SpyBara
Go Premium

Documentation 2026-01-16 21:01 UTC to 2026-01-19 21:01 UTC

9 files changed +132 −18. View all changes and history on the product overview
2026
Sat 31 03:42 Fri 30 18:07 Thu 29 21:03 Wed 28 15:06 Tue 27 21:01 Mon 26 21:03 Sun 25 03:34 Sat 24 03:29 Fri 23 21:01 Thu 22 21:03 Wed 21 21:05 Tue 20 21:03 Mon 19 21:01 Fri 16 21:01 Wed 14 06:02 Mon 12 21:02 Sun 11 18:02 Sat 10 21:01 Fri 9 21:01 Thu 8 21:02 Wed 7 21:01 Tue 6 21:01 Sat 3 18:02
Details

21Customize Claude Code's behavior with these command-line flags:21Customize Claude Code's behavior with these command-line flags:

22 22 

23| Flag | Description | Example |23| Flag | Description | Example |

24| :------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | :------------------------------------------------------------------------------------------------- |24| :------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------------------------------- |

25| `--add-dir` | Add additional working directories for Claude to access (validates each path exists as a directory) | `claude --add-dir ../apps ../lib` |25| `--add-dir` | Add additional working directories for Claude to access (validates each path exists as a directory) | `claude --add-dir ../apps ../lib` |

26| `--agent` | Specify an agent for the current session (overrides the `agent` setting) | `claude --agent my-custom-agent` |26| `--agent` | Specify an agent for the current session (overrides the `agent` setting) | `claude --agent my-custom-agent` |

27| `--agents` | Define custom [subagents](/en/sub-agents) dynamically via JSON (see below for format) | `claude --agents '{"reviewer":{"description":"Reviews code","prompt":"You are a code reviewer"}}'` |27| `--agents` | Define custom [subagents](/en/sub-agents) dynamically via JSON (see below for format) | `claude --agents '{"reviewer":{"description":"Reviews code","prompt":"You are a code reviewer"}}'` |

28| `--allow-dangerously-skip-permissions` | Enable permission bypassing as an option without immediately activating it. Allows composing with `--permission-mode` (use with caution) | `claude --permission-mode plan --allow-dangerously-skip-permissions` |28| `--allow-dangerously-skip-permissions` | Enable permission bypassing as an option without immediately activating it. Allows composing with `--permission-mode` (use with caution) | `claude --permission-mode plan --allow-dangerously-skip-permissions` |

29| `--allowedTools` | Tools that execute without prompting for permission. To restrict which tools are available, use `--tools` instead | `"Bash(git log:*)" "Bash(git diff:*)" "Read"` |29| `--allowedTools` | Tools that execute without prompting for permission. See [permission rule syntax](/en/settings#permission-rule-syntax) for pattern matching. To restrict which tools are available, use `--tools` instead | `"Bash(git log:*)" "Bash(git diff:*)" "Read"` |

30| `--append-system-prompt` | Append custom text to the end of the default system prompt (works in both interactive and print modes) | `claude --append-system-prompt "Always use TypeScript"` |30| `--append-system-prompt` | Append custom text to the end of the default system prompt (works in both interactive and print modes) | `claude --append-system-prompt "Always use TypeScript"` |

31| `--append-system-prompt-file` | Load additional system prompt text from a file and append to the default prompt (print mode only) | `claude -p --append-system-prompt-file ./extra-rules.txt "query"` |31| `--append-system-prompt-file` | Load additional system prompt text from a file and append to the default prompt (print mode only) | `claude -p --append-system-prompt-file ./extra-rules.txt "query"` |

32| `--betas` | Beta headers to include in API requests (API key users only) | `claude --betas interleaved-thinking` |32| `--betas` | Beta headers to include in API requests (API key users only) | `claude --betas interleaved-thinking` |

Details

301 301 

302Claude uses the [`AskUserQuestion`](/en/settings#tools-available-to-claude) tool to ask you multiple-choice questions for gathering requirements, clarifying ambiguity, and understanding your preferences before writing any code. This collaborative approach produces better specs than trying to anticipate every requirement upfront.302Claude uses the [`AskUserQuestion`](/en/settings#tools-available-to-claude) tool to ask you multiple-choice questions for gathering requirements, clarifying ambiguity, and understanding your preferences before writing any code. This collaborative approach produces better specs than trying to anticipate every requirement upfront.

303 303 

304<Tip>

305 When you select "Type something" to provide a custom answer, press **Ctrl+G** to open your default text editor for longer responses.

306</Tip>

307 

304This behavior is most active in Plan Mode. To encourage it in other modes, add guidance to your `CLAUDE.md` file:308This behavior is most active in Plan Mode. To encourage it in other modes, add guidance to your `CLAUDE.md` file:

305 309 

306```markdown theme={null}310```markdown theme={null}

headless.md +2 −0

Details

91 --allowedTools "Bash(git diff:*),Bash(git log:*),Bash(git status:*),Bash(git commit:*)"91 --allowedTools "Bash(git diff:*),Bash(git log:*),Bash(git status:*),Bash(git commit:*)"

92```92```

93 93 

94The `--allowedTools` flag uses [permission rule syntax](/en/settings#permission-rule-syntax). The `:*` suffix enables prefix matching, so `Bash(git diff:*)` allows any command starting with `git diff`.

95 

94<Note>96<Note>

95 [Slash commands](/en/slash-commands) like `/commit` are only available in interactive mode. In `-p` mode, describe the task you want to accomplish instead.97 [Slash commands](/en/slash-commands) like `/commit` are only available in interactive mode. In `-p` mode, describe the task you want to accomplish instead.

96</Note>98</Note>

iam.md +11 −4

Details

70 70 

71You can view & manage Claude Code's tool permissions with `/permissions`. This UI lists all permission rules and the settings.json file they are sourced from.71You can view & manage Claude Code's tool permissions with `/permissions`. This UI lists all permission rules and the settings.json file they are sourced from.

72 72 

73* **Allow** rules will allow Claude Code to use the specified tool without further manual approval.73* **Allow** rules let Claude Code use the specified tool without manual approval.

74* **Ask** rules will ask the user for confirmation whenever Claude Code tries to use the specified tool. Ask rules take precedence over allow rules.74* **Ask** rules prompt for confirmation whenever Claude Code tries to use the specified tool.

75* **Deny** rules will prevent Claude Code from using the specified tool. Deny rules take precedence over allow and ask rules.75* **Deny** rules prevent Claude Code from using the specified tool.

76 

77Rules are evaluated in order: **deny → ask → allow**. The first matching rule wins, so deny rules always take precedence.

78 

76* **Additional directories** extend Claude's file access to directories beyond the initial working directory.79* **Additional directories** extend Claude's file access to directories beyond the initial working directory.

77* **Default mode** controls Claude's permission behavior when encountering new requests.80* **Default mode** controls Claude's permission behavior when encountering new requests.

78 81 

79Permission rules use the format: `Tool` or `Tool(optional-specifier)`82Permission rules use the format: `Tool` or `Tool(optional-specifier)`

80 83 

81A rule that is just the tool name matches any use of that tool. For example, adding `Bash` to the list of allow rules would allow Claude Code to use the Bash tool without requiring user approval.84A rule that is just the tool name matches any use of that tool. For example, adding `Bash` to the allow list allows Claude Code to use the Bash tool without requiring user approval. Note that `Bash(*)` does **not** match all Bash commands. Use `Bash` without parentheses to match all uses.

85 

86<Note>

87 For a quick reference on permission rule syntax including wildcards, see [Permission rule syntax](/en/settings#permission-rule-syntax) in the settings documentation.

88</Note>

82 89 

83#### Permission modes90#### Permission modes

84 91 

Details

22| :------------------------------------------------ | :--------------------------------- | :-------------------------------------------------------------------------------------------- |22| :------------------------------------------------ | :--------------------------------- | :-------------------------------------------------------------------------------------------- |

23| `Ctrl+C` | Cancel current input or generation | Standard interrupt |23| `Ctrl+C` | Cancel current input or generation | Standard interrupt |

24| `Ctrl+D` | Exit Claude Code session | EOF signal |24| `Ctrl+D` | Exit Claude Code session | EOF signal |

25| `Ctrl+G` | Open in default text editor | Edit your prompt or custom response in your default text editor |

25| `Ctrl+L` | Clear terminal screen | Keeps conversation history |26| `Ctrl+L` | Clear terminal screen | Keeps conversation history |

26| `Ctrl+O` | Toggle verbose output | Shows detailed tool usage and execution |27| `Ctrl+O` | Toggle verbose output | Shows detailed tool usage and execution |

27| `Ctrl+R` | Reverse search command history | Search through previous commands interactively |28| `Ctrl+R` | Reverse search command history | Search through previous commands interactively |


187 188 

188**Key features:**189**Key features:**

189 190 

190* Output is buffered and Claude can retrieve it using the BashOutput tool191* Output is buffered and Claude can retrieve it using the TaskOutput tool

191* Background tasks have unique IDs for tracking and output retrieval192* Background tasks have unique IDs for tracking and output retrieval

192* Background tasks are automatically cleaned up when Claude Code exits193* Background tasks are automatically cleaned up when Claude Code exits

193 194 

mcp.md +6 −2

Details

37 mcpConnector: worksWith.includes('claude-api'),37 mcpConnector: worksWith.includes('claude-api'),

38 claudeDesktop: worksWith.includes('claude-desktop')38 claudeDesktop: worksWith.includes('claude-desktop')

39 };39 };

40 const remoteUrl = server.remotes?.[0]?.url || meta.url;40 const remotes = server.remotes || [];

41 const remoteType = server.remotes?.[0]?.type;41 const httpRemote = remotes.find(r => r.type === 'streamable-http');

42 const sseRemote = remotes.find(r => r.type === 'sse');

43 const preferredRemote = httpRemote || sseRemote;

44 const remoteUrl = preferredRemote?.url || meta.url;

45 const remoteType = preferredRemote?.type;

42 const isTemplatedUrl = remoteUrl?.includes('{');46 const isTemplatedUrl = remoteUrl?.includes('{');

43 let setupUrl;47 let setupUrl;

44 if (isTemplatedUrl && meta.requiredFields) {48 if (isTemplatedUrl && meta.requiredFields) {

settings.md +95 −6

Details

167### Permission settings167### Permission settings

168 168 

169| Keys | Description | Example |169| Keys | Description | Example |

170| :----------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | :--------------------------------------------------------------------- |170| :----------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :--------------------------------------------------------------------- |

171| `allow` | Array of [permission rules](/en/iam#configuring-permissions) to allow tool use. **Note:** Bash rules use prefix matching, not regex | `[ "Bash(git diff:*)" ]` |171| `allow` | Array of permission rules to allow tool use. See [Permission rule syntax](#permission-rule-syntax) below for pattern matching details | `[ "Bash(git diff:*)" ]` |

172| `ask` | Array of [permission rules](/en/iam#configuring-permissions) to ask for confirmation upon tool use. | `[ "Bash(git push:*)" ]` |172| `ask` | Array of permission rules to ask for confirmation upon tool use. See [Permission rule syntax](#permission-rule-syntax) below | `[ "Bash(git push:*)" ]` |

173| `deny` | Array of [permission rules](/en/iam#configuring-permissions) to deny tool use. Use this to also exclude sensitive files from Claude Code access. **Note:** Bash patterns are prefix matches and can be bypassed (see [Bash permission limitations](/en/iam#tool-specific-permission-rules)) | `[ "WebFetch", "Bash(curl:*)", "Read(./.env)", "Read(./secrets/**)" ]` |173| `deny` | Array of permission rules to deny tool use. Use this to exclude sensitive files from Claude Code access. See [Permission rule syntax](#permission-rule-syntax) and [Bash permission limitations](/en/iam#tool-specific-permission-rules) | `[ "WebFetch", "Bash(curl:*)", "Read(./.env)", "Read(./secrets/**)" ]` |

174| `additionalDirectories` | Additional [working directories](/en/iam#working-directories) that Claude has access to | `[ "../docs/" ]` |174| `additionalDirectories` | Additional [working directories](/en/iam#working-directories) that Claude has access to | `[ "../docs/" ]` |

175| `defaultMode` | Default [permission mode](/en/iam#permission-modes) when opening Claude Code | `"acceptEdits"` |175| `defaultMode` | Default [permission mode](/en/iam#permission-modes) when opening Claude Code | `"acceptEdits"` |

176| `disableBypassPermissionsMode` | Set to `"disable"` to prevent `bypassPermissions` mode from being activated. This disables the `--dangerously-skip-permissions` command-line flag. See [managed settings](/en/iam#managed-settings) | `"disable"` |176| `disableBypassPermissionsMode` | Set to `"disable"` to prevent `bypassPermissions` mode from being activated. This disables the `--dangerously-skip-permissions` command-line flag. See [managed settings](/en/iam#managed-settings) | `"disable"` |

177 177 

178### Permission rule syntax

179 

180Permission rules follow the format `Tool` or `Tool(specifier)`. Understanding the syntax helps you write rules that match exactly what you intend.

181 

182#### Rule evaluation order

183 

184When multiple rules could match the same tool use, rules are evaluated in this order:

185 

1861. **Deny** rules are checked first

1872. **Ask** rules are checked second

1883. **Allow** rules are checked last

189 

190The first matching rule determines the behavior. This means deny rules always take precedence over allow rules, even if both match the same command.

191 

192#### Matching all uses of a tool

193 

194To match all uses of a tool, use just the tool name without parentheses:

195 

196| Rule | Effect |

197| :--------- | :--------------------------------- |

198| `Bash` | Matches **all** Bash commands |

199| `WebFetch` | Matches **all** web fetch requests |

200| `Read` | Matches **all** file reads |

201 

202<Warning>

203 `Bash(*)` does **not** match all Bash commands. The `*` wildcard only matches within the specifier context. To allow or deny all uses of a tool, use just the tool name: `Bash`, not `Bash(*)`.

204</Warning>

205 

206#### Using specifiers for fine-grained control

207 

208Add a specifier in parentheses to match specific tool uses:

209 

210| Rule | Effect |

211| :----------------------------- | :------------------------------------------------------- |

212| `Bash(npm run build)` | Matches the exact command `npm run build` |

213| `Read(./.env)` | Matches reading the `.env` file in the current directory |

214| `WebFetch(domain:example.com)` | Matches fetch requests to example.com |

215 

216#### Wildcard patterns

217 

218Two wildcard syntaxes are available for Bash rules:

219 

220| Wildcard | Position | Behavior | Example |

221| :------- | :------------------ | :---------------------------------------------------------------------- | :-------------------------------------------------------- |

222| `:*` | End of pattern only | **Prefix matching** - matches commands starting with the prefix | `Bash(npm run:*)` matches `npm run test`, `npm run build` |

223| `*` | Anywhere in pattern | **Glob matching** - matches any sequence of characters at that position | `Bash(* install)` matches `npm install`, `yarn install` |

224 

225**Prefix matching with `:*`**

226 

227The `:*` suffix matches any command that starts with the specified prefix. This works with multi-word commands. The following configuration allows npm and git commit commands while blocking git push and rm -rf:

228 

229```json theme={null}

230{

231 "permissions": {

232 "allow": [

233 "Bash(npm run:*)",

234 "Bash(git commit:*)",

235 "Bash(docker compose:*)"

236 ],

237 "deny": [

238 "Bash(git push:*)",

239 "Bash(rm -rf:*)"

240 ]

241 }

242}

243```

244 

245**Glob matching with `*`**

246 

247The `*` wildcard can appear at the beginning, middle, or end of a pattern. The following configuration allows any git command targeting main (like `git checkout main`, `git merge main`) and any version check command (like `node --version`, `npm --version`):

248 

249```json theme={null}

250{

251 "permissions": {

252 "allow": [

253 "Bash(git * main)",

254 "Bash(* --version)"

255 ]

256 }

257}

258```

259 

260<Warning>

261 Bash permission rules use pattern matching and can be bypassed using shell features like command flags, variables, or redirects. For example, `Bash(curl:*)` can be bypassed with `curl -X GET` reordered to `curl http://example.com -X GET`. Do not rely on Bash deny rules as a security boundary.

262</Warning>

263 

264For detailed information about tool-specific permission patterns—including Read, Edit, WebFetch, MCP, Task rules, and Bash permission limitations—see [Tool-specific permission rules](/en/iam#tool-specific-permission-rules).

265 

178### Sandbox settings266### Sandbox settings

179 267 

180Configure advanced sandboxing behavior. Sandboxing isolates bash commands from your filesystem and network. See [Sandboxing](/en/sandboxing) for details.268Configure advanced sandboxing behavior. Sandboxing isolates bash commands from your filesystem and network. See [Sandboxing](/en/sandboxing) for details.


846 934 

847## See also935## See also

848 936 

849* [Identity and Access Management](/en/iam#configuring-permissions) - Learn about Claude Code's permission system937* [Identity and Access Management](/en/iam#configuring-permissions) - Permission system overview and how allow/ask/deny rules interact

850* [IAM and access control](/en/iam#managed-settings) - Managed policy configuration938* [Tool-specific permission rules](/en/iam#tool-specific-permission-rules) - Detailed patterns for Bash, Read, Edit, WebFetch, MCP, and Task tools, including security limitations

939* [Managed settings](/en/iam#managed-settings) - Managed policy configuration for organizations

851* [Troubleshooting](/en/troubleshooting#auto-updater-issues) - Solutions for common configuration issues940* [Troubleshooting](/en/troubleshooting#auto-updater-issues) - Solutions for common configuration issues

852 941 

853 942 

Details

5## Built-in slash commands5## Built-in slash commands

6 6 

7| Command | Purpose |7| Command | Purpose |

8| :------------------------ | :------------------------------------------------------------------------------------------------------------------------------------------- |8| :------------------------ | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |

9| `/add-dir` | Add additional working directories |9| `/add-dir` | Add additional working directories |

10| `/agents` | Manage custom AI subagents for specialized tasks |10| `/agents` | Manage custom AI subagents for specialized tasks |

11| `/bashes` | List and manage background tasks |11| `/bashes` | List and manage background tasks |


15| `/config` | Open the Settings interface (Config tab). Type to search and filter settings |15| `/config` | Open the Settings interface (Config tab). Type to search and filter settings |

16| `/context` | Visualize current context usage as a colored grid |16| `/context` | Visualize current context usage as a colored grid |

17| `/cost` | Show token usage statistics. See [cost tracking guide](/en/costs#using-the-cost-command) for subscription-specific details. |17| `/cost` | Show token usage statistics. See [cost tracking guide](/en/costs#using-the-cost-command) for subscription-specific details. |

18| `/doctor` | Checks installation health. Shows Updates section with auto-update channel and available npm versions |18| `/doctor` | Run diagnostics to check installation health, detect configuration issues (invalid settings, MCP errors, keybinding problems), and identify context usage warnings (large CLAUDE.md files, high MCP token usage) |

19| `/exit` | Exit the REPL |19| `/exit` | Exit the REPL |

20| `/export [filename]` | Export the current conversation to a file or clipboard |20| `/export [filename]` | Export the current conversation to a file or clipboard |

21| `/help` | Get usage help |21| `/help` | Get usage help |

Details

387 387 

3881. Use the `/bug` command within Claude Code to report problems directly to Anthropic3881. Use the `/bug` command within Claude Code to report problems directly to Anthropic

3892. Check the [GitHub repository](https://github.com/anthropics/claude-code) for known issues3892. Check the [GitHub repository](https://github.com/anthropics/claude-code) for known issues

3903. Run `/doctor` to check the health of your Claude Code installation3903. Run `/doctor` to diagnose issues. It checks:

391 * Installation type, version, and search functionality

392 * Auto-update status and available versions

393 * Invalid settings files (malformed JSON, incorrect types)

394 * MCP server configuration errors

395 * Keybinding configuration problems

396 * Context usage warnings (large CLAUDE.md files, high MCP token usage, unreachable permission rules)

397 * Plugin and agent loading errors

3914. Ask Claude directly about its capabilities and features - Claude has built-in access to its documentation3984. Ask Claude directly about its capabilities and features - Claude has built-in access to its documentation

392 399 

393 400