Skip to main content
Shell and execution tools let the agent run commands and code directly on the host system. These tools are not read-only and require explicit permission grants.

Tool catalog

ToolDescriptionRead-only
BashToolExecute shell commands in bashNo
PowerShellToolExecute PowerShell commands (Windows)No
REPLToolRun code in a persistent REPL session (Python, Node, etc.)No

BashTool

Executes arbitrary shell commands in a bash environment. This is the most powerful tool in the catalog and the most important one to lock down with permission rules.

Permission rules

Permission rules for BashTool use the syntax Bash(<pattern>). The pattern is matched against the full command string. 
Bash(git *)              # Allow all git subcommands
Bash(npm run *)          # Allow npm scripts
Bash(cat *)              # Allow reading files via cat
Bash(ls *)               # Allow directory listings
You can combine multiple rules to allow a curated set of commands while blocking everything else: 
Bash(git *)
Bash(npm run build)
Bash(npm run test)
Avoid using Bash(*) (allow all) in shared or automated environments. A wildcard rule lets the agent run any command with no prompting, including destructive ones like rm -rf.
BashTool runs each command in a fresh subshell by default. Environment variables and working directory changes do not persist between calls. Use REPLTool if you need a stateful session.

Examples

// Run a test suite
BashTool({ command: 'npm run test' })

// Stage and commit changes
BashTool({ command: 'git add -A && git commit -m "fix: update config"' })

// Check disk usage
BashTool({ command: 'du -sh ./dist' })

PowerShellTool

Executes PowerShell commands on Windows. Functionally equivalent to BashTool but targets the PowerShell runtime. Permission rules use the same wildcard syntax: 
PowerShell(git *)
PowerShell(Get-ChildItem *)
PowerShellTool is only active when Claude Code is running on Windows. On macOS and Linux, BashTool is used instead.

REPLTool

Runs code in a persistent REPL session. Unlike BashTool, a REPL session maintains state across calls — variables, imports, and function definitions persist for the duration of the session. Supported runtimes include Python and Node.js. 
// Define a variable in one call
REPLTool({ language: 'python', code: 'x = [1, 2, 3]' })

// Reference it in the next
REPLTool({ language: 'python', code: 'print(sum(x))' })
// => 6
Use REPLTool when you need to:
  • Run multi-step data transformations that build on previous results
  • Test small code snippets interactively during development
  • Avoid re-importing libraries or re-loading data on every call

Build docs developers (and LLMs) love

Get started for freeTalk to us