How Do Claude Code Tool(param:value) Permission Rules Work? v2.1.178 Guide
Claude Code v2.1.178 introduces Tool(param:value) permission rule syntax — you can now write Agent(model:opus) to block expensive Opus subagents or Bash(command:npm test) to whitelist safe commands. This parameter-level control lands the same day Anthropic's billing change took effect, making cost governance for AI coding agents more critical than ever.
Jun 17, 2026 · 3 min read
TL;DR
If you're wondering "how do I control which models Claude Code subagents use?", the answer is: Claude Code v2.1.178 introduces Tool(param:value) permission rule syntax. You can now write rules like Agent(model:opus) to block expensive Opus subagents, or Bash(command:npm test) to allow only specific test commands. Combined with the * wildcard, this gives you fine-grained, parameter-level control over what your AI coding agents can and cannot do.
What Changed in v2.1.178
On June 15, 2026, Anthropic shipped Claude Code v2.1.178 with a headline feature that developers have been asking for: permission rules that match tool input parameters, not just tool names.
The Old Way: Tool-Level Permission Rules
Before v2.1.178, Claude Code's permission system let you allow or deny entire tools:
{
"permissions": {
"allow": ["Read", "Grep"],
"deny": ["Bash", "Agent"]
}
}This was coarse. If you allowed Agent, you allowed any subagent — including expensive Opus-powered ones. If you blocked Agent, you blocked all subagents, even the cheap ones you needed for parallel task execution.
The New Way: Parameter-Level Permission Rules
v2.1.178 adds a Tool(param:value) syntax that matches inside a tool's input parameters:
{
"permissions": {
"deny": ["Agent(model:opus)"]
}
}This rule blocks subagents that specify model: opus while allowing all other Agent invocations. The * wildcard further extends this:
{
"permissions": {
"allow": ["Bash(command:npm test*)"],
"deny": ["Bash(command:rm *)", "Bash(command:git push*)"]
}
}Now you can whitelist specific shell commands (npm test, npm run build) while blocking dangerous ones (rm -rf, git push --force).
Why This Matters Now
This feature lands at a critical moment. On June 15, 2026 — the same day v2.1.178 shipped — Anthropic's billing change took effect, moving Claude Code and Agent SDK usage off flat-rate subscription pools onto a separate metered credit system. Heavy agent users now pay full API rates ($15/M input, $75/M output for Opus) out of limited monthly credits ($20–$200).
Cost-conscious teams need parameter-level permission rules because:
- A single Opus subagent can burn through $20 of API credits in minutes
- Blocking
Agententirely kills productivity; you need subagents - The
Tool(param:value)syntax lets you restrict which model subagents use without blocking subagents entirely
The practical workflow is:
- Allow
Agenttool broadly - Deny
Agent(model:opus)to prevent cost blowouts - Allow
Agent(model:sonnet)for routine subagent tasks - Whitelist specific
Bashcommands for CI/CD safety
Other Fixes in v2.1.178
Beyond permission rules, this release patches several friction points:
- Subagent transcript viewing fixed: Previously, subagent transcripts would disappear after context compaction. v2.1.178 ensures they remain visible for debugging and audit trails.
- OAuth account mismatch resolved: Switching between multiple Anthropic accounts no longer causes stale auth tokens that break tool execution.
- Stale auth cache cleared: Auth-related errors from cached credentials during long sessions are now handled gracefully.
- Fable 5 [1m] suffix normalized: Fable 5 model names no longer require the
[1m]suffix — 1M context is the default, and the suffix is now automatically stripped. - Skills in nested directories: Custom skills stored in
.claude/skills/now load when working from subdirectories of your project, not just the root.
The Bigger Picture: Permission Rules Are Becoming Table Stakes
Claude Code isn't alone. Codex CLI has its own sandbox and approval modes. Cursor just added enterprise org controls. GitHub Copilot launched enterprise-governed agent policies in public preview on June 5. The pattern is clear: as AI coding agents gain more autonomy — spawning subagents, running shell commands, pushing code — permission systems are evolving from binary allow/deny to parameter-level access control.
Anthropic's Tool(param:value) syntax is the most expressive implementation yet. Whether competitors follow suit with similar parameter-matching DSLs will be a key story to watch through the rest of 2026.
How to Upgrade
claude update
claude --version # should show 2.1.178 or higherThen add permission rules to your .claude/settings.json or organization policy:
{
"permissions": {
"deny": [
"Agent(model:opus)",
"Bash(command:rm *)",
"Bash(command:git push --force*)"
]
}
}For teams managing multiple developers, Anthropic recommends setting these rules at the organization level via the admin console to enforce them across all seats.
Topic hub
AI Coding Tools Hub (2026)
From Copilot pricing changes to Claude Code + DeepSeek cost-saving setups—one place to compare tools, read explainers, and follow tutorials.
Explore AI Coding Tools Hub (2026) →Monetization angle
How can you make money from this trend?
WayToClawEarn focuses on verified earn playbooks—not just news. Start from these cases.
DeepSeek + Claude Code Micro SaaS
Run multiple small products on cheap inference
Claude Code bug bounty
Productize agent skills into security services