3.0 KiB
| summary | tags | scope | type | source | date | last_updated | ||
|---|---|---|---|---|---|---|---|---|
| Which Claude Code built-in tools are globally denied (Workflow, Artifact, SendUserFile, ReportFindings) and why, where the deny lives (~/.claude/settings.json permissions.deny), measured per-schema token costs, and which tools are deliberately kept. |
|
global | reference | cc-os docs/plans/b2-profile-overlays.md (follow-on section, 2026-07-08) | 2026-07-08 | 2026-07-08 |
Claude Code tool schemas: CYAGNI deny list (what, why, where, how much)
How it's handled — don't forget this
Four never-used built-in tools are globally denied via
~/.claude/settings.json → "permissions": {"deny": ["Workflow", "Artifact", "SendUserFile", "ReportFindings"]}. This removes their schemas from every session's
context (~6.5k tokens/session saved), identical in effect to --disallowedTools
(measured 22,532 vs 22,536). Settings-file deny was chosen over a cyolo-alias flag
so it covers ALL entry points (headless scripts, IDE sessions, anything shelling out
to claude), not just alias-launched sessions.
If a session ever "can't find" one of these tools, this deny list is why.
Revert = delete that one line from ~/.claude/settings.json.
Denied tools — what they are and why they're safe to drop
Ground truth: tool_use counts across all ~/.claude/projects/**/*.jsonl
transcripts, 2026-06-01→2026-07-08 (~17k total tool calls).
| Tool | What it is | Lifetime calls | Schema cost |
|---|---|---|---|
| Workflow | JS-scripted multi-agent fan-out orchestration ("ultracode"-style) | 0 | ~5,982 tokens — the single largest schema, ≈ the entire system-prompt text |
| Artifact | Standalone artifact/document generation | 0 | ~527 combined for these three |
| SendUserFile | Push a file to the user in supported UIs | 0 | ↑ |
| ReportFindings | Structured findings reporting (code-review internals) | 1 (via a code-review run) | ↑ |
Most likely candidate to want back someday: Workflow (heavy multi-agent orchestration). Re-enable by removing it from the deny list.
Kept tools (actively used — never deny these)
Bash (7,749 calls), Read (4,207), Edit (2,058), Agent (1,298), Write (1,166), Skill (339), WebFetch (129), AskUserQuestion (119), ToolSearch (110), TaskCreate/Update/Stop/Output (~110), WebSearch (59), ScheduleWakeup (46), SendMessage (34), Monitor (15), ExitPlanMode (2).
Note: deferred-tier tools (Cron*, LSP, NotebookEdit, plan-mode tools, MCP…) cost nothing until fetched via ToolSearch — denying them saves ~0; don't bother.
Context-floor accounting (headless haiku, 2026-07-08)
~29k empty-dir floor = ~6.3k system-prompt text + ~18k non-deferred tool schemas
- ~4.8k user stack (hooks + memsearch + plugin listings). Post-deny floor: ~22.5k.
ToolSearch deferral only covers the optional tier — core schemas ship every request,
so
permissions.deny/--disallowedToolsis the only lever on the 18k.
Related: claude-code-setting-sources-silent-plugin-drop, cc-os-hub