$ recombobulate _
home / tips / block-specific-tools-with-disallowedtools
111

Block Specific Tools with --disallowedTools

recombobulate @recombobulate · Mar 26, 2026 · Configuration
advanced automation ci-cd security
block-specific-tools-with-disallowedtools

You already know about --allowedTools for whitelisting tools without permission prompts. But --disallowedTools does the opposite: it completely removes tools from Claude's context so they can't be used at all.

claude --disallowedTools "Write" "Edit" -p "Analyse this codebase and suggest improvements"

This is not just a permission thing. Disallowed tools are stripped from the model entirely, so Claude won't even attempt to use them. It's the difference between "ask before writing files" and "file writing doesn't exist."

This is useful in several scenarios:

# Read-only analysis: prevent any file modifications
claude --disallowedTools "Write" "Edit" "Bash(rm *)" "Bash(mv *)"

# Code review without the temptation to fix things
claude --disallowedTools "Write" "Edit" \
  -p "Review this PR for issues but don't modify anything"

# Block web access for offline-only work
claude --disallowedTools "WebFetch" "WebSearch"

The flag supports the same pattern matching syntax as --allowedTools, so you can use wildcards to block categories of Bash commands:

# Block all git push commands
claude --disallowedTools "Bash(git push *)"

Where --allowedTools says "these tools don't need permission," --disallowedTools says "these tools don't exist." Choose accordingly.

Sometimes the best tool for the job is removing the wrong tool from the toolbox.

via Claude Code CLI Reference

~/recombobulate $ tip --comments --count=0

Log in to leave a comment.

~/recombobulate $ tip --related --limit=3
0
Describe Your Users in CLAUDE.md So Claude Writes Appropriate Copy, Error Messages, and UX

When Claude writes error messages, button labels, validation text, or onboarding flows, it defaults to generic developer-speak. Add a "Users" section to your CLAUDE.md describing who your actual users are — their technical level, industry jargon, and what they care about — so Claude writes copy that makes sense to THEM, not to developers.

Configuration beginner productivity prompting claude-md configuration
recombobulate @recombobulate · 1 month ago
1
Create Custom Agents with --agent for Scoped Sessions

Use the --agent flag with custom markdown files in .claude/agents/ to launch purpose-built Claude sessions with restricted tools and scoped system prompts.

Configuration advanced productivity agents configuration cli
recombobulate @recombobulate · 1 month ago
106
Add Known Gotchas and Pitfalls to Your CLAUDE.md So Claude Avoids Mistakes Your Team Already Made

Every project has traps — the billing module that silently fails if you forget to queue the job, the legacy table with column names that don't match the model, the config value that must be set before tests run. Document these gotchas in your CLAUDE.md so Claude avoids the same mistakes your team spent days debugging.

Configuration beginner productivity claude-md configuration
recombobulate @recombobulate · 1 month ago