approvedTools Command

The approvedTools command manages which tools Claude has permission to use in a given project.

Implementation

This command is implemented in commands/approvedTools.ts and provides functionality to list and remove tools from the approved list. The implementation uses a simple handler pattern with two key functions:

  1. handleListApprovedTools: Lists all tools that are approved for use in the current directory.
  2. handleRemoveApprovedTool: Removes a specific tool from the approved list.

The command follows a configurable pattern that supports dependency injection:

export type ProjectConfigHandler = {
  getCurrentProjectConfig: () => ProjectConfig;
  saveCurrentProjectConfig: (config: ProjectConfig) => void;
};

// Default config handler using the real implementation
const defaultConfigHandler: ProjectConfigHandler = {
  getCurrentProjectConfig: getCurrentProjectConfigDefault,
  saveCurrentProjectConfig: saveCurrentProjectConfigDefault,
};

This design makes the command testable by allowing the injection of mock config handlers.

CLI Integration

In cli.tsx, the command is registered as a subcommand under the main claude command:

const allowedTools = program
  .command("approved-tools")
  .description("Manage approved tools");

allowedTools
  .command("list")
  .description("List all approved tools")
  .action(async () => {
    const result = handleListApprovedTools(getCwd());
    console.log(result);
    process.exit(0);
  });

allowedTools
  .command("remove <tool>")
  .description("Remove a tool from the list of approved tools")
  .action(async (tool: string) => {
    const result = handleRemoveApprovedTool(tool);
    logEvent("tengu_approved_tool_remove", {
      tool,
      success: String(result.success),
    });
    console.log(result.message);
    process.exit(result.success ? 0 : 1);
  });

This allows users to use commands like:

  • claude approved-tools list - To list all approved tools
  • claude approved-tools remove <tool> - To remove a specific tool from the approved list

Security Implications

The approvedTools command plays an important security role in Claude Code's permission system. It allows users to revoke permissions for specific tools, providing a mechanism to limit what Claude can do in a project. This is particularly important for tools that have the potential to modify files or execute commands.