ArmorIQ LogoArmorIQ Docs
Getting Started

Command Reference

Complete reference for all /armor commands available in ArmorClaude

/armor Command Reference

All ArmorClaude commands start with /armor. Type /armor alone to see the help text. Commands run in the UserPromptSubmit hook before Claude's LLM sees the prompt - they are processed instantly without an LLM call.

Use /armor only. The legacy /armor-policy prefix is intentionally unsupported.

Quick Reference

CommandDescription
/armorShow help
/armor yesApply the current staged proposal
/armor noDiscard the current staged proposal

Policy Commands

Viewing Policy

CommandDescription
/armor policy listShow all rules with IDs and effects
/armor policy viewShow the active policy as raw JSON
/armor policy exportExport full policy state (version history included)

Adding Rules

/armor policy add allow Read
/armor policy add deny WebFetch
/armor policy add hold Bash
/armor policy add allow Read and Grep, deny Write, hold Bash

Effects: allow, deny (or block), hold (or require_approval, ask before).

Multiple rules in one command are comma-separated. All changes are staged - confirm with /armor yes.

Removing Rules

/armor policy remove stmt_1

Removes a specific rule by ID. Check IDs with /armor policy list.

Resetting Policy

/armor policy reset

Proposes clearing all rules back to an empty policy. Must be confirmed.

Setting Default Decision

/armor policy default allow
/armor policy default deny
/armor policy default hold

Controls what happens when no rule matches a tool call.

Applying Templates

/armor policy template balanced

Available templates:

NameDescription
all-allowEverything permitted, intent planning still enforced
strict-read-onlyOnly Read/Grep/Glob allowed
balancedRead allowed, Bash/Write/Edit require approval
lockdownAll tools require approval

Crypto Binding

/armor policy rebind

Reissues the Merkle tree crypto binding for the current policy. Required only when the binding gets out of sync (rare).

Staging and Confirmation

Every policy change goes through a two-step process:

/armor policy add deny Bash       # stages the change
/armor yes                        # applies it
CommandDescription
/armor yesApply the current staged proposal
/armor noDiscard the current staged proposal
/armor policy confirmApply (same as /armor yes)
/armor policy confirm pol_abc12345Apply a specific proposal by ID
/armor policy cancelDiscard (same as /armor no)
/armor policy cancel pol_abc12345Discard a specific proposal by ID

Staged proposals expire after 30 minutes.

Draft Workflow

For complex policy changes, work with drafts before staging:

CommandDescription
/armor policy draft validate <json>Validate pasted policy JSON, create a draft
/armor policy draft edit <draft-id> <json>Replace a draft's JSON
/armor policy revise <draft-id> "<instruction>"Apply a deterministic edit to a draft
/armor policy stage <draft-id>Move a draft into the staging area
/armor policy stage <json>Stage raw JSON directly

Example: Draft → Stage → Confirm

/armor policy draft validate {"schemaVersion":"armor.policy.v1","kind":"PolicyProfile","metadata":{"name":"custom"},"defaults":{"decision":"deny","conflictResolution":"deny_overrides"},"statements":[{"id":"s1","effect":"permit","principal":{"type":"agent","id":"claude-code"},"action":{"type":"tool","eq":"Read"},"resource":{"type":"workspace","scope":"current"},"conditions":[]}]}

Response: draft_abc12345 created.

/armor policy stage draft_abc12345
/armor yes

MCP Server Management

Control which MCP servers are trusted:

CommandDescription
/armor mcp listShow all detected MCP servers and their status
/armor mcp approve <server>Persistently approve an MCP server
/armor mcp deny <server>Persistently deny an MCP server

By default, ArmorClaude denies unknown MCP servers (mcpDenyByDefault: true). When an unknown server's tool is called, ArmorClaude uses Claude Code's native approval UI for a one-time allow. Use /armor mcp approve to trust a server permanently.

Profile Management

Save, switch, and share policy profiles:

CommandDescription
/armor profile listShow all saved profiles
/armor profile save <name>Save current policy as a named profile
/armor profile switch <name>Stage switching to a saved profile (requires confirm)
/armor profile delete <name>Delete a saved profile
/armor profile push <name>Push a profile to the ArmorIQ backend (requires API key)
/armor profile pullPull all org profiles from the backend (requires API key)

Example: Save and Switch Profiles

/armor policy template balanced
/armor yes
/armor profile save my-balanced

/armor policy template lockdown
/armor yes
/armor profile save my-lockdown

/armor profile switch my-balanced
/armor yes

Settings

CommandDescription
/armor settingsShow current enforcement engine and settings
/armor settings enforcement localSwitch to local policy evaluation
/armor settings enforcement opaSwitch to OPA-based enforcement (requires ARMORCLAUDE_OPA_PDP_URL)

Backend Sync

CommandDescription
/armor syncPush current policy state to the ArmorIQ backend (requires API key)

Complete Command List

/armor                                - show help
/armor policy list                    - show current rules
/armor policy view                    - show active policy JSON
/armor policy export                  - export full policy state
/armor policy default <allow|deny|hold> - set default decision
/armor policy add <rules>             - stage new rules
/armor policy remove <rule-id>        - propose removing a rule
/armor policy reset                   - propose clearing all rules
/armor policy template <name>         - propose applying a template
/armor policy rebind                  - reissue crypto binding
/armor policy draft validate <json>   - validate and create a draft
/armor policy draft edit <id> <json>  - replace a draft's JSON
/armor policy revise <id> "<instr>"   - edit a draft deterministically
/armor policy stage <id|json>         - move draft/JSON to staging
/armor policy confirm [proposal-id]   - apply staged change
/armor policy cancel [proposal-id]    - discard staged change
/armor yes                            - apply current staged change
/armor no                             - discard current staged change
/armor mcp list                       - show detected MCP servers
/armor mcp approve <server>           - approve an MCP server
/armor mcp deny <server>              - deny an MCP server
/armor profile list                   - show saved profiles
/armor profile save <name>            - save current policy as profile
/armor profile switch <name>          - switch to a saved profile
/armor profile delete <name>          - delete a profile
/armor profile push <name>            - push profile to backend
/armor profile pull                   - pull org profiles from backend
/armor settings                       - show settings
/armor settings enforcement <engine>  - switch enforcement engine
/armor sync                           - push policy to backend

Policy Rules

Control what tools Claude can use with allow/deny/hold rules managed entirely from the chat prompt

MCP Tools

ArmorClaude's MCP tools for intent plan registration, policy reading, and trust operations

On this page

/armor Command ReferenceQuick ReferencePolicy CommandsViewing PolicyAdding RulesRemoving RulesResetting PolicySetting Default DecisionApplying TemplatesCrypto BindingStaging and ConfirmationDraft WorkflowExample: Draft → Stage → ConfirmMCP Server ManagementProfile ManagementExample: Save and Switch ProfilesSettingsBackend SyncComplete Command List