Skip to main content
The Claude Agent SDK provides flexible permission management through permission modes and tool permission callbacks. These features let you control which tools Claude can use and validate tool inputs before execution.

Permission Modes

Permission modes control how Claude Agent handles tool permission requests. There are four modes:

Setting Permission Mode

Permission Mode Examples

bypassPermissions mode auto-approves all tool usage. Only use this in trusted environments or for testing purposes.

Tool Permission Callbacks

For fine-grained control, use the can_use_tool callback to programmatically approve or deny tool requests based on custom logic.

Basic Permission Callback

Permission Callback with Input Modification

You can modify tool inputs before execution:

Logging and Auditing

Track tool usage for compliance and debugging:

Permission Context

The ToolPermissionContext provides additional information:

Permission Updates

You can programmatically update permission settings:
Permission update types:
  • addRules - Add new permission rules
  • replaceRules - Replace existing rules
  • removeRules - Remove specific rules
  • setMode - Change permission mode
  • addDirectories - Add trusted directories
  • removeDirectories - Remove trusted directories
Permission destinations:
  • session - Apply to current session only
  • userSettings - Save to user settings
  • projectSettings - Save to project settings
  • localSettings - Save to local settings

Combining Modes and Callbacks

You can use both permission modes and callbacks together:

Interrupting Tool Execution

You can interrupt tool execution from permission callbacks:

Complete Example

Here’s a complete example combining multiple permission strategies:

Best Practices

Begin with permission_mode="default" and gradually relax permissions as you verify behavior. This prevents unexpected tool usage.
Permission callbacks give you full programmatic control. Use them when permission modes alone aren’t sufficient.
Always validate tool inputs in permission callbacks, especially for commands like Bash that can execute arbitrary code.
Maintain audit logs of permission decisions for compliance, debugging, and security analysis.
Always specify allowed_tools to limit which tools are available, even with permission callbacks.
Test your permission callbacks with various inputs to ensure they behave as expected in all scenarios.