Permission Modes
Permission modes control how Claude Agent handles tool permission requests. There are four modes:Setting Permission Mode
Permission Mode Examples
Tool Permission Callbacks
For fine-grained control, use thecan_use_tool callback to programmatically approve or deny tool requests based on custom logic.
Basic Permission Callback
Permission Callback with Input Modification
You can modify tool inputs before execution:Logging and Auditing
Track tool usage for compliance and debugging:Permission Context
TheToolPermissionContext provides additional information:
Permission Updates
You can programmatically update permission settings:addRules- Add new permission rulesreplaceRules- Replace existing rulesremoveRules- Remove specific rulessetMode- Change permission modeaddDirectories- Add trusted directoriesremoveDirectories- Remove trusted directories
session- Apply to current session onlyuserSettings- Save to user settingsprojectSettings- Save to project settingslocalSettings- Save to local settings
Combining Modes and Callbacks
You can use both permission modes and callbacks together:Interrupting Tool Execution
You can interrupt tool execution from permission callbacks:Complete Example
Hereβs a complete example combining multiple permission strategies:Best Practices
Start with restrictive permissions
Start with restrictive permissions
Begin with
permission_mode="default" and gradually relax permissions as you verify behavior. This prevents unexpected tool usage.Use callbacks for complex logic
Use callbacks for complex logic
Permission callbacks give you full programmatic control. Use them when permission modes alone arenβt sufficient.
Validate all inputs
Validate all inputs
Always validate tool inputs in permission callbacks, especially for commands like
Bash that can execute arbitrary code.Log permission decisions
Log permission decisions
Maintain audit logs of permission decisions for compliance, debugging, and security analysis.
Use allowed_tools to restrict scope
Use allowed_tools to restrict scope
Always specify
allowed_tools to limit which tools are available, even with permission callbacks.Test permission logic thoroughly
Test permission logic thoroughly
Test your permission callbacks with various inputs to ensure they behave as expected in all scenarios.