Agent commands. Your AI agent uses this node in workflows. You don’t configure it directly.
Experimental. This node is not extensively tested and may have unexpected behavior. Use with caution in production workflows.
This node requires Claude Code CLI authentication or an Anthropic API key.
Parameters
Prompt parameters
| Parameter | Type | Required | Default | Description |
|---|
prompt | str | Yes | - | The prompt to send to Claude (max 10,000 chars) |
output_schema | dict | No | - | JSON schema for structured output |
Execution parameters
| Parameter | Type | Required | Default | Description |
|---|
cwd | str | No | Current dir | Working directory for Claude |
model | str | No | claude-sonnet-4-5 | Claude model to use |
allowed_tools | list | No | All tools | Permitted tools |
max_turns | int | No | 50 | Maximum conversation turns (1-100) |
max_thinking_tokens | int | No | 8000 | Reasoning budget (1000-100000) |
timeout | int | No | 300 | Execution timeout in seconds (30-3600) |
system_prompt | str | No | - | Custom system instructions |
resume | str | No | - | Session ID to resume a previous conversation |
sandbox | dict | No | - | Sandbox configuration for command isolation |
Sandbox configuration
The sandbox parameter controls command execution isolation. See the Claude Agent SDK sandbox documentation for full details.
| Key | Type | Description |
|---|
enabled | bool | Enable sandbox mode |
autoAllowBashIfSandboxed | bool | Auto-allow bash when sandboxed |
excludedCommands | list | Commands that bypass sandbox (e.g., ["docker"]) |
allowUnsandboxedCommands | bool | Allow model to request unsandboxed execution |
network | dict | Network settings (allowLocalBinding, allowUnixSockets) |
Output
| Key | Type | Description |
|---|
result | str/dict | Response text or parsed schema dict |
_claude_metadata | dict | Execution metadata (cost, duration, turns) |
_schema_error | str | JSON parse error (only if schema provided and parsing failed) |
{
"total_cost_usd": 0.0234,
"duration_ms": 3450,
"session_id": "abc123",
"usage": {
"input_tokens": 1500,
"output_tokens": 450,
"cache_creation_input_tokens": 0,
"cache_read_input_tokens": 0
}
}
Authentication
Install and authenticate Claude Code CLI:npm install -g @anthropic-ai/claude-code
claude auth login
Set the ANTHROPIC_API_KEY environment variable:pflow settings set-env ANTHROPIC_API_KEY "sk-ant-..."
Structured output
Use output_schema to get structured JSON responses:
### review
Review code for security issues and return structured results.
- type: claude-code
- prompt: Review this code for security issues: ${code.content}
```yaml output_schema
risk_level:
type: str
description: high, medium, or low
issues:
type: list
description: List of security issues found
score:
type: int
description: Security score 1-10
```
${review.result.risk_level} → "medium"
${review.result.issues} → ["SQL injection risk", "Missing input validation"]
${review.result.score} → 6
Schema field types
| Type | Description |
|---|
str | Text string |
int | Integer number |
bool | Boolean value |
list | Array/list |
dict | Object/dictionary |
Examples
Code generation
### generate
Write a Python function to calculate Fibonacci numbers.
- type: claude-code
- prompt: Write a Python function to calculate Fibonacci numbers
- max_turns: 1
Code review with structured output
### read
Read the authentication source code.
- type: read-file
- file_path: src/auth.py
### review
Review the authentication code and return structured findings.
- type: claude-code
- prompt: Review this authentication code: ${read.content}
```yaml output_schema
issues:
type: list
description: Problems found
suggestions:
type: list
description: Improvements
approved:
type: bool
description: Ready for production
```
File modification with sandbox
### refactor
Refactor the User class to use dataclasses.
- type: claude-code
- prompt: Refactor the User class to use dataclasses
- cwd: /path/to/project
- allowed_tools: ["Read", "Write", "Edit"]
```yaml sandbox
enabled: true
autoAllowBashIfSandboxed: true
excludedCommands:
- docker
```
allowed_tools:
| Tool | Capability |
|---|
Read | Read files |
Write | Create new files |
Edit | Modify existing files |
Bash | Execute shell commands |
Task | Spawn subagents |
Glob | Find files by pattern |
Grep | Search file contents |
LS | List directory contents |
WebFetch | Fetch web content |
WebSearch | Search the web |
["Read", "Glob", "Grep", "LS"]. For full capability, leave unset (default allows all tools).
Limitations
- Restricted directories: Cannot use
/, /etc, /usr, /bin, /sbin, /lib, /sys, /proc as working directory
- Timeout: 5 minutes (300 seconds) default, configurable up to 1 hour
- Cost: More expensive than simple LLM calls - use for tasks that need file access and iteration
Error handling
| Error | Cause | Solution |
|---|
| CLI not found | Claude Code not installed | npm install -g @anthropic-ai/claude-code |
| Connection error | Auth issue | Run claude auth login or set API key |
| Timeout | Task too complex | Increase timeout or simplify prompt |
| Rate limit | Too many requests | Wait and retry |
