agent-tools
Reference for configuring tool permissions when launching Claude Code agents. Use when setting up --allowedTools flags, restricting file access, or configuring agent permissions.
Best use case
agent-tools is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Reference for configuring tool permissions when launching Claude Code agents. Use when setting up --allowedTools flags, restricting file access, or configuring agent permissions.
Teams using agent-tools should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/agent-tools/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How agent-tools Compares
| Feature / Agent | agent-tools | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Reference for configuring tool permissions when launching Claude Code agents. Use when setting up --allowedTools flags, restricting file access, or configuring agent permissions.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
SKILL.md Source
# Claude Code Tools Reference
Configure tool permissions when launching parallel Claude Code agents.
## Available Tools
| Tool | Description | Use Case |
|------|-------------|----------|
| `Read` | Read files | Always needed for context |
| `Write` | Create new files | Creating new code files |
| `Edit` | Modify existing files | Updating existing code |
| `Bash` | Execute shell commands | Running tests, builds, git |
| `Glob` | Find files by pattern | File discovery |
| `Grep` | Search file contents | Code search |
| `WebFetch` | Fetch web content | Documentation lookup |
| `WebSearch` | Search the web | Research |
| `TodoWrite` | Manage task lists | Progress tracking |
| `Task` | Launch sub-agents | Delegation |
| `NotebookEdit` | Edit Jupyter notebooks | Data science |
| `mcp__<server>` | MCP server tools | External integrations |
## CLI Syntax
Each tool is a separate quoted argument:
```bash
claude --allowedTools "Tool1" "Tool2" "Tool3(...)" --print "prompt"
```
Example with multiple tools:
```bash
claude --allowedTools "Read" "Edit" "Bash(pytest:*)" --print "implement feature"
```
## Path-Specific Restrictions
Restrict file operations to specific directories using gitignore-style patterns.
### Path Pattern Syntax
| Pattern | Meaning | Example |
|---------|---------|---------|
| `//path` | Absolute filesystem path | `Edit(//Users/alice/src/**)` |
| `~/path` | Home directory relative | `Read(~/.zshrc)` |
| `/path` | Relative to settings file | `Edit(/src/**/*.ts)` |
| `path` | Relative to current directory | `Read(src/**)` |
### Examples
```bash
# Allow editing only in src/ directory
claude --allowedTools "Edit(/src/**)" --print "..."
# Allow editing TypeScript files only
claude --allowedTools "Edit(/src/**/*.ts)" --print "..."
# Multiple path restrictions
claude --allowedTools "Read" "Edit(/apps/users/**)" "Edit(/tests/**)" --print "..."
# Absolute path restriction
claude --allowedTools "Edit(//tmp/scratch.txt)" --print "..."
```
## Bash Command Restrictions
Restrict which shell commands can be executed using prefix matching.
### Syntax
```bash
Bash(command:*)
```
The `:*` wildcard only works at the **END** of patterns (prefix matching).
### Pattern Examples
| Pattern | Matches | Does NOT Match |
|---------|---------|----------------|
| `Bash(pytest:*)` | `pytest`, `pytest apps/` | `python -m pytest` |
| `Bash(npm run test:*)` | `npm run test`, `npm run test:unit` | `npm run build` |
| `Bash(git log:*)` | `git log --oneline` | `git commit` |
| `Bash(git status:*)` | `git status` | `git push` |
| `Bash(mypy:*)` | `mypy apps/` | `python -m mypy` |
| `Bash(ruff:*)` | `ruff check .` | `python -m ruff` |
### Example
```bash
claude --allowedTools "Bash(pytest:*)" "Bash(mypy:*)" "Bash(ruff:*)" "Read" --print "run tests"
```
### Security Note
Claude Code prevents bypass via shell operators (`&&`, `;`, `||`). Be aware:
- Different invocations may bypass patterns (`python -m pytest` vs `pytest`)
- For URL restrictions, prefer `WebFetch(domain:...)` over `Bash(curl:*)`
## WebFetch Domain Restrictions
Restrict web fetches to specific domains:
```bash
claude --allowedTools "WebFetch(domain:github.com)" "WebFetch(domain:docs.python.org)" --print "..."
```
## MCP Tool Restrictions
### Allow All Tools from a Server
```bash
claude --allowedTools "mcp__puppeteer" --print "..."
```
### Allow Specific Tool Only
```bash
claude --allowedTools "mcp__puppeteer__puppeteer_navigate" --print "..."
```
**Note:** MCP permissions do NOT support wildcards (`*`).
## Recommended Configurations
### By Task Type
| Task Type | Recommended `--allowedTools` |
|-----------|------------------------------|
| **Implementation** | `"Read" "Write" "Edit(/apps/myapp/**)" "Bash(pytest:*)" "Bash(mypy:*)" "Glob" "Grep"` |
| **Code Review** | `"Read" "Glob" "Grep"` (read-only) |
| **Testing Only** | `"Read" "Bash(pytest:*)" "Bash(npm test:*)"` |
| **Documentation** | `"Read" "Write(/docs/**)" "Edit(/docs/**)" "WebFetch"` |
| **Full Access** | `--dangerously-skip-permissions` |
### For Parallel Development
When using git worktrees for isolation, `--dangerously-skip-permissions` is safe:
- Each agent runs in an isolated worktree
- Agents can only affect files in their workspace
- Main branch remains protected until explicit merge
```bash
# Safe in isolated worktree
claude --dangerously-skip-permissions --print "$(cat prompts/task-001.txt)"
```
### For Granular Control
When agents share a workspace, use path-scoped permissions:
```bash
claude \
--allowedTools \
"Read" \
"Write(/apps/users/**)" \
"Edit(/apps/users/**)" \
"Bash(pytest apps/users/:*)" \
"Bash(mypy apps/users/:*)" \
"Glob" \
"Grep" \
--print "$(cat prompts/task-001.txt)"
```
## Complete Examples
### Django App Implementation Agent
```bash
claude \
--allowedTools \
"Read" \
"Write(/apps/orders/**)" \
"Edit(/apps/orders/**)" \
"Bash(pytest apps/orders/:*)" \
"Bash(mypy apps/orders/:*)" \
"Bash(ruff check apps/orders/:*)" \
"Glob" \
"Grep" \
--print "Implement order management per task-004 spec"
```
### React Component Agent
```bash
claude \
--allowedTools \
"Read" \
"Write(/src/components/Dashboard/**)" \
"Edit(/src/components/Dashboard/**)" \
"Bash(npm run test:*)" \
"Bash(npm run lint:*)" \
"Glob" \
"Grep" \
--print "Implement Dashboard components per task-003 spec"
```
### Read-Only Analysis Agent
```bash
claude \
--allowedTools \
"Read" \
"Glob" \
"Grep" \
"WebFetch(domain:docs.python.org)" \
--print "Analyze codebase and suggest improvements"
```
## Quick Reference
| Restriction Type | Syntax |
|-----------------|--------|
| Allow tool everywhere | `"Edit"` |
| Restrict to directory | `"Edit(/src/**)"` |
| Restrict to file type | `"Edit(/src/**/*.ts)"` |
| Restrict bash command | `"Bash(pytest:*)"` |
| Restrict web domain | `"WebFetch(domain:github.com)"` |
| Allow MCP server | `"mcp__puppeteer"` |
| Allow specific MCP tool | `"mcp__puppeteer__puppeteer_navigate"` |
| Skip all permissions | `--dangerously-skip-permissions` |
## Common Patterns
### Task-Scoped Permissions
Match permissions to task boundaries:
```bash
# Task owns apps/users/
--allowedTools "Edit(/apps/users/**)" "Write(/apps/users/**)"
# Task owns apps/orders/
--allowedTools "Edit(/apps/orders/**)" "Write(/apps/orders/**)"
```
### Test Commands Only
```bash
--allowedTools "Read" "Bash(pytest:*)" "Bash(npm test:*)" "Bash(go test:*)"
```
### Documentation Writer
```bash
--allowedTools "Read" "Write(/docs/**)" "Edit(/docs/**)" "WebFetch" "WebSearch"
```
### Infrastructure Agent
```bash
--allowedTools "Read" "Edit(/terraform/**)" "Edit(/docker-compose.yml)" "Bash(terraform:*)" "Bash(docker:*)"
```Related Skills
zod
Zod schema validation patterns and type inference. Auto-loads when validating schemas, parsing data, validating forms, checking types at runtime, or using z.object/z.string/z.infer in TypeScript.
typescript-import-style
Merge-friendly import formatting (one-per-line, alphabetical). Auto-loads when writing TypeScript/JavaScript imports to minimize merge conflicts in parallel development. Enforces consistent grouping and sorting.
setup-mcp-auth
Configure authentication for an existing FastMCP server
fastmcp
FastMCP TypeScript framework patterns for MCP servers. Auto-loads when building MCP servers, creating tools/resources/prompts, implementing authentication, configuring transports, or working with FastMCP in TypeScript.
add-mcp-tool
Add a new tool to an existing FastMCP server with guided configuration
add-mcp-resource
Add a new resource or resource template to an existing FastMCP server
plan-with-team
Validate plan file ownership
privacy-compliance
GDPR, CCPA, and privacy compliance guidance for data protection. Use when handling personal data, implementing consent management, or ensuring regulatory compliance across jurisdictions.
oauth
OAuth 2.0 and OpenID Connect implementation patterns. Use when implementing authentication, authorization flows, or integrating with OAuth providers like Google, GitHub, or custom identity providers.
mcp-security
Use when securing MCP servers, preventing prompt injection, implementing authorization, validating user input, or building secure multi-agent pipelines. Provides 5-layer defense architecture patterns.
rag-cag-security
Security patterns for RAG and CAG systems with multi-tenant isolation. Use when building retrieval-augmented or cache-augmented generation systems that require tenant isolation, access control, and secure data handling.
chunking-strategies
Document chunking strategies for RAG systems. Use when implementing document processing pipelines to determine optimal chunking approaches based on document type and retrieval requirements.