Use --permission-prompt-tool for Custom Approval Flows in CI

When running Claude Code non-interactively with --print, there is no terminal for permission prompts. The --permission-prompt-tool flag lets you route those prompts to an MCP tool that decides whether to allow or deny each action.

claude -p --permission-prompt-tool mcp__my_auth__approve "Refactor the auth module"

This is the key to building custom approval workflows for automated pipelines. Your MCP tool receives the permission request as JSON and returns an allow or deny decision. You could route approvals to a Slack bot, a web dashboard, or a rules engine.

The tool receives details about what Claude wants to do (the tool name, arguments, and context), so your approval logic can be as simple or sophisticated as you need:

{
  "tool_name": "Bash",
  "tool_input": {
    "command": "rm -rf dist/"
  }
}

This pairs naturally with --mcp-config to load the MCP server that provides your approval tool:

claude -p \
  --mcp-config ./ci-mcp.json \
  --permission-prompt-tool mcp__ci_approver__check \
  "Deploy the staging environment"

Without this flag, non-interactive runs either skip all permissions (dangerous) or fail when a permission is needed. This gives you a middle ground with programmatic control.

Build your own permission layer instead of choosing between "allow everything" and "block everything".

via Claude Code CLI Reference