \
    "Read" \
    "Write(/apps/orders/**)" \
    "Edit(/apps/orders/**)" \
    "Bash(pytest apps/orders/:*)" \
    "Bash(mypy apps/orders/:*)" \
    "Bash(ruff check apps/orders/:*)" \
    "Glob" \
    "Grep" \
  --print "Implement order management per task-004 spec"
```

### React Component Agent

```bash
claude \
  --allowedTools \
    "Read" \
    "Write(/src/components/Dashboard/**)" \
    "Edit(/src/components/Dashboard/**)" \
    "Bash(npm run test:*)" \
    "Bash(npm run lint:*)" \
    "Glob" \
    "Grep" \
  --print "Implement Dashboard components per task-003 spec"
```

### Read-Only Analysis Agent

```bash
claude \
  --allowedTools \
    "Read" \
    "Glob" \
    "Grep" \
    "WebFetch(domain:docs.python.org)" \
  --print "Analyze codebase and suggest improvements"
```

## Quick Reference

| Restriction Type | Syntax |
|-----------------|--------|
| Allow tool everywhere | `"Edit"` |
| Restrict to directory | `"Edit(/src/**)"` |
| Restrict to file type | `"Edit(/src/**/*.ts)"` |
| Restrict bash command | `"Bash(pytest:*)"` |
| Restrict web domain | `"WebFetch(domain:github.com)"` |
| Allow MCP server | `"mcp__puppeteer"` |
| Allow specific MCP tool | `"mcp__puppeteer__puppeteer_navigate"` |
| Skip all permissions | `--dangerously-skip-permissions` |

## Common Patterns

### Task-Scoped Permissions

Match permissions to task boundaries:

```bash
# Task owns apps/users/
--allowedTools "Edit(/apps/users/**)" "Write(/apps/users/**)"

# Task owns apps/orders/
--allowedTools "Edit(/apps/orders/**)" "Write(/apps/orders/**)"
```

### Test Commands Only

```bash
--allowedTools "Read" "Bash(pytest:*)" "Bash(npm test:*)" "Bash(go test:*)"
```

### Documentation Writer

```bash
--allowedTools "Read" "Write(/docs/**)" "Edit(/docs/**)" "WebFetch" "WebSearch"
```

### Infrastructure Agent

```bash
--allowedTools "Read" "Edit(/terraform/**)" "Edit(/docker-compose.yml)" "Bash(terraform:*)" "Bash(docker:*)"
```

Related Skills

zod

9
from jpoutrin/product-forge

Zod schema validation patterns and type inference. Auto-loads when validating schemas, parsing data, validating forms, checking types at runtime, or using z.object/z.string/z.infer in TypeScript.

typescript-import-style

9
from jpoutrin/product-forge

Merge-friendly import formatting (one-per-line, alphabetical). Auto-loads when writing TypeScript/JavaScript imports to minimize merge conflicts in parallel development. Enforces consistent grouping and sorting.

setup-mcp-auth

9
from jpoutrin/product-forge

Configure authentication for an existing FastMCP server

fastmcp

9
from jpoutrin/product-forge

FastMCP TypeScript framework patterns for MCP servers. Auto-loads when building MCP servers, creating tools/resources/prompts, implementing authentication, configuring transports, or working with FastMCP in TypeScript.

add-mcp-tool

9
from jpoutrin/product-forge

Add a new tool to an existing FastMCP server with guided configuration

add-mcp-resource

9
from jpoutrin/product-forge

Add a new resource or resource template to an existing FastMCP server

plan-with-team

9
from jpoutrin/product-forge

Validate plan file ownership

privacy-compliance

9
from jpoutrin/product-forge

GDPR, CCPA, and privacy compliance guidance for data protection. Use when handling personal data, implementing consent management, or ensuring regulatory compliance across jurisdictions.

oauth

9
from jpoutrin/product-forge

OAuth 2.0 and OpenID Connect implementation patterns. Use when implementing authentication, authorization flows, or integrating with OAuth providers like Google, GitHub, or custom identity providers.

mcp-security

9
from jpoutrin/product-forge

Use when securing MCP servers, preventing prompt injection, implementing authorization, validating user input, or building secure multi-agent pipelines. Provides 5-layer defense architecture patterns.

rag-cag-security

9
from jpoutrin/product-forge

Security patterns for RAG and CAG systems with multi-tenant isolation. Use when building retrieval-augmented or cache-augmented generation systems that require tenant isolation, access control, and secure data handling.

chunking-strategies

9
from jpoutrin/product-forge

Document chunking strategies for RAG systems. Use when implementing document processing pipelines to determine optimal chunking approaches based on document type and retrieval requirements.