61 lines
3.0 KiB
Markdown
61 lines
3.0 KiB
Markdown
---
|
|
summary: Which Claude Code built-in tools are globally denied (Workflow, Artifact, SendUserFile, ReportFindings) and why, where the deny lives (~/.claude/settings.json permissions.deny), measured per-schema token costs, and which tools are deliberately kept.
|
|
tags:
|
|
- type/reference
|
|
- tool/claude-code
|
|
scope: global
|
|
type: reference
|
|
source: cc-os docs/plans/b2-profile-overlays.md (follow-on section, 2026-07-08)
|
|
date: 2026-07-08
|
|
last_updated: 2026-07-08
|
|
---
|
|
|
|
# Claude Code tool schemas: CYAGNI deny list (what, why, where, how much)
|
|
|
|
## How it's handled — don't forget this
|
|
|
|
Four never-used built-in tools are **globally denied** via
|
|
`~/.claude/settings.json` → `"permissions": {"deny": ["Workflow", "Artifact",
|
|
"SendUserFile", "ReportFindings"]}`. This removes their schemas from every session's
|
|
context (~6.5k tokens/session saved), identical in effect to `--disallowedTools`
|
|
(measured 22,532 vs 22,536). Settings-file deny was chosen over a `cyolo`-alias flag
|
|
so it covers ALL entry points (headless scripts, IDE sessions, anything shelling out
|
|
to `claude`), not just alias-launched sessions.
|
|
|
|
**If a session ever "can't find" one of these tools, this deny list is why.**
|
|
Revert = delete that one line from `~/.claude/settings.json`.
|
|
|
|
## Denied tools — what they are and why they're safe to drop
|
|
|
|
Ground truth: `tool_use` counts across all `~/.claude/projects/**/*.jsonl`
|
|
transcripts, 2026-06-01→2026-07-08 (~17k total tool calls).
|
|
|
|
| Tool | What it is | Lifetime calls | Schema cost |
|
|
|---|---|---|---|
|
|
| Workflow | JS-scripted multi-agent fan-out orchestration ("ultracode"-style) | 0 | **~5,982 tokens** — the single largest schema, ≈ the entire system-prompt text |
|
|
| Artifact | Standalone artifact/document generation | 0 | ~527 combined for these three |
|
|
| SendUserFile | Push a file to the user in supported UIs | 0 | ↑ |
|
|
| ReportFindings | Structured findings reporting (code-review internals) | 1 (via a code-review run) | ↑ |
|
|
|
|
Most likely candidate to want back someday: **Workflow** (heavy multi-agent
|
|
orchestration). Re-enable by removing it from the deny list.
|
|
|
|
## Kept tools (actively used — never deny these)
|
|
|
|
Bash (7,749 calls), Read (4,207), Edit (2,058), Agent (1,298), Write (1,166),
|
|
Skill (339), WebFetch (129), AskUserQuestion (119), ToolSearch (110),
|
|
TaskCreate/Update/Stop/Output (~110), WebSearch (59), ScheduleWakeup (46),
|
|
SendMessage (34), Monitor (15), ExitPlanMode (2).
|
|
|
|
Note: deferred-tier tools (Cron*, LSP, NotebookEdit, plan-mode tools, MCP…) cost
|
|
nothing until fetched via ToolSearch — denying them saves ~0; don't bother.
|
|
|
|
## Context-floor accounting (headless haiku, 2026-07-08)
|
|
|
|
~29k empty-dir floor = ~6.3k system-prompt text + **~18k non-deferred tool schemas**
|
|
+ ~4.8k user stack (hooks + memsearch + plugin listings). Post-deny floor: ~22.5k.
|
|
ToolSearch deferral only covers the optional tier — core schemas ship every request,
|
|
so `permissions.deny` / `--disallowedTools` is the only lever on the 18k.
|
|
|
|
Related: [[claude-code-setting-sources-silent-plugin-drop]], [[cc-os-hub]]
|