Use deniedTools to Permanently Block Commands You Never Want Claude to Run

The allowedTools setting pre-approves tools so Claude doesn't ask. The deniedTools setting does the opposite — it creates a hard block that Claude can never bypass, even if you click approve by mistake.

# Block specific dangerous commands permanently
claude config add deniedTools "Bash(rm -rf *)"
claude config add deniedTools "Bash(git push --force *)"
claude config add deniedTools "Bash(docker system prune *)"
claude config add deniedTools "Bash(npm publish *)"

When Claude tries to run a denied tool, it gets blocked silently and told to find another approach. No prompt, no override — the command simply cannot execute.

This is different from a PreToolUse hook guard, which you can still bypass by modifying the hook script. deniedTools is enforced by Claude Code itself.

Use it for project-specific risks:

# Block production database access from local dev
claude config add -s project deniedTools "Bash(psql *production*)"

# Block deployment commands in a staging-only branch
claude config add -s project deniedTools "Bash(*deploy*production*)"

# Block a specific MCP tool that shouldn't be used locally
claude config add deniedTools "mcp__my-db__write-query"

Or set global blocks for things that should never happen from any project:

# Global blocks that apply everywhere
claude config add -s user deniedTools "Bash(sudo rm *)"
claude config add -s user deniedTools "Bash(kubectl delete namespace *)"
claude config add -s user deniedTools "Bash(DROP DATABASE *)"

Check what's currently blocked:

claude config list | grep deniedTools

The key difference between denied tools and other safety mechanisms: allowedTools is about convenience (skip the prompt), deniedTools is about safety (prevent the action entirely), and hooks are about flexibility (run custom logic before deciding).

allowedTools says "yes without asking." deniedTools says "no, forever." Use both to define exactly what Claude can and can't do.

via Claude Code