Claude Code offers a variety of settings to configure its behavior to meet your needs. You can configure Claude Code by running the /config command when using the interactive REPL.

Settings files

The settings.json file is our official mechanism for configuring Claude Code through hierarchical settings:

  • User settings are defined in ~/.claude/settings.json and apply to all projects.
  • Project settings are saved in your project directory:
    • .claude/settings.json for settings that are checked into source control and shared with your team
    • .claude/settings.local.json for settings that are not checked in, useful for personal preferences and experimentation. Claude Code will configure git to ignore .claude/settings.local.json when it is created.
  • For enterprise deployments of Claude Code, we also support enterprise managed policy settings. These take precedence over user and project settings. System administrators can deploy policies to:
    • macOS: /Library/Application Support/ClaudeCode/managed-settings.json
    • Linux and WSL: /etc/claude-code/managed-settings.json
    • Windows: C:\ProgramData\ClaudeCode\managed-settings.json
Example settings.json
{
  "permissions": {
    "allow": [
      "Bash(npm run lint)",
      "Bash(npm run test:*)",
      "Read(~/.zshrc)"
    ],
    "deny": [
      "Bash(curl:*)",
      "Read(./.env)",
      "Read(./.env.*)",
      "Read(./secrets/**)"
    ]
  },
  "env": {
    "CLAUDE_CODE_ENABLE_TELEMETRY": "1",
    "OTEL_METRICS_EXPORTER": "otlp"
  }
}

Available settings

settings.json supports a number of options:

KeyDescriptionExample
apiKeyHelperCustom script, to be executed in /bin/sh, to generate an auth value. This value will be sent as X-Api-Key and Authorization: Bearer headers for model requests/bin/generate_temp_api_key.sh
cleanupPeriodDaysHow long to locally retain chat transcripts (default: 30 days)20
envEnvironment variables that will be applied to every session{"FOO": "bar"}
includeCoAuthoredByWhether to include the co-authored-by Claude byline in git commits and pull requests (default: true)false
permissionsSee table below for structure of permissions.
hooksConfigure custom commands to run before or after tool executions. See hooks documentation{"PreToolUse": {"Bash": "echo 'Running command...'"}}
modelOverride the default model to use for Claude Code"claude-3-5-sonnet-20241022"
statusLineConfigure a custom status line to display context. See statusLine documentation{"type": "command", "command": "~/.claude/statusline.sh"}
forceLoginMethodUse claudeai to restrict login to Claude.ai accounts, console to restrict login to Anthropic Console (API usage billing) accountsclaudeai
enableAllProjectMcpServersAutomatically approve all MCP servers defined in project .mcp.json filestrue
enabledMcpjsonServersList of specific MCP servers from .mcp.json files to approve["memory", "github"]
disabledMcpjsonServersList of specific MCP servers from .mcp.json files to reject["filesystem"]
awsAuthRefreshCustom script that modifies the .aws directory (see advanced credential configuration)aws sso login --profile myprofile
awsCredentialExportCustom script that outputs JSON with AWS credentials (see advanced credential configuration)/bin/generate_aws_grant.sh

Permission settings

KeysDescriptionExample
allowArray of permission rules to allow tool use[ "Bash(git diff:*)" ]
denyArray of permission rules to deny tool use. Use this to also exclude sensitive files from Claude Code access.[ "WebFetch", "Bash(curl:*)", "Read(./.env)", "Read(./secrets/**)" ]
additionalDirectoriesAdditional working directories that Claude has access to[ "../docs/" ]
defaultModeDefault permission mode when opening Claude Code"acceptEdits"
disableBypassPermissionsModeSet to "disable" to prevent bypassPermissions mode from being activated. See managed policy settings"disable"

Settings precedence

Settings are applied in order of precedence (highest to lowest):

  1. Enterprise managed policies (managed-settings.json)

    • Deployed by IT/DevOps
    • Cannot be overridden

  2. Command line arguments

    • Temporary overrides for a specific session

  3. Local project settings (.claude/settings.local.json)

    • Personal project-specific settings

  4. Shared project settings (.claude/settings.json)

    • Team-shared project settings in source control

  5. User settings (~/.claude/settings.json)

    • Personal global settings

This hierarchy ensures that enterprise security policies are always enforced while still allowing teams and individuals to customize their experience.

Key points about the configuration system

  • Memory files (CLAUDE.md): Contain instructions and context that Claude loads at startup
  • Settings files (JSON): Configure permissions, environment variables, and tool behavior
  • Slash commands: Custom commands that can be invoked during a session with /command-name
  • MCP servers: Extend Claude Code with additional tools and integrations
  • Precedence: Higher-level configurations (Enterprise) override lower-level ones (User/Project)
  • Inheritance: Settings are merged, with more specific settings adding to or overriding broader ones

Excluding sensitive files

To prevent Claude Code from accessing files containing sensitive information (e.g., API keys, secrets, environment files), use the permissions.deny setting in your .claude/settings.json file:

{
  "permissions": {
    "deny": [
      "Read(./.env)",
      "Read(./.env.*)",
      "Read(./secrets/**)",
      "Read(./config/credentials.json)",
      "Read(./build)"
    ]
  }
}

This replaces the deprecated ignorePatterns configuration. Files matching these patterns will be completely invisible to Claude Code, preventing any accidental exposure of sensitive data.

Subagent configuration

Claude Code supports custom AI subagents that can be configured at both user and project levels. These subagents are stored as Markdown files with YAML frontmatter:

  • User subagents: ~/.claude/agents/ - Available across all your projects
  • Project subagents: .claude/agents/ - Specific to your project and can be shared with your team

Subagent files define specialized AI assistants with custom prompts and tool permissions. Learn more about creating and using subagents in the subagents documentation.

Environment variables

Claude Code supports the following environment variables to control its behavior:

All environment variables can also be configured in settings.json. This is useful as a way to automatically set environment variables for each session, or to roll out a set of environment variables for your whole team or organization.

VariablePurpose
ANTHROPIC_API_KEYAPI key sent as X-Api-Key header, typically for the Claude SDK (for interactive usage, run /login)
ANTHROPIC_AUTH_TOKENCustom value for the Authorization header (the value you set here will be prefixed with Bearer )
ANTHROPIC_CUSTOM_HEADERSCustom headers you want to add to the request (in Name: Value format)
ANTHROPIC_MODELName of custom model to use (see Model Configuration)
ANTHROPIC_SMALL_FAST_MODELName of Haiku-class model for background tasks
ANTHROPIC_SMALL_FAST_MODEL_AWS_REGIONOverride AWS region for the small/fast model when using Bedrock
AWS_BEARER_TOKEN_BEDROCKBedrock API key for authentication (see Bedrock API keys)
BASH_DEFAULT_TIMEOUT_MSDefault timeout for long-running bash commands
BASH_MAX_TIMEOUT_MSMaximum timeout the model can set for long-running bash commands
BASH_MAX_OUTPUT_LENGTHMaximum number of characters in bash outputs before they are middle-truncated
CLAUDE_BASH_MAINTAIN_PROJECT_WORKING_DIRReturn to the original working directory after each Bash command
CLAUDE_CODE_API_KEY_HELPER_TTL_MSInterval in milliseconds at which credentials should be refreshed (when using apiKeyHelper)
CLAUDE_CODE_IDE_SKIP_AUTO_INSTALLSkip auto-installation of IDE extensions
CLAUDE_CODE_MAX_OUTPUT_TOKENSSet the maximum number of output tokens for most requests
CLAUDE_CODE_USE_BEDROCKUse Bedrock
CLAUDE_CODE_USE_VERTEXUse Vertex
CLAUDE_CODE_SKIP_BEDROCK_AUTHSkip AWS authentication for Bedrock (e.g. when using an LLM gateway)
CLAUDE_CODE_SKIP_VERTEX_AUTHSkip Google authentication for Vertex (e.g. when using an LLM gateway)
CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFICEquivalent of setting DISABLE_AUTOUPDATER, DISABLE_BUG_COMMAND, DISABLE_ERROR_REPORTING, and DISABLE_TELEMETRY
CLAUDE_CODE_DISABLE_TERMINAL_TITLESet to 1 to disable automatic terminal title updates based on conversation context
DISABLE_AUTOUPDATERSet to 1 to disable automatic updates. This takes precedence over the autoUpdates configuration setting.
DISABLE_BUG_COMMANDSet to 1 to disable the /bug command
DISABLE_COST_WARNINGSSet to 1 to disable cost warning messages
DISABLE_ERROR_REPORTINGSet to 1 to opt out of Sentry error reporting
DISABLE_NON_ESSENTIAL_MODEL_CALLSSet to 1 to disable model calls for non-critical paths like flavor text
DISABLE_TELEMETRYSet to 1 to opt out of Statsig telemetry (note that Statsig events do not include user data like code, file paths, or bash commands)
HTTP_PROXYSpecify HTTP proxy server for network connections
HTTPS_PROXYSpecify HTTPS proxy server for network connections
MAX_THINKING_TOKENSForce a thinking for the model budget
MCP_TIMEOUTTimeout in milliseconds for MCP server startup
MCP_TOOL_TIMEOUTTimeout in milliseconds for MCP tool execution
MAX_MCP_OUTPUT_TOKENSMaximum number of tokens allowed in MCP tool responses (default: 25000)
VERTEX_REGION_CLAUDE_3_5_HAIKUOverride region for Claude 3.5 Haiku when using Vertex AI
VERTEX_REGION_CLAUDE_3_5_SONNETOverride region for Claude 3.5 Sonnet when using Vertex AI
VERTEX_REGION_CLAUDE_3_7_SONNETOverride region for Claude 3.7 Sonnet when using Vertex AI
VERTEX_REGION_CLAUDE_4_0_OPUSOverride region for Claude 4.0 Opus when using Vertex AI
VERTEX_REGION_CLAUDE_4_0_SONNETOverride region for Claude 4.0 Sonnet when using Vertex AI
VERTEX_REGION_CLAUDE_4_1_OPUSOverride region for Claude 4.1 Opus when using Vertex AI

Configuration options

To manage your configurations, use the following commands:

  • List settings: claude config list
  • See a setting: claude config get <key>
  • Change a setting: claude config set <key> <value>
  • Push to a setting (for lists): claude config add <key> <value>
  • Remove from a setting (for lists): claude config remove <key> <value>

By default config changes your project configuration. To manage your global configuration, use the --global (or -g) flag.

Global configuration

To set a global configuration, use claude config set -g <key> <value>:

KeyDescriptionExample
autoUpdatesWhether to enable automatic updates (default: true). When enabled, Claude Code automatically downloads and installs updates in the background. Updates are applied when you restart Claude Code.false
preferredNotifChannelWhere you want to receive notifications (default: iterm2)iterm2, iterm2_with_bell, terminal_bell, or notifications_disabled
themeColor themedark, light, light-daltonized, or dark-daltonized
verboseWhether to show full bash and command outputs (default: false)true

Tools available to Claude

Claude Code has access to a set of powerful tools that help it understand and modify your codebase:

ToolDescriptionPermission Required
BashExecutes shell commands in your environmentYes
EditMakes targeted edits to specific filesYes
GlobFinds files based on pattern matchingNo
GrepSearches for patterns in file contentsNo
LSLists files and directoriesNo
MultiEditPerforms multiple edits on a single file atomicallyYes
NotebookEditModifies Jupyter notebook cellsYes
NotebookReadReads and displays Jupyter notebook contentsNo
ReadReads the contents of filesNo
TaskRuns a sub-agent to handle complex, multi-step tasksNo
TodoWriteCreates and manages structured task listsNo
WebFetchFetches content from a specified URLYes
WebSearchPerforms web searches with domain filteringYes
WriteCreates or overwrites filesYes

Permission rules can be configured using /allowed-tools or in permission settings.

Extending tools with hooks

You can run custom commands before or after any tool executes using Claude Code hooks.

For example, you could automatically run a Python formatter after Claude modifies Python files, or prevent modifications to production configuration files by blocking Write operations to certain paths.

See also