Claude Code CLI Reference
Complete reference for claude CLI flags, --allowedTools, --output-format, environment variables, and settings.json
title: "Claude Code CLI Reference" description: "Complete reference for claude CLI flags, --allowedTools, --output-format, environment variables, and settings.json" section: "Reference" readTime: "10 min" badge: "CLI"
Claude Code CLI Reference
Complete reference for the claude command-line tool.
Installation
npm install -g @anthropic-ai/claude-code
claude --versionAuthentication:
claude auth login # OAuth flow
# or set env var:
export ANTHROPIC_API_KEY=sk-ant-...Core Flags
--print / -p
Non-interactive mode. Print the response and exit. Required for scripting and CI.
claude -p "Explain what this function does" < src/auth.ts
echo "Review this diff for bugs" | claude -p--output-format
Control response format. Options: text (default), json, stream-json.
# JSON output for scripting
claude -p --output-format json "List all API endpoints in this project"
# Streaming JSON for real-time processing
claude --output-format stream-json "Generate 50 test cases for the auth module"--model
Override the default model.
claude --model claude-opus-4 "Design the database schema..."
claude --model claude-sonnet-4-5 "Fix this bug..." # default--max-tokens
Cap the response length (tokens). Useful for cost management in batch jobs.
claude -p --max-tokens 500 "Write a one-paragraph summary of this file" < README.md--max-turns
Limit the number of conversation turns in an agentic session. Prevents runaway agents.
claude --max-turns 10 "Refactor the auth module"--allowedTools
Whitelist specific tools the agent may use. Comma-separated.
# Read-only audit — no writes or shell commands
claude --allowedTools "Read,Glob,Grep" "Audit all API routes for missing auth checks"
# Allow file writes but no shell execution
claude --allowedTools "Read,Write,Edit,Glob" "Refactor the utils module"
# Full access (default)
claude "Implement the feature described in PLAN.md"Available tool names: Read, Write, Edit, Bash, Glob, Grep, WebSearch, Task
--disallowedTools
Inverse of --allowedTools. Block specific tools while allowing all others.
# Allow everything except shell commands
claude --disallowedTools "Bash" "Refactor the auth module"--dangerously-skip-permissions
Skip all permission prompts. Agent runs fully autonomously without asking for approval.
claude --dangerously-skip-permissions "Run all tests and fix any failures"Only use in sandboxed environments (Docker, CI). This flag allows the agent to execute any shell command, modify any file, and perform any action without confirmation.
--resume
Resume a previous session by ID.
claude sessions list # list recent sessions with IDs
claude --resume abc123 # resume session abc123--plan
Generate a structured plan and wait for approval before executing.
claude --plan "Add OAuth2 authentication"
# Review the plan, then:
claude "Execute the plan you just created"--verbose
Show detailed tool use, context usage, and token counts.
claude --verbose "Implement the user service"--no-color
Disable ANSI color output. Useful for logging to files.
claude --no-color -p "..." > output.logEnvironment Variables
| Variable | Description |
|---|---|
ANTHROPIC_API_KEY | API key for authentication |
ANTHROPIC_BASE_URL | Override API endpoint (for Bedrock, proxies, local LLMs) |
CLAUDE_MODEL | Default model override |
CLAUDE_MAX_TOKENS | Default max tokens |
NO_COLOR | Disable color output (standard convention) |
Settings File (settings.json)
Located at ~/.claude/settings.json (global) or .claude/settings.json (project-level).
{
"model": "claude-sonnet-4-5",
"maxTokens": 8192,
"permissions": {
"allow": [
"Bash(npm test)",
"Bash(npm run lint)",
"Edit(src/**)",
"Read(**)"
],
"deny": [
"Bash(rm -rf*)",
"Bash(git push*)"
]
},
"hooks": {
"PreToolUse": [
{
"matcher": "Bash",
"hooks": [{
"type": "command",
"command": "echo 'Running: $TOOL_INPUT' >> ~/.claude/audit.log"
}]
}
],
"PostToolUse": [
{
"matcher": "Edit",
"hooks": [{
"type": "command",
"command": "npx eslint --fix $TOOL_INPUT_PATH 2>/dev/null || true"
}]
}
]
},
"env": {
"NODE_ENV": "development"
}
}Permission Pattern Syntax
| Pattern | Matches |
|---|---|
Bash | All bash commands |
Bash(npm *) | Bash commands starting with npm |
Bash(npm test) | Exactly npm test |
Edit(src/**) | Edits to files under src/ |
Read(**) | All file reads |
Common Recipes
Safe Audit (Read-Only)
claude --allowedTools "Read,Glob,Grep" \
"Audit all API routes in src/routes/ for missing authentication middleware.
Report file, line number, and the missing check."Batch Documentation
find src/lib -name "*.ts" | while read f; do
claude -p "Add JSDoc to all exported functions in this file that lack documentation" \
--allowedTools "Read,Edit" < "$f"
doneCI Security Scan
git diff origin/main...HEAD | \
claude -p --output-format json \
"Scan for: hardcoded secrets, SQL injection, missing input validation.
Return JSON array: [{file, line, severity, issue}]"Autonomous Test Generation
claude --dangerously-skip-permissions \
--max-turns 30 \
"Generate Jest tests for all functions in src/utils/ that currently have <60% coverage.
Run npm run test:coverage after each file to verify. Commit changes when done."Subcommands
claude sessions list # List recent sessions
claude sessions resume <id> # Resume session (same as --resume)
claude auth login # Authenticate
claude auth logout # Remove credentials
claude config # Open settings in editor
claude update # Update to latest version