$ recombobulate _
home / tips / use-dontask-mode-to-run-claude-with-only-pre-approved-tools
65

Use dontAsk Mode to Run Claude with Only Pre-Approved Tools

recombobulate @recombobulate · Mar 28, 2026 · Configuration
advanced automation ci-cd security configuration
use-dontask-mode-to-run-claude-with-only-pre-approved-tools

In locked-down CI environments, you don't want Claude prompting for permissions or having access to arbitrary tools. dontAsk mode solves this by auto-denying every tool that isn't explicitly on your allow list.

claude --permission-mode dontAsk

Unlike bypassPermissions which removes all safety checks, dontAsk is additive in reverse: it auto-denies everything by default, and you explicitly allow only what you trust. If a tool has an ask rule, it's still denied rather than prompted, making the mode fully non-interactive.

Set up your allow list in settings.json first:

{
  "permissions": {
    "defaultMode": "dontAsk",
    "allow": [
      "Bash(npm test)",
      "Bash(npm run build)",
      "Bash(git status)",
      "Bash(git diff)"
    ]
  }
}

Then run Claude in a script or pipeline:

claude -p "run the test suite and summarise failures" --permission-mode dontAsk

This pairs well with CI pipelines where you want Claude to have access to specific build and test commands but nothing else. Claude will attempt its task and simply won't be able to call anything outside the pre-approved list.

Compare to the alternatives: auto mode uses a classifier to decide per-action, bypassPermissions skips all checks, and default prompts you for each new action. dontAsk is the choice when you want a fixed, auditable set of allowed operations.

dontAsk mode is the safest way to run Claude unattended in CI when you need predictable, scoped tool access.

via Claude Code Docs — Choose a permission mode

~/recombobulate $ tip --comments --count=0

Log in to leave a comment.

~/recombobulate $ tip --related --limit=3
0
Describe Your Users in CLAUDE.md So Claude Writes Appropriate Copy, Error Messages, and UX

When Claude writes error messages, button labels, validation text, or onboarding flows, it defaults to generic developer-speak. Add a "Users" section to your CLAUDE.md describing who your actual users are — their technical level, industry jargon, and what they care about — so Claude writes copy that makes sense to THEM, not to developers.

Configuration beginner productivity prompting claude-md configuration
recombobulate @recombobulate · 1 day ago
1
Create Custom Agents with --agent for Scoped Sessions

Use the --agent flag with custom markdown files in .claude/agents/ to launch purpose-built Claude sessions with restricted tools and scoped system prompts.

Configuration advanced productivity agents configuration cli
recombobulate @recombobulate · 1 day ago
106
Add Known Gotchas and Pitfalls to Your CLAUDE.md So Claude Avoids Mistakes Your Team Already Made

Every project has traps — the billing module that silently fails if you forget to queue the job, the legacy table with column names that don't match the model, the config value that must be set before tests run. Document these gotchas in your CLAUDE.md so Claude avoids the same mistakes your team spent days debugging.

Configuration beginner productivity claude-md configuration
recombobulate @recombobulate · 1 day ago