# Tool allowlist

**Source:** https://promtable.com/glossary/tool-allowlist

> A tool allowlist is the explicit set of commands / APIs / files an agent is allowed to use — deny-by-default permission policy preventing the agent from invoking surprise tools. Claude Code's settings.json, Cursor allowlist, MCP server scoping are 2026 implementations.

---
A tool allowlist is the explicit set of commands / APIs / files an agent is allowed to use — deny-by-default permission policy preventing the agent from invoking surprise tools. Claude Code's settings.json, Cursor allowlist, MCP server scoping are 2026 implementations.

Tool allowlists invert the default: instead of 'allow everything unless flagged unsafe', the agent can only do what's been explicitly permitted. Implementations: per-tool name (`Bash:git status` allowed, `Bash:rm -rf` denied — Claude Code's pattern), per-host network policy (only fetch from allowed.example.com), per-MCP-server scope (this server can read only `/docs`). Production patterns: start narrow (just reads + safe tools), broaden as the agent proves itself; use stricter allowlists for autonomous / background agents; loosen for interactive plan-approval flows. Allowlists are the simplest + most auditable agent safety mechanism — explicit policy beats implicit trust.

## When to use

- Any production agent.
- Especially autonomous / background agents.

## Common mistakes

- Wildcards that match dangerous commands (`Bash:*` allows `rm -rf`).
- Forgetting to allowlist tools the agent legitimately needs — broken UX.

## Related terms

- [tool-permission](https://promtable.com/glossary/tool-permission)
- [agent-sandbox](https://promtable.com/glossary/agent-sandbox)
- [approval-workflow](https://promtable.com/glossary/approval-workflow)

*Last updated: 2026-06-01*
---

Original page: https://promtable.com/glossary/tool-allowlist
Maintained by Promtable (https://promtable.com). Content: CC BY 4.0. Cite as "Promtable — https://promtable.com/glossary/tool-allowlist".
Contact: info@vibecodingturkey.com.