Claude Code Headless Mode

Core Rules

• Treat

  claude --help

  on the target machine as the compatibility floor. CLI flags move faster than blog posts and copied examples.
• Permission rule syntax varies by build. Anthropic docs often show forms like

  Bash(git diff *)

  , while the installed

  claude 2.1.71

  help on this machine still shows

  Bash(git:*)

  . Mirror the syntax shown by the target machine's

  claude --help

  .
• Default to the model the user already configured through

  /model

  , settings, or

  ANTHROPIC_MODEL

  .
• Do not add

  --model

  unless the user explicitly asked for a model override or the workflow must pin a model for reproducibility.
• Prefer

  --append-system-prompt

  over

  --system-prompt

  unless replacing the default Claude Code behavior is intentional.
• Default to safe automation. If the user wants a truly unattended run, use explicit permission rules or

  dontAsk

  ; reserve

  bypassPermissions

  for isolated environments.

Quick Verification

claude --version
claude auth status --text
claude --help

claude doctor

Installation Guidance

• Anthropic's getting-started docs still show

  npm install -g @anthropic-ai/claude-code

  as the standard install path.
• Newer builds may also support native installer flows and

  claude install

  .
• If the user needs installation help, point them to the official Claude Code setup docs and verify the result with

  claude doctor

  rather than assuming one installer path is universal.

Headless Command Patterns

Basic Non-Interactive Run

-p

--print

claude -p "summarize the repository architecture"

--output-format json

claude -p "review the auth layer for risks" --output-format json

Model Selection

• Omit

  --model

  by default.
• If the user explicitly wants a model override, use

  claude --model <alias-or-name> ...

  .
• For persistent defaults, prefer settings (

  model

  ) or

  ANTHROPIC_MODEL

  .
• For third-party deployments, pin models via settings or environment variables instead of bolting

  --model

  onto every command example.

Permission Modes

default

acceptEdits

plan

dontAsk

bypassPermissions

• acceptEdits

  is the skill's recommended default, not the CLI default.
• If the user says "no prompts at all," prefer permission rules or

  dontAsk

  with explicit allow rules.
• Only recommend

  bypassPermissions

  when the environment is already isolated and the user accepts the risk.
• For read-only analysis, prefer

  --tools

  plus

  default

  or

  plan

  ; do not reach for

  bypassPermissions

  just to suppress prompts.

Tool Availability vs Permission Approval

• --tools

  restricts which built-in tools are available at all.

• --allowedTools

  pre-approves specific tools or tool rules so Claude does not prompt for them.

• --disallowedTools

  removes tools or rules from context.

Tool

Tool(specifier)

• Good:

  Bash(git diff *)

• Good:

  Bash(npm run test *)

• Risky for real use:

  Bash(find)

  because it matches only the exact literal command

  find

Bash(find:*)

--tools

--allowedTools

--tools

--allowedTools

Output Formats

• text

  : default human-readable output

• json

  : one final structured result

• stream-json

  : event stream for long-running automation

Commonly Safe Flags

• --append-system-prompt

• --allowedTools

• --disallowedTools

• --tools

• --permission-mode

• --output-format

• --mcp-config

• --continue

  /

  --resume

• --settings

  /

  --setting-sources

• --session-id

• --add-dir

• --max-budget-usd

• --fallback-model

  for print mode

Version-Sensitive Flags

claude --help

Recommended Command Templates

Read-Only Analysis

claude -p "count the total lines of code in this repo, grouped by language" \
  --permission-mode default \
  --tools "Bash,Read" \
  --allowedTools "Read" "Bash(find:*)" "Bash(wc:*)"

Safe Edit Run

claude -p "fix the failing login test and rerun the relevant test command" \
  --permission-mode acceptEdits \
  --tools "Bash,Read,Edit,Write" \
  --allowedTools "Read" "Edit" "Write" "Bash(npm test *)"

JSON Report

claude -p "review the repository for security issues and produce a concise report" \
  --output-format json \
  --append-system-prompt "Focus on concrete findings, exploitability, and mitigations."

Resume a Session

claude -r "$session_id" -p "continue by updating the tests and summarizing what changed"

Continue the Most Recent Session

claude -c -p "continue with the next step"

Use MCP Tools

claude -p "investigate the API latency spike" \
  --permission-mode acceptEdits \
  --mcp-config monitoring-tools.json \
  --allowedTools "Read" "mcp__datadog__*" "mcp__prometheus__*"

Fully Unattended Execution in an Isolated Environment

claude -p "run the migration and fix the resulting type errors" \
  --permission-mode bypassPermissions \
  --tools "Bash,Read,Edit,Write"

Execution Workflow

1. Confirm the user wants Claude Code CLI rather than an inline answer.
2. Verify the installed CLI shape with

   claude --help

   if you plan to use uncommon flags.
3. Choose the least-permissive mode that still fits the task.
4. Build the command without

   --model

   unless the user explicitly asked for an override.
5. Restrict tools with

   --tools

   when safety or predictability matters.
6. Use

   --allowedTools

   for prompt-free approval of known-safe actions.
7. Return exact commands plus short caveats about assumptions and safety.

When To Pause

• The user wants a specific model or provider behavior that requires pinning.
• They asked for a fully unattended run in an environment that is not clearly sandboxed.
• The workflow depends on a Claude Code feature that is not visible in

  claude --help

  .

Final Response Expectations

• the exact command or command sequence
• a one-line note that the configured Claude model is being used by default
• any permission or isolation caveat
• the resume command if the workflow is meant to continue later

References

• references/examples.md

  for extended patterns