Trust & Control
Building guarantees, not suggestions. Permissions define what Claude can do; hooks define what happens when it does things.
Claude Code ships with six permission modes that span a spectrum from read-only caution to unrestricted automation. Knowing when to use each one — and why — is the difference between a safe workflow and a costly mistake.
Allowlists and denylists are the rule layer that sits on top of permission modes. They let you precisely control which specific actions run without prompting — and which ones are hard-blocked regardless of mode.
Auto mode's safety classifier is what separates it from simply skipping permissions. Before every tool call, a model evaluates whether the action is safe given your environment. Understanding how it works lets you tune it for your project.
Over-restricting Claude Code is a real cost, not a free safety net. This article draws the line between rules that pay for themselves and rules that create friction without meaningful protection.
Enterprise deployments of Claude Code require centralized policy management — settings that override what individual developers can configure, distributed to every machine, with audit trails. Here's how the system works.
Hooks are shell commands, HTTP endpoints, or LLM calls that fire automatically at specific points in Claude Code's lifecycle. They're the most underused feature in Claude Code — and the one that turns it from a tool into a system.
PreToolUse is the only hook that can stop Claude before it acts. Understanding exit codes, the decision JSON format, and common blocking patterns turns it from a logging mechanism into a real enforcement gate.
PostToolUse fires after a tool completes. You can't undo what happened, but you can auto-format, run tests, validate output, and notify — all before Claude's next action. These patterns enforce standards without requiring Claude's cooperation.
SessionStart, SessionEnd, and PreCompact give you control at the session boundary — injecting context before Claude starts, cleaning up after it finishes, and preserving critical state before compaction erases it.
Three of the four hook types go beyond shell scripts: HTTP hooks POST event data to endpoints, prompt hooks evaluate nuanced conditions using an LLM, and agent hooks spawn full subagents for complex verification. Each fills a different gap.
Individual hooks are useful. A composed hook stack turns Claude Code from a tool into a system. This article builds a complete hook configuration for a TypeScript project — from blocking bad commits to enforcing test coverage to shipping Slack notifications.