Skip to main content
Claude Code exposes a catalog of 40+ tools that the agent invokes during LLM tool-call loops. Every tool is a self-contained module registered in src/tools.ts and lives under src/tools/<ToolName>/. Each tool defines five things:
  • Input schema — Zod-validated parameters
  • Permission model — What requires user approval
  • Execution logic — The tool’s implementation
  • UI components — Terminal rendering for invocation and results
  • Concurrency safety — Whether it can run in parallel

Tool definition pattern

Tools are constructed with buildTool(). The following example shows every hook a tool can implement: 
export const MyTool = buildTool({
  name: 'MyTool',
  aliases: ['my_tool'],
  description: 'What this tool does',
  inputSchema: z.object({
    param: z.string(),
  }),
  async call(args, context, canUseTool, parentMessage, onProgress) {
    // Execute and return { data: result, newMessages?: [...] }
  },
  async checkPermissions(input, context) { /* Permission checks */ },
  isConcurrencySafe(input) { /* Can run in parallel? */ },
  isReadOnly(input) { /* Non-destructive? */ },
  prompt(options) { /* System prompt injection */ },
  renderToolUseMessage(input, options) { /* UI for invocation */ },
  renderToolResultMessage(content, progressMessages, options) { /* UI for result */ },
})

Directory structure

Each tool follows a consistent four-file layout: 
src/tools/MyTool/
├── MyTool.ts        # Main implementation
├── UI.tsx           # Terminal rendering
├── prompt.ts        # System prompt contribution
└── utils.ts         # Tool-specific helpers

Permission model

Every tool invocation passes through the permission system at src/hooks/toolPermission/. The active mode determines how approval is handled:
ModeBehavior
defaultPrompt the user for each potentially destructive operation
planShow the full plan, ask once
bypassPermissionsAuto-approve everything (dangerous)
autoML-based classifier decides
Permission rules use wildcard patterns. You configure them per tool and path: 
Bash(git *)           # Allow all git commands
FileEdit(/src/*)      # Allow edits to anything in src/
FileRead(*)           # Allow reading any file
Each tool implements checkPermissions(), which returns { granted: boolean, reason?, prompt? }.
bypassPermissions auto-approves all tool calls including destructive ones. Only use it in fully automated pipelines where you control the environment.

Tool presets

Tools are grouped into presets in src/tools.ts for different contexts:
  • Read-only preset — Safe for code review, analysis, and exploration. Includes FileReadTool, GlobTool, GrepTool, WebFetchTool, and similar read-only tools.
  • Full toolset — The complete set for active development, including shell execution, file writes, and agent orchestration.

Tool categories

File System Tools

Read, write, edit, and search files and code. Includes FileReadTool, FileEditTool, GlobTool, GrepTool, and more.

Shell & Execution Tools

Run shell commands and code in REPL sessions. Includes BashTool, PowerShellTool, and REPLTool.

Agent & Task Tools

Spawn sub-agents, manage teams, and run background tasks. Includes AgentTool, TaskCreateTool, and more.

Web, MCP & Integrations

Web access, MCP server interaction, LSP, scheduling, and utility tools.

Build docs developers (and LLMs) love

Get started for freeTalk to us