Claude Code Settings
Configuration file for Claude Code
| Type | object |
|---|---|
| File match |
**/.claude/settings.json
|
| Schema URL | https://catalog.lintel.tools/schemas/schemastore/claude-code-settings/latest.json |
| Source | https://www.schemastore.org/claude-code-settings.json |
Validate with Lintel
npx @lintel/lintel checkConfiguration settings for Claude Code. Learn more: https://code.claude.com/docs/en/settings
Properties
JSON Schema reference for Claude Code settings
Path to a script that outputs authentication values
Enable automatic memory saves that capture useful context to .claude/memory/. Also configurable via CLAUDE_CODE_DISABLE_AUTO_MEMORY environment variable (set to 1 to disable, 0 to enable). See https://code.claude.com/docs/en/memory#auto-memory
Release channel to follow for updates. Use "stable" for a version that is typically about one week old and skips versions with major regressions, or "latest" (default) for the most recent release. Set DISABLE_AUTOUPDATER=1 to disable updates entirely.
Path to a script that exports AWS credentials
Path to a script that refreshes AWS authentication
Glob patterns for CLAUDE.md files to exclude from loading. Useful in monorepos to skip irrelevant instructions from other teams. Patterns match against absolute file paths. Arrays merge across settings layers. Managed policy CLAUDE.md files cannot be excluded. See https://code.claude.com/docs/en/memory#exclude-specific-claudemd-files
Number of days to retain chat transcripts (0 to disable cleanup)
Environment variables to set for Claude Code sessions. Many environment variables provide settings dimensions not available as dedicated settings.json properties (e.g., thinking tokens, prompt caching, bash timeouts, shell configuration). See https://code.claude.com/docs/en/settings#environment-variables for the full list. UNDOCUMENTED: CLAUDE_CODE_PLUGIN_GIT_TIMEOUT_MS (plugin marketplace git timeout in ms, default 120000, see https://github.com/anthropics/claude-code/blob/main/CHANGELOG.md#2151). UNDOCUMENTED: ENABLE_CLAUDEAI_MCP_SERVERS (set to false to opt out of claude.ai MCP servers, see https://github.com/anthropics/claude-code/blob/main/CHANGELOG.md#2163).
{}Customize attribution for git commits and pull requests. See https://code.claude.com/docs/en/settings#attribution-settings
2 nested properties
Attribution for git commits, including any trailers. Empty string hides commit attribution
Attribution for pull request descriptions. Empty string hides pull request attribution
Include built-in git commit and PR workflow instructions in Claude's system prompt. Also configurable via CLAUDE_CODE_DISABLE_GIT_INSTRUCTIONS environment variable (set to 1 to disable). See https://code.claude.com/docs/en/settings#available-settings
DEPRECATED. Use 'attribution' instead. Whether to include the co-authored-by Claude byline in git commits and pull requests (default: true)
Customize where plan files are stored. Path is relative to project root (default: ~/.claude/plans)
Control whether the @ file picker respects .gitignore patterns. When true (default), files matching .gitignore patterns are excluded from suggestions
Tool usage permissions configuration. See https://code.claude.com/docs/en/permissions and https://code.claude.com/docs/en/settings#permission-settings See https://code.claude.com/docs/en/settings#tools-available-to-claude for full list of tools available to Claude.
6 nested properties
List of permission rules that should always prompt for confirmation
Default permission mode. "default": prompts on first use. "acceptEdits": auto-accepts file edits. "plan": read-only, no modifications. UNDOCUMENTED. "delegate": coordination-only for agent team leads (agent teams are experimental; enable via CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS). "dontAsk": auto-denies unless pre-approved via permissions. "bypassPermissions": skips all prompts (use only in isolated environments). See https://code.claude.com/docs/en/permissions
Disable the ability to bypass permission prompts
Additional directories to include in the permission scope
Preferred language for Claude's responses
Override the default model used by Claude Code. For finer control, use environment variables: ANTHROPIC_MODEL (runtime override), ANTHROPIC_DEFAULT_OPUS_MODEL, ANTHROPIC_DEFAULT_SONNET_MODEL, ANTHROPIC_DEFAULT_HAIKU_MODEL (per-class pinning), CLAUDE_CODE_SUBAGENT_MODEL (subagent model). See https://code.claude.com/docs/en/model-config
Restrict which models users can select. When defined at multiple settings levels (user, project, etc.), arrays are merged and deduplicated. See https://code.claude.com/docs/en/model-config#restrict-model-selection
Map Anthropic model IDs to provider-specific model IDs such as Bedrock inference profile ARNs, Vertex AI version names, or Foundry deployment names. Each model picker entry uses its mapped value when calling the provider API. Unknown keys are ignored. See https://code.claude.com/docs/en/model-config#override-model-ids-per-version
Control Opus 4.6 adaptive reasoning effort. Lower effort is faster and cheaper for straightforward tasks, higher effort provides deeper reasoning. Defaults vary by model and plan (Opus 4.6 defaults to medium for Max and Team subscribers). Use /effort auto to reset to model default. Also configurable via CLAUDE_CODE_EFFORT_LEVEL environment variable. See https://code.claude.com/docs/en/model-config#adjust-effort-level
Enable fast mode for Opus 4.6 (research preview). Fast mode uses the same model with 2.5x faster output at higher per-token cost. Requires extra usage enabled. Alternatively, toggle with /fast command. See https://code.claude.com/docs/en/fast-mode
Require per-session opt-in for fast mode. When true, fast mode does not persist across sessions and users must enable it with /fast each session. Useful for controlling costs. See https://code.claude.com/docs/en/fast-mode
Probability (0–1) that the session quality survey appears when eligible. A value of 0.05 means 5% of eligible sessions. See https://code.claude.com/docs/en/settings
Whether to automatically approve all MCP servers in the project. See https://code.claude.com/docs/en/mcp
List of approved MCP servers from .mcp.json. See https://code.claude.com/docs/en/mcp
List of rejected MCP servers from .mcp.json. See https://code.claude.com/docs/en/mcp
Enterprise allowlist of MCP servers that can be used. Applies to all scopes including enterprise servers from managed-mcp.json. If undefined, all servers are allowed. If empty array, no servers are allowed. Denylist takes precedence - if a server is on both lists, it is denied. See https://code.claude.com/docs/en/mcp#restriction-options
Enterprise denylist of MCP servers that are explicitly blocked. If a server is on the denylist, it will be blocked across all scopes including enterprise. Denylist takes precedence over allowlist - if a server is on both lists, it is denied. See https://code.claude.com/docs/en/mcp#restriction-options
Allowlist of environment variable names HTTP hooks may interpolate into headers. When set, each hook's effective allowedEnvVars is the intersection with this list. Undefined = no restriction. Arrays merge across settings sources. See https://code.claude.com/docs/en/settings#hook-configuration
Custom commands to run before/after tool executions. See https://code.claude.com/docs/en/hooks
22 nested properties
Hooks that run before tool calls
Hooks that run after tool completion
Hooks that run after a tool fails
Hooks that run when a permission dialog appears
Hooks that trigger on notifications
Hooks that run when a user submits a prompt
Hooks that run when agents finish responding. Does not run on user interrupt
Hooks that run when a subagent is spawned
Hooks that run when subagents finish responding
Hooks that run before the context is compacted
Hooks that run after the context is compacted. See https://code.claude.com/docs/en/hooks
Hooks that run when an MCP server requests user input during a tool call. See https://code.claude.com/docs/en/hooks
Hooks that run after a user responds to an MCP elicitation, before the response is sent back to the server. See https://code.claude.com/docs/en/hooks
Hooks that run when an agent team teammate is about to go idle. Exit code 2 sends feedback and keeps the teammate working. Does not support matchers. Agent teams are experimental. See https://code.claude.com/docs/en/hooks#teammateidle
Hooks that run when a task is being marked as completed. Exit code 2 prevents completion and sends feedback. Does not support matchers. See https://code.claude.com/docs/en/hooks#taskcompleted
UNDOCUMENTED. Hooks that run during repository initialization (--init, --init-only) or maintenance (--maintenance)
Hooks that run when a CLAUDE.md or .claude/rules/*.md file is loaded into context. Fires at session start and when files are lazily loaded (e.g., nested traversal, path glob match). No decision control; used for audit logging and observability. Does not support matchers. See https://code.claude.com/docs/en/hooks#instructionsloaded
Hooks that run when settings, managed settings, or skill files change during a session. Supports matchers: user_settings, project_settings, local_settings, policy_settings, skills. Command handlers only. Exit code 2 blocks the change (except policy_settings which is audit-only). See https://code.claude.com/docs/en/hooks#configchange
Hooks that run when a worktree is created via --worktree or isolation: "worktree" in subagents. Command handlers only, no matchers. Hook must print absolute path to created worktree on stdout; non-zero exit fails creation. See https://code.claude.com/docs/en/hooks#worktreecreate
Hooks that run when a worktree is being removed at session exit or when a subagent finishes. Command handlers only, no matchers. Used for cleanup tasks; cannot block removal. See https://code.claude.com/docs/en/hooks#worktreeremove
Hooks that run when a new session starts
Hooks that run when a session ends
Disable all hooks and statusLine execution. When true in managed settings, user and project-level disableAllHooks cannot override it. See https://code.claude.com/docs/en/hooks#disable-or-remove-hooks
Allowlist of URL patterns that HTTP hooks may target. Supports * as a wildcard. When set, hooks with non-matching URLs are blocked. Undefined = no restriction, empty array = block all HTTP hooks. Arrays merge across settings sources. See https://code.claude.com/docs/en/settings#hook-configuration
(Managed settings only) Prevent loading of user, project, and plugin hooks. Only allows managed hooks and SDK hooks. See https://code.claude.com/docs/en/settings#hook-configuration
(Managed settings only) Prevent user and project settings from defining allow, ask, or deny permission rules. Only rules in managed settings apply. See https://code.claude.com/docs/en/settings#permission-settings
Custom status line display configuration. See https://code.claude.com/docs/en/statusline
3 nested properties
The type of status line handler; must be set to "command" to run a custom shell script that receives JSON session data via stdin.
A shell command or path to a script that displays session information (context usage, costs, git status, etc.) by reading JSON data from stdin and writing output to stdout. See https://code.claude.com/docs/en/statusline
Optional number of extra horizontal spacing characters added to the status line content; defaults to 0.
Configure a custom script for @ file autocomplete. See https://code.claude.com/docs/en/settings#file-suggestion-settings
2 nested properties
The type of file suggestion handler; must be set to "command" to execute a custom shell script that generates file suggestions for the @ file picker.
Shell command to execute for file suggestions
Enabled plugins using plugin-id@marketplace-id format. Example: { "formatter@anthropic-tools": true }. See https://code.claude.com/docs/en/plugins
Additional marketplaces to make available for this repository. Typically used in repository .claude/settings.json to ensure team members have required plugin sources. See https://code.claude.com/docs/en/plugin-marketplaces
(Managed settings only) Allowlist of plugin marketplaces users can add. Undefined = no restrictions, empty array = lockdown. Uses exact matching for source specifications. See https://code.claude.com/docs/en/settings#strictknownmarketplaces
List of marketplace names the user has chosen not to install when prompted
List of plugin IDs (plugin@marketplace format) the user has chosen not to install when prompted
Force a specific login method: "claudeai" for Claude Pro/Max, "console" for Console billing
Organization UUID to use for OAuth login
Path to a script that outputs OpenTelemetry headers
Controls the output style for assistant responses. Built-in styles: default, Explanatory, Learning. Custom styles can be added in ~/.claude/output-styles/ or .claude/output-styles/. See https://code.claude.com/docs/en/output-styles
Skip the WebFetch blocklist check for enterprise environments with restrictive security policies
Sandbox execution configuration. See https://code.claude.com/docs/en/sandboxing
9 nested properties
Configures network isolation settings for the sandboxed bash environment, including domain restrictions, Unix socket access, and custom proxy configuration.
7 nested properties
Allow Unix domain sockets for local IPC (SSH agent, Docker, etc.). Provide an array of specific paths. Defaults to blocking if not specified
Allow binding to local network addresses (e.g., localhost ports). Defaults to false if not specified
HTTP proxy port to use for network filtering. If not specified, a proxy server will be started automatically
SOCKS proxy port to use for network filtering. If not specified, a proxy server will be started automatically
Allow all Unix domain socket connections. If true, this overrides allowUnixSockets
Allowlist of network domains for sandboxed commands. Supports wildcard patterns like *.example.com
(Managed settings only) Only allowedDomains and WebFetch(domain:...) allow rules from managed settings are respected. User, project, local, and flag settings domains are ignored. Denied domains are still respected from all sources. Non-allowed domains are automatically blocked without user prompts.
Map of command patterns to filesystem paths to ignore violations for. Use "*" to match all commands
Commands that should never run in the sandbox (e.g., ["git", "docker"])
Automatically allow bash commands without prompting when they run in the sandbox. Only applies to commands that will run sandboxed.
macOS only. Allow access to the system TLS trust service (com.apple.trustd.agent) in the sandbox. Required for Go-based tools like gh, gcloud, and terraform to verify TLS certificates when using httpProxyPort with a MITM proxy and custom CA. Reduces security by opening a potential data exfiltration path. Default: false. See https://code.claude.com/docs/en/settings#sandbox-settings
Enable weaker sandbox mode for unprivileged docker environments where --proc mounting fails. This significantly reduces the strength of the sandbox and should only be used when this risk is acceptable.Default: false (secure).
Allow commands to run outside the sandbox via the dangerouslyDisableSandbox parameter. When false, the dangerouslyDisableSandbox parameter is completely ignored and all commands must run sandboxed. Default: true.
Enable sandboxed bash
Filesystem access control for sandboxed commands. See https://code.claude.com/docs/en/sandboxing#filesystem-isolation
5 nested properties
Paths where subprocesses are allowed to write. Supports prefixes: // (absolute), ~/ (home directory), / (relative to settings file), ./ or no prefix (relative path)
Paths where subprocesses are explicitly denied write access. Takes precedence over allowWrite
Paths where subprocesses are explicitly denied read access
Paths to re-allow reading within denyRead regions. Takes precedence over denyRead for matching paths
When true (managed settings only), only allowRead paths from managed settings are used
Customize the verbs shown in spinner progress messages
2 nested properties
Custom verbs used in spinner progress text
How to combine custom verbs with default spinner verbs: 'append' adds custom verbs to the default list, 'replace' uses only custom verbs
Show tips in the spinner while Claude is working. Set to false to disable tips (default: true)
Customize the tips displayed in the spinner while Claude is working. See https://code.claude.com/docs/en/settings#available-settings
2 nested properties
Custom tip strings to display in the spinner
If true, only show custom tips. If false or absent, custom tips merge with built-in tips
Enable the terminal progress bar that shows progress in supported terminals like Windows Terminal and iTerm2 (default: true)
Show turn duration messages after responses (e.g., "Cooked for 1m 6s"). Set to false to hide these messages (default: true)
Reduce or disable UI animations (spinners, shimmer, flash effects) for accessibility
Enable extended thinking by default for all sessions. Typically configured via the /config command rather than editing directly. See https://code.claude.com/docs/en/common-workflows#use-extended-thinking-thinking-mode
Company announcements to display at startup (one will be randomly selected if multiple are provided)
How agent team teammates display: "auto" picks split panes in tmux or iTerm2, in-process otherwise. Agent teams are experimental and disabled by default. Enable them by adding CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS to your settings.json or environment. See https://code.claude.com/docs/en/agent-teams
Configuration for --worktree sessions. See https://code.claude.com/docs/en/settings
1 nested properties
Directories to check out in each worktree via git sparse-checkout (cone mode). Only the listed paths are written to disk, which is faster in large monorepos.
(Managed settings only) Custom message appended to the plugin trust warning shown before installation. Use to provide organization-specific context about approved plugins. See https://code.claude.com/docs/en/settings#plugin-settings
Per-plugin configuration including MCP server user configs, keyed by plugin ID (plugin@marketplace format). See https://code.claude.com/docs/en/plugins
(Managed settings only) Only allowedMcpServers from managed settings are respected. deniedMcpServers still merges from all sources. Users can still add their own MCP servers, but only the admin-defined allowlist applies.
(Managed settings only) Blocklist of marketplace sources. These exact sources are blocked from being added as marketplaces. The check happens before downloading, so blocked sources never touch the filesystem.
Definitions
Tool permission rule. See https://code.claude.com/docs/en/settings#permission-rule-syntax See https://code.claude.com/docs/en/settings#tools-available-to-claude for full list of tools available to Claude.
"Bash""Bash(npm run build)""Bash(git commit *)""Bash(npm run *)""Bash(ls*)""Bash(git * main)""Edit""Edit(/src/**/*.ts)""Read(./.env)""Read(./secrets/**)""Read(//Users/alice/secrets/**)""Read(~/Documents/*.pdf)""Agent(Explore)""WebFetch""WebFetch(domain:example.com)""mcp__puppeteer""mcp__github__search_repositories"
Hook matcher configuration with multiple hooks
Array of hooks to execute
Optional pattern to match event contexts, case-sensitive. Behavior depends on event type. See https://code.claude.com/docs/en/hooks#matcher-patterns for event-specific details and examples