Permissions and Tools
How Claude Code decides what it can do and when it should ask
A practical guide to built-in tools, permission checks, and why tool availability changes across modes and agent types.
Tool access is centrally curated
Claude Code assembles a base tool list and then filters it by environment, mode, feature flags, and agent type.
This creates a controlled capability surface rather than letting every tool exist in every context.
- Read, edit, write, grep, glob, shell, plan, task, web, and agent tools form the core surface.
- Specialized tools are feature-gated.
- Agent contexts receive a narrower toolset than the main thread.
Permissions combine hooks, classifiers, and user review
Coordinator-mode permission handling shows the general pattern clearly: fast local checks run first, then slower classifier logic, then the user can still be asked when needed.
The system is designed to fall back to human approval rather than fail closed in a confusing way.
- Hooks run first because they are fast and local.
- Classifiers can add slower inference-based decisions.
- Unexpected failures fall through to a manual dialog instead of silently blocking work.
Sub-agents do not get the full tool surface
Async agents are intentionally restricted. They can read, search, edit, and write, but they do not inherit every tool the main thread has.
That prevents recursive or stateful tools from creating hard-to-debug behavior.
- Recursive agent spawning is blocked in many contexts.
- Plan-exit and task-stop behavior stays with the main thread.
- Coordinator mode is even narrower and focuses on orchestration.
For users, the important distinction is not just read vs write
A better lens is reversible vs high-impact. Claude Code has many safe inspection tools, but editing, shell, and external integrations can change the world quickly.
That is why permission review matters most around mutation and automation, not simple inspection.
Learn next
These guides are adjacent to the current topic and make the learning path easier to follow.
How Claude Code Works
The high-level architecture behind a Claude Code turn
A code-backed explanation of how Claude Code assembles context, runs the agent loop, invokes tools, and keeps long sessions moving.
Agents and Plan Mode
How Claude Code separates planning, coordination, and delegated execution
Understand the difference between the main thread, plan mode, coordinator behavior, and constrained sub-agents.
Context and Memory
How Claude Code builds working context and persistent memory
Understand the difference between session context, CLAUDE.md instructions, MEMORY.md indexing, and relevance-based memory recall.
Related resources
These directory entries connect the concept guide to concrete tools, docs, and integrations.
Prettier Pre-commit Hook
Auto-format code with Prettier before every commit
Pre-commit hook configuration that automatically formats staged files with Prettier. Supports JavaScript, TypeScript, JSON, CSS, Markdown, and more. Prevents unformatted code from being committed.
ESLint Pre-commit Hook
Lint JavaScript/TypeScript files before committing
Pre-commit hook that runs ESLint on staged files. Catches linting errors early and prevents problematic code from being committed. Supports auto-fix for automatically resolvable issues.
TypeScript Type-check Hook
Validate TypeScript types before committing
Pre-commit hook that runs TypeScript type checking. Ensures type safety across your codebase by catching type errors before they're committed. Uses tsc with noEmit flag.
Claude Code Best Practices
Community-driven best practices for Claude Code
Collection of best practices learned from real-world Claude Code usage. Covers CLAUDE.md optimization, effective prompting, workflow organization, and common pitfalls to avoid. Continuously updated by the community.