how to configure allowed_tools when starting the Agent SDK to restrict Bash and Write
| Platform | Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 |
|---|---|
| Category | Automation Tools |
| Guide type | Procedure |
| Skill level | Beginner to intermediate |
| Time | 5 - 30 minutes including verification |
When how to configure allowed_tools when starting the Agent SDK to restrict Bash and Write bites you on Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026, the first instinct is to rerun the whole scenario or redeploy the script. Most of the time you do not have to. The steps below are what an automation engineer would do at their desk before escalating - This usually surfaces during in Make so the working state is always reproducible by branch.
What how to configure allowed_tools when starting the agent sdk to restrict bash and write actually involves on Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026
On Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 when this lands in my queue the tools I lean on first are Honeycomb or Jaeger UI for span inspection, pytest -k agent_sdk with VCR.py for replay fixtures, claude-agent-sdk-python verbose logger via logging.DEBUG. Each of these surfaces a different layer of the failure - keep at least the first one in your personal notes so the next time this happens you do not start cold.
For verification on Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026, the methods that survive contact with a real Monday-morning workload are claude /agents and confirm the skill pack folder is recognized when SDK and CLI share a project and pytest tests/agent_sdk --record-mode=none to enforce VCR replay. Anything less than that and you are shipping on vibes.
Authoritative sources for Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 that I cross-reference before committing to a fix: platform.claude.com/docs/en/agents-and-tools/agent-skills/claude-api-skill, github.com/anthropics/claude-agent-sdk-typescript, docs.anthropic.com. Marketing blog posts and Medium writeups are signal, not ground truth.
The rest of this page is the structured fix path. Start with diagnose, then remediation, then the automation options so you do not have to do this by hand the next time it surfaces. Verify and safety sections at the end are the discipline that keeps the fix from regressing the next time you open the platform.
Signal review
Third pass: read the HTTP status code and the in-product error message like an x-ray of your Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 session. 4xx is something on your side (auth, scope, payload, sharing), 5xx is theirs (or a shared infra fault). 401 = signed-in session expired or the wrong account is active, 403 = you are signed in but the connector is bound to a different identity, 404 = the URL points to a deleted or moved object, 409 = another run is touching the same record at the same time, 422 = the payload validates against schema but fails a workspace rule (required field, locked field, custom validation), 429 = rate limit on the trigger source or destination API, 5xx = retry after a minute. Cross-reference the in-product error string against the Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 help center because the same "something went wrong" toast can mean five different things on a single page. If the same action cycles between 429 and 503 over a tight loop, the API quota on the trigger source is exhausted - slow the scenario down or split it into batches.
Second pass: open the Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 workspace admin or settings panel and look at the audit log or activity feed for the failing window. Most modern automation platforms surface an audit trail (the platform's execution history, the connector run log, the integration activity feed). The audit log tells you whether the failure was your action, a teammate changing a connected account in the same minute, or a platform-side rollout. Many "permission denied" or "connection not found" reports trace to a credential-level change pushed in the same admin panel in the previous hour - the audit trail makes that obvious without guesswork.
Eighth: diff the Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 setup against its last known good state. Ask the obvious question - what changed in the 72 hours before the failure started? Did the platform auto-update overnight (check the About panel for the engine version vs the previous version you wrote down in your notes)? Did you install a new browser extension, a new menu-bar utility, or a new VPN that intercepts the connection? Did you switch accounts, accept a new workspace invite, or change your default workspace? Did your team admin push a new connector policy, enable SSO, or add an SCIM provisioning rule? Use the in-product audit trail or notification feed to anchor "before vs after" so you are not guessing. Cross-check the vendor changelog and community forum for the exact build - if a regression hit a batch of users in the same week, the community catches it before the official changelog admits it. Record the suspect ranking, then disprove suspects one at a time with the cheapest test first (browser private window before extension uninstall, second account before account-wide reset).
Field notes from real Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 incidents
After any change to an Claude Agent SDK automation I run `otel-cli exporter probe to confirm trace ingestion` to confirm the run actually held, two seconds, one call, zero ambiguity. In Agentic AI work, the cost of guessing is almost always higher than the cost of reading the Claude Agent SDK changelog, read the changelog first.
When an Claude Agent SDK flow goes sideways on me, the first thing I open is pytest -k agent_sdk with VCR.py for replay fixtures, it shows me the real execution state before I start guessing. I keep Honeycomb or Jaeger UI for span inspection docked on a second screen whenever I am building inside Claude Agent SDK; one glance tells me whether the run actually fired or silently skipped.
Tools I actually reach for
For most Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 stalls I start with uv pip show claude-agent-sdk for Python install metadata, fall back to Anthropic Workbench for prompt regression baselines, npm ls @anthropic-ai/claude-agent-sdk to confirm pinned version, git diff on skill-pack package.json for version drift, claude-agent-sdk-python verbose logger via logging.DEBUG when uv pip show claude-agent-sdk for Python install metadata cannot surface the answer, and keep Charles Proxy or mitmproxy for Anthropic API call capture handy for the cases where neither answers. That ordering is not academic - it matches the layers of the failure as they tend to surface, so the cheapest signal lands first and the heavier tooling only comes out when the simpler answer does not hold up. My muscle-memory shortcut for this is to run the first tool while the failing screen is still open, not after I have already restarted the platform.
Verification I run before I call it fixed
Before I mark a Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 stall resolved, the verification loop below is what I actually run. Each step proves a different layer is green, and the order matters - the cheaper checks gate the more expensive ones.
pip install claude-agent-sdk && python -c "import claude_agent_sdk; print(claude_agent_sdk.__version__)"If that one comes back clean, move to the next check. If it does not, stop and dig in there before layering more verification on top of a red signal.
otel-cli exporter probe to confirm trace ingestionIf that one comes back clean, move to the next check. If it does not, stop and dig in there before layering more verification on top of a red signal.
npm install @anthropic-ai/claude-agent-sdk && node -e "import('@anthropic-ai/claude-agent-sdk').then(m=>console.log(Object.keys(m)))"Only when every line above runs clean do I close the loop and update my notes with the timestamps.
Where I check first when the docs disagree
When two sources contradict each other on a Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 detail, the disambiguation order I lean on is stable. I usually check github.com/anthropics/claude-agent-sdk-python for the ground-truth view on this part of Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026. I usually check github.com/anthropics/claude-agent-sdk-typescript for the ground-truth view on this part of Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026. I usually check github.com/anthropics/skills for the ground-truth view on this part of Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026. I usually check docs.anthropic.com for the ground-truth view on this part of Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026. Marketing blog posts and Medium writeups are signal, not ground truth, and I treat them as such until the references above either confirm or contradict the claim.
Solution-focused remediation path
For any Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 failure that smells like auth or permission, walk the principle of least surprise chain in order. Confirm which account you are actually signed into (top-right avatar on web, account menu on desktop, profile tab on mobile) and confirm it matches the email the connector is bound to. Many "my scenario stopped firing" reports trace to the connector being bound to your personal account while you are signed into your work workspace identity on the same browser profile. Sign out of every account, sign back in with only the canonical work account, and retry. Clear the OAuth grant from the Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 connected-apps page if you suspect a stale third-party token (the platform's connector settings, the upstream provider's "third-party apps" page). Decision point: if the account is correct, the connector is bound to that account, and the action still fails with a permission error, ask the workspace owner to re-grant the scope explicitly and to check their workspace-level connector policy for a new restriction.
For Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 integrations where rate limits or plan quotas are suspect, read the in-product hints honestly. "You have reached the limit for this workspace" usually means you hit an operation, task, or run cap on the current plan tier. "Slow down, you are sending requests too quickly" is the rate-limit signal on the trigger source or destination API. "This payload is too large" is the per-call cap. Each is telling you the exact same thing in a Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026-specific dialect. Apply exponential backoff for API-driven runs (base 1s, double up to 60s, retry up to 5 times) and split a large batch into chunks of 100 records at a time. Decision point: if you are hitting the quota sustained rather than in bursts, upgrade the plan tier or request a quota increase from the workspace admin with a written usage justification; without it, batch the work or shed load at the producer. Replay the failing scenario against a fresh test workspace at half the throughput to confirm the new safe rate before pushing to the real workspace.
Before any destructive step on a Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 workspace, slow down and stage rollback. Snapshot the current platform version, the current workspace settings (Settings -> screenshot every tab), the connected-apps list, the current sharing policy, and the current member list to a notes entry first. Capture the failing screenshot, the Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 incident id if any, and the timestamp window. Photograph (screenshot) the workspace state from two angles: the scenario or script that is failing, and the workspace settings page that controls the relevant policy. Then do the destructive step (revoke a connector, change a sharing default, remove a member, delete a connected app) inside a test workspace or a test scenario first, never the whole workspace. Capture the platform version, the API permissions, the connected-app list, the workspace member roster, and the relevant integration log snapshot to your notes before the destructive step. Decision point: if you are on a paid plan, the cheapest correct path is almost always to open the in-product support chat in parallel with the rollback - the support rep can confirm whether a vendor-side rollout is responsible while you are still staging the change, which avoids a needless workspace edit if the fix is server-side.
Automate this fix so you do not do it twice
Fleet API token + OAuth grant rotation via vendor admin
Rotating a personal access token on one Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 workspace by hand is fine; rotating across a team of workspaces is how you end up with twelve different tokens, four expired ones, and an unknown blast radius. Drive rotation through the Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 admin SDK or REST under a service account with the rotation scope only, store the new token in a personal password manager (1Password, Bitwarden, vendor secrets manager) with versioning enabled, and roll the consumer scripts one workspace at a time with a health check between each. Pin the API version explicitly during rotation so a coincident vendor rollout does not look like a rotation failure.
# Rotate the platform API token (regenerate via the admin UI, capture in 1Password)
op item create --vault Work --category "API Credential" \ --title "claude platform token 2026-05-31" \ password="$NEW_PLATFORM_TOKEN" notes="Rotated $(date -Iseconds)"
# Capture the old token as deprecated so cutover is reversible
op item create --vault Work --category "API Credential" \ --title "claude platform token OLD 2026-05-31" \ password="$OLD_PLATFORM_TOKEN" notes="Old token marked deprecated"Scrape Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 workspace audit log + integration log via scheduled job
For the Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026, workflow faults usually surface as failed run executions, audit-log denials, or quota nags before a full hang. A weekly scheduled job that exports the last 7 days of these events to CSV gives you a paper trail to correlate with platform updates, policy changes, and vendor incidents without staring at the settings panel live. Register the task via cron (Linux / macOS), Windows Task Scheduler (schtasks /create /XML), or a GitHub Actions schedule, then write the CSV to Dropbox / OneDrive / Google Drive for retention. Subscribe a simple dashboard (Google Sheets with a daily import, Airtable scheduled sync, Notion database via the API) to the same bucket so audit events from every Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 workspace converge on a single view without per-workspace clicking.
# Export the platform audit log via the API (Enterprise plan)
curl -X POST https://api.example.com/v1/audit_logs \ -H "Authorization: Bearer $PLATFORM_TOKEN" \ -H "Accept: application/json" \ -d '{"start_date":"2026-05-24","end_date":"2026-05-31"}' \ -o claude-audit-log.json
# Export the run history for the last 7 days
curl -G https://api.example.com/v1/runs \ -H "Authorization: Bearer $PLATFORM_TOKEN" \ --data-urlencode "oldest=$(date -d '7 days ago' +%s)" \ -o claude-runs.jsonCodify the platform version pin and rollback as a single notes entry
Once a stable platform version is identified for the Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026, write the version string, the build hash, and the workspace policy state to a personal notes entry with the date in the title. Reproducible rollback is then a single download-and-install plus a sign-in. Pin the workspace policy state explicitly so a vendor-side default change does not silently shift behavior under you. Stage the notes entry next to a checklist that lists the failing screenshot, the Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 incident id (if any), and the support case number; the second time the workflow breaks at 9 a.m. you do not want to be rediscovering which platform build was actually green.
# Personal notes template (claude)
Date: 2026-05-31
Platform: claude
Working build: 2.45.1 (Build hash: a1b2c3d)
Account: work@example.com
Workspace: ws-prod-claude
Failing screenshot: ~/notes/claude-2026-05-31.png
Support case: SUPP-claude-12345
Rollback path: download installer from vendor releases page, sign out, reinstall, sign back in
Things that bite
Read-only validation before any write is the single step most Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 fixes skip, and it is the step that lets you roll back when a fix backfires. Screenshot every existing settings page (the workspace settings, the sharing policy, the connected-apps list, the members page, the plan tier page), capture the failing screenshot in a notes entry, export the relevant log to CSV if the platform supports it (the platform's run-history export, the audit-log download), and screenshot the activity feed showing the failing window before any change. On Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 workspaces with multiple environments (test workspace, real workspace) record the platform version, the settings state, and the connected-apps list in each before toggling anything, because a "fix" pushed only to the test workspace is a known regression vector when the real workspace has a different policy.
The mirror-image mistake is confusing a user-side symptom with a vendor fault on Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026. A persistent 403 is often a connector-level change pushed by the workspace owner rather than a Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 bug. A "scenario not found" can be a moved scenario rather than a deleted one. A "webhook not firing" is frequently a corporate proxy or firewall dropping the Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 egress IP rather than a vendor-side regression.
Repair sequence
- Reproduce the original failing run against Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 on the same device AND a second device with the same account. If the failing toast or error code still surfaces on any device, you have not fixed it.
- Watch for 24 to 48 hours via the Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 workspace audit log + the integration history + your personal notes. Cached error states and CDN caches mask slow-burn drift and intermittent regional issues.
- Smoke-test under realistic load: replay the workflow against a test workspace for at least 30 minutes at your normal working pace, log success / error and the timestamp per attempt to a notes file.
- Capture the new state in a personal notes entry so the next time this happens you do not rediscover it. Note platform version + workspace policy + connected-apps list + failing screenshot + verbatim error string + fix applied. Push to a shared team wiki if your team uses one.
- If the fix involved an API token rotation or a workspace policy change, commit the new token to your password manager and screenshot the workspace settings for archival.
Safety, rollback, blast radius
- Test in a Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 test workspace or on a duplicate scenario first before any change that touches the real workspace. Snapshot the platform version, the workspace settings, the connected-apps list, and the sharing policy before changing anything.
- Apply the principle of least surprise when granting share access or connected-app permissions. Review the share list against the people who actually need access - extra shares are extra blast radius.
- Use idempotent runs where the Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 API supports it (the platform's run id de-dupe, external id keys on destination records) so a retried run does not create duplicate records.
- Know your rollback path. Platform version rollback is a one-line download-and-install; an API token rotation is reversible if you kept the old token in the password manager during cutover; a workspace policy change is reversible only if you saved the previous policy in a screenshot.
- For team-wide or workspace-wide changes, line up a maintenance window with team notification before pushing through the admin console.
FAQ
References
- Vendor help center for Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 (official help articles, API docs, Trust Center)
- Community forums (r/nocode, r/automation, r/GoogleAppsScript, r/PowerAutomate, r/n8n, r/make, r/ClaudeAI, vendor community)
- In-product help and the Claude Agent SDK - Skill Packs, Tool Use, Evaluation Harnesses - 2026 changelog
- Vendor status pages and X/Twitter status handles, plus post-mortem incident reports
Related fixes
Related guides worth a look while you sort this one out:
- how to scope an Agent Skill's allowed-tools frontmatter to restrict Bash, Write, and Edit access
- how to add a pre-tool-use hook in the Agent SDK that vetoes a Write call to a protected path
- how to register a custom MCP server with the Claude Agent SDK Python so its tools become callable
- how to write a regression suite that replays past agent transcripts and asserts no tool-use regressions
- how to build an evaluation harness that scores Agent SDK runs against a golden-trajectory dataset
- how to bundle a skill pack folder with an Agent SDK project so skills load at runtime