How Do Claude Code Tool(param:value) Permission Rules Work? v2.1.178 Guide

核心结论

If you're wondering "how do I control which models Claude Code subagents use?", the answer is: Claude Code v2.1.178 introduces Tool(param:value) permission rule syntax. You can now write rules like Agent(model:opus) to block expensive Opus subagents, or Bash(command:npm test) to allow only specific test commands. Combined with the * wildcard, this gives you fine-grained, parameter-level control over what your AI coding agents can and cannot do.

What Changed in v2.1.178

On June 15, 2026, Anthropic shipped Claude Code v2.1.178 with a headline feature that developers have been asking for: permission rules that match tool input parameters, not just tool names.

The Old Way: Tool-Level Permission Rules

Before v2.1.178, Claude Code's permission system let you allow or deny entire tools:

{
  "permissions": {
    "allow": ["Read", "Grep"],
    "deny": ["Bash", "Agent"]
  }
}

This was coarse. If you allowed Agent, you allowed any subagent — including expensive Opus-powered ones. If you blocked Agent, you blocked all subagents, even the cheap ones you needed for parallel task execution.

The New Way: Parameter-Level Permission Rules

v2.1.178 adds a Tool(param:value) syntax that matches inside a tool's input parameters:

{
  "permissions": {
    "deny": ["Agent(model:opus)"]
  }
}

This rule blocks subagents that specify model: opus while allowing all other Agent invocations. The * wildcard further extends this:

{
  "permissions": {
    "allow": ["Bash(command:npm test*)"],
    "deny": ["Bash(command:rm *)", "Bash(command:git push*)"]
  }
}

Now you can whitelist specific shell commands (npm test, npm run build) while blocking dangerous ones (rm -rf, git push --force).

Why This Matters Now

This feature lands at a critical moment. On June 15, 2026 — the same day v2.1.178 shipped — Anthropic's billing change took effect, moving Claude Code and Agent SDK usage off flat-rate subscription pools onto a separate metered credit system. Heavy agent users now pay full API rates ($15/M input, $75/M output for Opus) out of limited monthly credits ($20–$200).

Cost-conscious teams need parameter-level permission rules because:

• A single Opus subagent can burn through $20 of API credits in minutes
• Blocking Agent entirely kills productivity; you need subagents
• The Tool(param:value) syntax lets you restrict which model subagents use without blocking subagents entirely

The practical workflow is:

1. Allow Agent tool broadly
2. Deny Agent(model:opus) to prevent cost blowouts
3. Allow Agent(model:sonnet) for routine subagent tasks
4. Whitelist specific Bash commands for CI/CD safety

Other Fixes in v2.1.178

Beyond permission rules, this release patches several friction points:

• Subagent transcript viewing fixed: Previously, subagent transcripts would disappear after context compaction. v2.1.178 ensures they remain visible for debugging and audit trails.
• OAuth account mismatch resolved: Switching between multiple Anthropic accounts no longer causes stale auth tokens that break tool execution.
• Stale auth cache cleared: Auth-related errors from cached credentials during long sessions are now handled gracefully.
• Fable 5 [1m] suffix normalized: Fable 5 model names no longer require the [1m] suffix — 1M context is the default, and the suffix is now automatically stripped.
• Skills in nested directories: Custom skills stored in .claude/skills/ now load when working from subdirectories of your project, not just the root.

The Bigger Picture: Permission Rules Are Becoming Table Stakes

Claude Code isn't alone. Codex CLI has its own sandbox and approval modes. Cursor just added enterprise org controls. GitHub Copilot launched enterprise-governed agent policies in public preview on June 5. The pattern is clear: as AI coding agents gain more autonomy — spawning subagents, running shell commands, pushing code — permission systems are evolving from binary allow/deny to parameter-level access control.

Anthropic's Tool(param:value) syntax is the most expressive implementation yet. Whether competitors follow suit with similar parameter-matching DSLs will be a key story to watch through the rest of 2026.

How to Upgrade

claude update
claude --version  # should show 2.1.178 or higher

Then add permission rules to your .claude/settings.json or organization policy:

{
  "permissions": {
    "deny": [
      "Agent(model:opus)",
      "Bash(command:rm *)",
      "Bash(command:git push --force*)"
    ]
  }
}

For teams managing multiple developers, Anthropic recommends setting these rules at the organization level via the admin console to enforce them across all seats.