azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1ae25626267c37d8b5c914e2266cad351d762cd2
claudetools/imported-conversations/general-work/claude-projects/agent-abceac8.jsonl
Mike Swanson 75ce1c2fd5 feat: Add Sequential Thinking to Code Review + Frontend Validation 
Enhanced code review and frontend validation with intelligent triggers:

Code Review Agent Enhancement:
- Added Sequential Thinking MCP integration for complex issues
- Triggers on 2+ rejections or 3+ critical issues
- New escalation format with root cause analysis
- Comprehensive solution strategies with trade-off evaluation
- Educational feedback to break rejection cycles
- Files: .claude/agents/code-review.md (+308 lines)
- Docs: CODE_REVIEW_ST_ENHANCEMENT.md, CODE_REVIEW_ST_TESTING.md

Frontend Design Skill Enhancement:
- Automatic invocation for ANY UI change
- Comprehensive validation checklist (200+ checkpoints)
- 8 validation categories (visual, interactive, responsive, a11y, etc.)
- 3 validation levels (quick, standard, comprehensive)
- Integration with code review workflow
- Files: .claude/skills/frontend-design/SKILL.md (+120 lines)
- Docs: UI_VALIDATION_CHECKLIST.md (462 lines), AUTOMATIC_VALIDATION_ENHANCEMENT.md (587 lines)

Settings Optimization:
- Repaired .claude/settings.local.json (fixed m365 pattern)
- Reduced permissions from 49 to 33 (33% reduction)
- Removed duplicates, sorted alphabetically
- Created SETTINGS_PERMISSIONS.md documentation

Checkpoint Command Enhancement:
- Dual checkpoint system (git + database)
- Saves session context to API for cross-machine recall
- Includes git metadata in database context
- Files: .claude/commands/checkpoint.md (+139 lines)

Decision Rationale:
- Sequential Thinking MCP breaks rejection cycles by identifying root causes
- Automatic frontend validation catches UI issues before code review
- Dual checkpoints enable complete project memory across machines
- Settings optimization improves maintainability

Total: 1,200+ lines of documentation and enhancements

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-17 16:23:52 -07:00

11 lines
238 KiB
JSON
Raw Blame History

{"parentUuid":null,"isSidechain":true,"userType":"external","cwd":"C:\\Users\\MikeSwanson\\claude-projects","sessionId":"80ae4b0b-7fe1-4f71-a1fb-cfb90e991a13","version":"2.1.1","gitBranch":"main","agentId":"abceac8","type":"user","message":{"role":"user","content":"The user is asking about \"AutoCoder\" and how to enable permissions for Claude to do things like web searches. They may be referring to Claude Code. \n\nFind information about:\n1. How to enable/configure permissions in Claude Code for web searches and other tools\n2. The settings files and permission formats (like Bash(command:*), WebFetch, WebSearch permissions)\n3. How to configure \"always allow\" permissions\n\nFocus on practical configuration steps."},"uuid":"0aa8901a-6601-4a78-aa72-9d9ae68d48b3","timestamp":"2026-01-08T16:22:55.373Z"}
{"parentUuid":"0aa8901a-6601-4a78-aa72-9d9ae68d48b3","isSidechain":true,"userType":"external","cwd":"C:\\Users\\MikeSwanson\\claude-projects","sessionId":"80ae4b0b-7fe1-4f71-a1fb-cfb90e991a13","version":"2.1.1","gitBranch":"main","agentId":"abceac8","message":{"model":"claude-haiku-4-5-20251001","id":"msg_017vu29CxfgWqSfYs6NWYa1N","type":"message","role":"assistant","content":[{"type":"text","text":"I'll help you understand how to enable permissions in Claude Code for web searches and other tools. Let me fetch the official Claude Code documentation."}],"stop_reason":null,"stop_sequence":null,"usage":{"input_tokens":3,"cache_creation_input_tokens":7400,"cache_read_input_tokens":0,"cache_creation":{"ephemeral_5m_input_tokens":7400,"ephemeral_1h_input_tokens":0},"output_tokens":1,"service_tier":"standard"}},"requestId":"req_011CWvDftdbLSdrBySPbBteY","type":"assistant","uuid":"32984353-d64f-4fc9-900d-b5d323eddbc1","timestamp":"2026-01-08T16:22:57.186Z"}
{"parentUuid":"32984353-d64f-4fc9-900d-b5d323eddbc1","isSidechain":true,"userType":"external","cwd":"C:\\Users\\MikeSwanson\\claude-projects","sessionId":"80ae4b0b-7fe1-4f71-a1fb-cfb90e991a13","version":"2.1.1","gitBranch":"main","agentId":"abceac8","message":{"model":"claude-haiku-4-5-20251001","id":"msg_017vu29CxfgWqSfYs6NWYa1N","type":"message","role":"assistant","content":[{"type":"tool_use","id":"toolu_01W3wBvSWrm7s5XEwcbme5gm","name":"WebFetch","input":{"url":"https://code.claude.com/docs/en/claude_code_docs_map.md","prompt":"permissions settings configuration allow deny ask"}}],"stop_reason":null,"stop_sequence":null,"usage":{"input_tokens":3,"cache_creation_input_tokens":7400,"cache_read_input_tokens":0,"cache_creation":{"ephemeral_5m_input_tokens":7400,"ephemeral_1h_input_tokens":0},"output_tokens":124,"service_tier":"standard"}},"requestId":"req_011CWvDftdbLSdrBySPbBteY","type":"assistant","uuid":"6f7e1bfc-97ed-4b3d-9a50-23ad6656ce17","timestamp":"2026-01-08T16:22:57.821Z"}
{"parentUuid":"6f7e1bfc-97ed-4b3d-9a50-23ad6656ce17","isSidechain":true,"userType":"external","cwd":"C:\\Users\\MikeSwanson\\claude-projects","sessionId":"80ae4b0b-7fe1-4f71-a1fb-cfb90e991a13","version":"2.1.1","gitBranch":"main","agentId":"abceac8","type":"user","message":{"role":"user","content":[{"tool_use_id":"toolu_01W3wBvSWrm7s5XEwcbme5gm","type":"tool_result","content":"# null\n\n# Claude Code Documentation Map\n\nThis is a comprehensive map of all Claude Code documentation pages with their headings, designed for easy navigation by LLMs.\n\n> **Note:** This file is auto-generated by GitHub Actions. Do not edit manually.\n> Last updated: 2025-11-06 00:10:13 UTC\n\n## Document Structure\n\nThis map uses a hierarchical structure:\n\n* **##** marks documentation groups (e.g., 'Getting started')\n* **###** marks individual documentation pages\n* **Nested bullets** show the heading structure within each page\n* Each page title links to the full documentation\n\n## Getting started\n\n### [overview](https://code.claude.com/docs/en/overview.md)\n\n* Get started in 30 seconds\n* What Claude Code does for you\n* Why developers love Claude Code\n* Next steps\n* Additional resources\n\n### [quickstart](https://code.claude.com/docs/en/quickstart.md)\n\n* Before you begin\n* Step 1: Install Claude Code\n* Step 2: Log in to your account\n* Step 3: Start your first session\n* Step 4: Ask your first question\n* Step 5: Make your first code change\n* Step 6: Use Git with Claude Code\n* Step 7: Fix a bug or add a feature\n* Step 8: Test out other common workflows\n* Essential commands\n* Pro tips for beginners\n* What's next?\n* Getting help\n\n### [common-workflows](https://code.claude.com/docs/en/common-workflows.md)\n\n* Understand new codebases\n * Get a quick codebase overview\n * Find relevant code\n* Fix bugs efficiently\n* Refactor code\n* Use specialized subagents\n* Use Plan Mode for safe code analysis\n * When to use Plan Mode\n * How to use Plan Mode\n * Example: Planning a complex refactor\n * Configure Plan Mode as default\n* Work with tests\n* Create pull requests\n* Handle documentation\n* Work with images\n* Reference files and directories\n* Use extended thinking\n* Resume previous conversations\n* Run parallel Claude Code sessions with Git worktrees\n* Use Claude as a unix-style utility\n * Add Claude to your verification process\n * Pipe in, pipe out\n * Control output format\n* Create custom slash commands\n * Create project-specific commands\n * Add command arguments with \\$ARGUMENTS\n * Create personal slash commands\n* Ask Claude about its capabilities\n * Example questions\n* Next steps\n\n### [claude-code-on-the-web](https://code.claude.com/docs/en/claude-code-on-the-web.md)\n\n* What is Claude Code on the web?\n* Who can use Claude Code on the web?\n* Getting started\n* How it works\n* Moving tasks between web and terminal\n * From web to terminal\n* Cloud environment\n * Default image\n * Checking available tools\n * Language-specific setups\n * Environment configuration\n * Dependency management\n * Local vs remote execution\n * Persisting environment variables\n* Network access and security\n * Network policy\n * GitHub proxy\n * Security proxy\n * Access levels\n * Default allowed domains\n * Anthropic Services\n * Version Control\n * Container Registries\n * Cloud Platforms\n * Package Managers - JavaScript/Node\n * Package Managers - Python\n * Package Managers - Ruby\n * Package Managers - Rust\n * Package Managers - Go\n * Package Managers - JVM\n * Package Managers - Other Languages\n * Linux Distributions\n * Development Tools & Platforms\n * Cloud Services & Monitoring\n * Content Delivery & Mirrors\n * Schema & Configuration\n * Security best practices for customized network access\n* Security and isolation\n* Pricing and rate limits\n* Limitations\n* Best practices\n* Related resources\n\n## Build with Claude Code\n\n### [sub-agents](https://code.claude.com/docs/en/sub-agents.md)\n\n* What are subagents?\n* Key benefits\n* Quick start\n* Subagent configuration\n * File locations\n * Plugin agents\n * CLI-based configuration\n * File format\n * Configuration fields\n * Model selection\n * Available tools\n* Managing subagents\n * Using the /agents command (Recommended)\n * Direct file management\n* Using subagents effectively\n * Automatic delegation\n * Explicit invocation\n* Built-in subagents\n * Plan subagent\n* Example subagents\n * Code reviewer\n * Debugger\n * Data scientist\n* Best practices\n* Advanced usage\n * Chaining subagents\n * Dynamic subagent selection\n * Resumable subagents\n* Performance considerations\n* Related documentation\n\n### [plugins](https://code.claude.com/docs/en/plugins.md)\n\n* Quickstart\n * Prerequisites\n * Create your first plugin\n* Hello Command\n * Plugin structure overview\n * Install and manage plugins\n * Prerequisites\n * Add marketplaces\n * Install plugins\n * Via interactive menu (recommended for discovery)\n * Via direct commands (for quick installation)\n * Verify installation\n * Set up team plugin workflows\n * Develop more complex plugins\n * Add Skills to your plugin\n * Organize complex plugins\n * Test your plugins locally\n * Debug plugin issues\n * Share your plugins\n * Next steps\n * For plugin users\n * For plugin developers\n * For team leads and administrators\n * See also\n\n### [skills](https://code.claude.com/docs/en/skills.md)\n\n* Prerequisites\n* What are Agent Skills?\n* Create a Skill\n * Personal Skills\n * Project Skills\n * Plugin Skills\n* Write SKILL.md\n* Add supporting files\n* Restrict tool access with allowed-tools\n* View available Skills\n* Test a Skill\n* Debug a Skill\n * Make description specific\n * Verify file path\n * Check YAML syntax\n * View errors\n* Share Skills with your team\n * Step 1: Add Skill to your project\n * Step 2: Commit to git\n * Step 3: Team members get Skills automatically\n* Update a Skill\n* Remove a Skill\n* Best practices\n * Keep Skills focused\n * Write clear descriptions\n * Test with your team\n * Document Skill versions\n* Troubleshooting\n * Claude doesn't use my Skill\n * Skill has errors\n * Multiple Skills conflict\n* Examples\n * Simple Skill (single file)\n * Skill with tool permissions\n * Multi-file Skill\n* Next steps\n\n### [output-styles](https://code.claude.com/docs/en/output-styles.md)\n\n* Built-in output styles\n* How output styles work\n* Change your output style\n* Create a custom output style\n* Comparisons to related features\n * Output Styles vs. CLAUDE.md vs. --append-system-prompt\n * Output Styles vs. [Agents](/en/sub-agents)\n * Output Styles vs. [Custom Slash Commands](/en/slash-commands)\n\n### [hooks-guide](https://code.claude.com/docs/en/hooks-guide.md)\n\n* Hook Events Overview\n* Quickstart\n * Prerequisites\n * Step 1: Open hooks configuration\n * Step 2: Add a matcher\n * Step 3: Add the hook\n * Step 4: Save your configuration\n * Step 5: Verify your hook\n * Step 6: Test your hook\n* More Examples\n * Code Formatting Hook\n * Markdown Formatting Hook\n * Custom Notification Hook\n * File Protection Hook\n* Learn more\n\n### [headless](https://code.claude.com/docs/en/headless.md)\n\n* Overview\n* Basic usage\n* Configuration Options\n* Multi-turn conversations\n* Output Formats\n * Text Output (Default)\n * JSON Output\n * Streaming JSON Output\n* Input Formats\n * Text Input (Default)\n * Streaming JSON Input\n* Agent Integration Examples\n * SRE Incident Response Bot\n * Automated Security Review\n * Multi-turn Legal Assistant\n* Best Practices\n* Related Resources\n\n### [github-actions](https://code.claude.com/docs/en/github-actions.md)\n\n* Why use Claude Code GitHub Actions?\n* What can Claude do?\n * Claude Code Action\n* Setup\n* Quick setup\n* Manual setup\n* Upgrading from Beta\n * Essential changes\n * Breaking Changes Reference\n * Before and After Example\n* Example use cases\n * Basic workflow\n * Using slash commands\n * Custom automation with prompts\n * Common use cases\n* Best practices\n * CLAUDE.md configuration\n * Security considerations\n * Optimizing performance\n * CI costs\n* Configuration examples\n* Using with AWS Bedrock & Google Vertex AI\n * Prerequisites\n * For Google Cloud Vertex AI:\n * For AWS Bedrock:\n* Troubleshooting\n * Claude not responding to @claude commands\n * CI not running on Claude's commits\n * Authentication errors\n* Advanced configuration\n * Action parameters\n * Using claude\\_args\n * Alternative integration methods\n * Customizing Claude's behavior\n\n### [gitlab-ci-cd](https://code.claude.com/docs/en/gitlab-ci-cd.md)\n\n* Why use Claude Code with GitLab?\n* How it works\n* What can Claude do?\n* Setup\n * Quick setup\n * Manual setup (recommended for production)\n* Example use cases\n * Turn issues into MRs\n * Get implementation help\n * Fix bugs quickly\n* Using with AWS Bedrock & Google Vertex AI\n* Configuration examples\n * Basic .gitlab-ci.yml (Claude API)\n * AWS Bedrock job example (OIDC)\n * Google Vertex AI job example (Workload Identity Federation)\n* Best practices\n * CLAUDE.md configuration\n * Security considerations\n * Optimizing performance\n * CI costs\n* Security and governance\n* Troubleshooting\n * Claude not responding to @claude commands\n * Job can't write comments or open MRs\n * Authentication errors\n* Advanced configuration\n * Common parameters and variables\n * Customizing Claude's behavior\n\n### [mcp](https://code.claude.com/docs/en/mcp.md)\n\n* What you can do with MCP\n* Popular MCP servers\n* Installing MCP servers\n * Option 1: Add a remote HTTP server\n * Option 2: Add a remote SSE server\n * Option 3: Add a local stdio server\n * Managing your servers\n * Plugin-provided MCP servers\n* MCP installation scopes\n * Local scope\n * Project scope\n * User scope\n * Choosing the right scope\n * Scope hierarchy and precedence\n * Environment variable expansion in `.mcp.json`\n* Practical examples\n * Example: Monitor errors with Sentry\n * Example: Connect to GitHub for code reviews\n * Example: Query your PostgreSQL database\n* Authenticate with remote MCP servers\n* Add MCP servers from JSON configuration\n* Import MCP servers from Claude Desktop\n* Use Claude Code as an MCP server\n* MCP output limits and warnings\n* Use MCP resources\n * Reference MCP resources\n* Use MCP prompts as slash commands\n * Execute MCP prompts\n* Managed MCP configuration\n * Setting up enterprise MCP configuration\n * Restricting MCP servers with allowlists and denylists\n\n### [migration-guide](https://code.claude.com/docs/en/migration-guide.md)\n\n* Overview\n* What's Changed\n* Migration Steps\n * For TypeScript/JavaScript Projects\n * For Python Projects\n* Breaking changes\n * Python: ClaudeCodeOptions renamed to ClaudeAgentOptions\n * System prompt no longer default\n * Settings Sources No Longer Loaded by Default\n* Why the Rename?\n* Getting Help\n* Next Steps\n\n### [troubleshooting](https://code.claude.com/docs/en/troubleshooting.md)\n\n* Common installation issues\n * Windows installation issues: errors in WSL\n * Linux and Mac installation issues: permission or command not found errors\n * Recommended solution: Native Claude Code installation\n* Permissions and authentication\n * Repeated permission prompts\n * Authentication issues\n* Performance and stability\n * High CPU or memory usage\n * Command hangs or freezes\n * Search and discovery issues\n * Slow or incomplete search results on WSL\n* IDE integration issues\n * JetBrains IDE not detected on WSL2\n * WSL2 networking modes\n * Reporting Windows IDE integration issues (both native and WSL)\n * ESC key not working in JetBrains (IntelliJ, PyCharm, etc.) terminals\n* Markdown formatting issues\n * Missing language tags in code blocks\n * Inconsistent spacing and formatting\n * Best practices for markdown generation\n* Getting more help\n\n## Deployment\n\n### [third-party-integrations](https://code.claude.com/docs/en/third-party-integrations.md)\n\n* Provider comparison\n* Cloud providers\n* Corporate infrastructure\n* Configuration overview\n * Using Bedrock with corporate proxy\n * Using Bedrock with LLM Gateway\n * Using Vertex AI with corporate proxy\n * Using Vertex AI with LLM Gateway\n * Authentication configuration\n* Choosing the right deployment configuration\n * Direct provider access\n * Corporate proxy\n * LLM Gateway\n* Debugging\n* Best practices for organizations\n * 1. Invest in documentation and memory\n * 2. Simplify deployment\n * 3. Start with guided usage\n * 4. Configure security policies\n * 5. Leverage MCP for integrations\n* Next steps\n\n### [amazon-bedrock](https://code.claude.com/docs/en/amazon-bedrock.md)\n\n* Prerequisites\n* Setup\n * 1. Submit use case details\n * 2. Configure AWS credentials\n * Advanced credential configuration\n * Example configuration\n * Configuration settings explained\n * 3. Configure Claude Code\n * 4. Model configuration\n * 5. Output token configuration\n* IAM configuration\n* Troubleshooting\n* Additional resources\n\n### [google-vertex-ai](https://code.claude.com/docs/en/google-vertex-ai.md)\n\n* Prerequisites\n* Region Configuration\n* Setup\n * 1. Enable Vertex AI API\n * 2. Request model access\n * 3. Configure GCP credentials\n * 4. Configure Claude Code\n * 5. Model configuration\n* IAM configuration\n* 1M token context window\n* Troubleshooting\n* Additional resources\n\n### [network-config](https://code.claude.com/docs/en/network-config.md)\n\n* Proxy configuration\n * Environment variables\n * Basic authentication\n* Custom CA certificates\n* mTLS authentication\n* Network access requirements\n* Additional resources\n\n### [llm-gateway](https://code.claude.com/docs/en/llm-gateway.md)\n\n* LiteLLM configuration\n * Prerequisites\n * Basic LiteLLM setup\n * Authentication methods\n * Static API key\n * Dynamic API key with helper\n * Unified endpoint (recommended)\n * Provider-specific pass-through endpoints (alternative)\n * Claude API through LiteLLM\n * Amazon Bedrock through LiteLLM\n * Google Vertex AI through LiteLLM\n * Model selection\n* Additional resources\n\n### [devcontainer](https://code.claude.com/docs/en/devcontainer.md)\n\n* Key features\n* Getting started in 4 steps\n* Configuration breakdown\n* Security features\n* Customization options\n* Example use cases\n * Secure client work\n * Team onboarding\n * Consistent CI/CD environments\n* Related resources\n\n### [sandboxing](https://code.claude.com/docs/en/sandboxing.md)\n\n* Overview\n* Why sandboxing matters\n* How it works\n * Filesystem isolation\n * Network isolation\n * OS-level enforcement\n* Getting started\n * Enable sandboxing\n * Configure sandboxing\n* Security benefits\n * Protection against prompt injection\n * Reduced attack surface\n * Transparent operation\n* Security Limitations\n* Advanced usage\n * Custom proxy configuration\n * Integration with existing security tools\n* Best practices\n* Open source\n* Limitations\n* See also\n\n## Administration\n\n### [setup](https://code.claude.com/docs/en/setup.md)\n\n* System requirements\n * Additional dependencies\n* Standard installation\n* Windows setup\n* Alternative installation methods\n * Native installation options\n * NPM installation\n* Running on AWS or GCP\n* Update Claude Code\n * Auto updates\n * Update manually\n\n### [iam](https://code.claude.com/docs/en/iam.md)\n\n* Authentication methods\n * Claude API authentication\n * Cloud provider authentication\n* Access control and permissions\n * Permission system\n * Configuring permissions\n * Permission modes\n * Working directories\n * Tool-specific permission rules\n * Additional permission control with hooks\n * Managed policy settings\n * Settings precedence\n* Credential management\n\n### [security](https://code.claude.com/docs/en/security.md)\n\n* How we approach security\n * Security foundation\n * Permission-based architecture\n * Built-in protections\n * User responsibility\n* Protect against prompt injection\n * Core protections\n * Privacy safeguards\n * Additional safeguards\n* MCP security\n* IDE security\n* Cloud execution security\n* Security best practices\n * Working with sensitive code\n * Team security\n * Reporting security issues\n* Related resources\n\n### [data-usage](https://code.claude.com/docs/en/data-usage.md)\n\n* Data policies\n * Data training policy\n * Development Partner Program\n * Feedback using the `/bug` command\n * Session quality surveys\n * Data retention\n* Data flow and dependencies\n * Cloud execution\n* Telemetry services\n* Default behaviors by API provider\n\n### [monitoring-usage](https://code.claude.com/docs/en/monitoring-usage.md)\n\n* Quick Start\n* Administrator Configuration\n* Configuration Details\n * Common Configuration Variables\n * Metrics Cardinality Control\n * Dynamic Headers\n * Settings Configuration\n * Script Requirements\n * Important Limitations\n * Multi-Team Organization Support\n * Example Configurations\n* Available Metrics and Events\n * Standard Attributes\n * Metrics\n * Metric Details\n * Session Counter\n * Lines of Code Counter\n * Pull Request Counter\n * Commit Counter\n * Cost Counter\n * Token Counter\n * Code Edit Tool Decision Counter\n * Active Time Counter\n * Events\n * User Prompt Event\n * Tool Result Event\n * API Request Event\n * API Error Event\n * Tool Decision Event\n* Interpreting Metrics and Events Data\n * Usage Monitoring\n * Cost Monitoring\n * Alerting and Segmentation\n * Event Analysis\n* Backend Considerations\n * For Metrics:\n * For Events/Logs:\n* Service Information\n* ROI Measurement Resources\n* Security/Privacy Considerations\n* Monitoring Claude Code on Amazon Bedrock\n\n### [costs](https://code.claude.com/docs/en/costs.md)\n\n* Track your costs\n * Using the `/cost` command\n * Additional tracking options\n* Managing costs for teams\n * Rate limit recommendations\n* Reduce token usage\n* Background token usage\n* Tracking version changes and updates\n * Current version information\n * Understanding changes in Claude Code behavior\n * When cost reporting changes\n\n### [analytics](https://code.claude.com/docs/en/analytics.md)\n\n* Access analytics\n * Required roles\n* Available metrics\n * Lines of code accepted\n * Suggestion accept rate\n * Activity\n * Spend\n * Team insights\n* Using analytics effectively\n * Monitor adoption\n * Measure productivity\n* Related resources\n\n### [plugin-marketplaces](https://code.claude.com/docs/en/plugin-marketplaces.md)\n\n* Overview\n * Prerequisites\n* Add and use marketplaces\n * Add GitHub marketplaces\n * Add Git repositories\n * Add local marketplaces for development\n * Install plugins from marketplaces\n * Verify marketplace installation\n* Configure team marketplaces\n* Create your own marketplace\n * Prerequisites for marketplace creation\n * Create the marketplace file\n * Marketplace schema\n * Required fields\n * Optional metadata\n * Plugin entries\n * Optional plugin fields\n * Plugin sources\n * Relative paths\n * GitHub repositories\n * Git repositories\n * Advanced plugin entries\n* Host and distribute marketplaces\n * Host on GitHub (recommended)\n * Host on other git services\n * Use local marketplaces for development\n* Manage marketplace operations\n * List known marketplaces\n * Update marketplace metadata\n * Remove a marketplace\n* Troubleshooting marketplaces\n * Common marketplace issues\n * Marketplace not loading\n * Plugin installation failures\n * Validation and testing\n* Next steps\n * For marketplace users\n * For marketplace creators\n * For organizations\n* See also\n\n## Configuration\n\n### [settings](https://code.claude.com/docs/en/settings.md)\n\n* Settings files\n * Available settings\n * Permission settings\n * Sandbox settings\n * Settings precedence\n * Key points about the configuration system\n * System prompt availability\n * Excluding sensitive files\n* Subagent configuration\n* Plugin configuration\n * Plugin settings\n * `enabledPlugins`\n * `extraKnownMarketplaces`\n * Managing plugins\n* Environment variables\n* Tools available to Claude\n * Extending tools with hooks\n* See also\n\n### [vs-code](https://code.claude.com/docs/en/vs-code.md)\n\n* VS Code Extension (Beta)\n * Features\n * Requirements\n * Installation\n * How It Works\n * Using Third-Party Providers (Vertex and Bedrock)\n * Environment Variables\n * Not Yet Implemented\n* Security Considerations\n* Legacy CLI Integration\n* Troubleshooting\n * Extension Not Installing\n * Legacy Integration Not Working\n\n### [jetbrains](https://code.claude.com/docs/en/jetbrains.md)\n\n* Supported IDEs\n* Features\n* Installation\n * Marketplace Installation\n* Usage\n * From Your IDE\n * From External Terminals\n* Configuration\n * Claude Code Settings\n * Plugin Settings\n * General Settings\n * ESC Key Configuration\n* Special Configurations\n * Remote Development\n * WSL Configuration\n* Troubleshooting\n * Plugin Not Working\n * IDE Not Detected\n * Command Not Found\n* Security Considerations\n\n### [terminal-config](https://code.claude.com/docs/en/terminal-config.md)\n\n* Themes and appearance\n* Line breaks\n * Set up Shift+Enter (VS Code or iTerm2):\n * Set up Option+Enter (VS Code, iTerm2 or macOS Terminal.app):\n* Notification setup\n * iTerm 2 system notifications\n * Custom notification hooks\n* Handling large inputs\n* Vim Mode\n\n### [model-config](https://code.claude.com/docs/en/model-config.md)\n\n* Available models\n * Model aliases\n * Setting your model\n* Special model behavior\n * `default` model setting\n * `opusplan` model setting\n * Extended context with \\[1m]\n* Checking your current model\n* Environment variables\n * Prompt caching configuration\n\n### [memory](https://code.claude.com/docs/en/memory.md)\n\n* Determine memory type\n* CLAUDE.md imports\n* How Claude looks up memories\n* Quickly add memories with the `#` shortcut\n* Directly edit memories with `/memory`\n* Set up project memory\n* Organization-level memory management\n* Memory best practices\n\n### [statusline](https://code.claude.com/docs/en/statusline.md)\n\n* Create a custom status line\n* How it Works\n* JSON Input Structure\n* Example Scripts\n * Simple Status Line\n * Git-Aware Status Line\n * Python Example\n * Node.js Example\n * Helper Function Approach\n* Tips\n* Troubleshooting\n\n## Reference\n\n### [cli-reference](https://code.claude.com/docs/en/cli-reference.md)\n\n* CLI commands\n* CLI flags\n * Agents flag format\n * System prompt flags\n* See also\n\n### [interactive-mode](https://code.claude.com/docs/en/interactive-mode.md)\n\n* Keyboard shortcuts\n * General controls\n * Multiline input\n * Quick commands\n* Vim editor mode\n * Mode switching\n * Navigation (NORMAL mode)\n * Editing (NORMAL mode)\n* Command history\n * Reverse search with Ctrl+R\n* Background bash commands\n * How backgrounding works\n * Bash mode with `!` prefix\n* See also\n\n### [slash-commands](https://code.claude.com/docs/en/slash-commands.md)\n\n* Built-in slash commands\n* Custom slash commands\n * Syntax\n * Parameters\n * Command types\n * Project commands\n * Personal commands\n * Features\n * Namespacing\n * Arguments\n * All arguments with `$ARGUMENTS`\n * Individual arguments with `$1`, `$2`, etc.\n * Bash command execution\n * File references\n * Thinking mode\n * Frontmatter\n* Plugin commands\n * How plugin commands work\n * Plugin command structure\n * Invocation patterns\n* MCP slash commands\n * Command format\n * Features\n * Dynamic discovery\n * Arguments\n * Naming conventions\n * Managing MCP connections\n * MCP permissions and wildcards\n* `SlashCommand` tool\n * `SlashCommand` tool supported commands\n * Disable `SlashCommand` tool\n * Disable specific commands only\n * `SlashCommand` permission rules\n * Character budget limit\n* Skills vs slash commands\n * Use slash commands for\n * Use Skills for\n * Key differences\n * Example comparison\n * When to use each\n* See also\n\n### [checkpointing](https://code.claude.com/docs/en/checkpointing.md)\n\n* How checkpoints work\n * Automatic tracking\n * Rewinding changes\n* Common use cases\n* Limitations\n * Bash command changes not tracked\n * External changes not tracked\n * Not a replacement for version control\n* See also\n\n### [hooks](https://code.claude.com/docs/en/hooks.md)\n\n* Configuration\n * Structure\n * Project-Specific Hook Scripts\n * Plugin hooks\n* Prompt-Based Hooks\n * How prompt-based hooks work\n * Configuration\n * Response schema\n * Supported hook events\n * Example: Intelligent Stop hook\n * Example: SubagentStop with custom logic\n * Comparison with bash command hooks\n * Best practices\n* Hook Events\n * PreToolUse\n * PermissionRequest\n * PostToolUse\n * Notification\n * UserPromptSubmit\n * Stop\n * SubagentStop\n * PreCompact\n * SessionStart\n * Persisting environment variables\n * SessionEnd\n* Hook Input\n * PreToolUse Input\n * PermissionRequest\n * PostToolUse Input\n * Notification Input\n * UserPromptSubmit Input\n * Stop and SubagentStop Input\n * PreCompact Input\n * SessionStart Input\n * SessionEnd Input\n* Hook Output\n * Simple: Exit Code\n * Exit Code 2 Behavior\n * Advanced: JSON Output\n * Common JSON Fields\n * `PreToolUse` Decision Control\n * `PermissionRequest` Decision Control\n * `PostToolUse` Decision Control\n * `UserPromptSubmit` Decision Control\n * `Stop`/`SubagentStop` Decision Control\n * `SessionStart` Decision Control\n * `SessionEnd` Decision Control\n * Exit Code Example: Bash Command Validation\n * JSON Output Example: UserPromptSubmit to Add Context and Validation\n * JSON Output Example: PreToolUse with Approval\n* Working with MCP Tools\n * MCP Tool Naming\n * Configuring Hooks for MCP Tools\n* Examples\n* Security Considerations\n * Disclaimer\n * Security Best Practices\n * Configuration Safety\n* Hook Execution Details\n* Debugging\n * Basic Troubleshooting\n * Advanced Debugging\n * Debug Output Example\n\n### [plugins-reference](https://code.claude.com/docs/en/plugins-reference.md)\n\n* Plugin components reference\n * Commands\n * Agents\n * Skills\n * Hooks\n * MCP servers\n* Plugin manifest schema\n * Complete schema\n * Required fields\n * Metadata fields\n * Component path fields\n * Path behavior rules\n * Environment variables\n* Plugin directory structure\n * Standard plugin layout\n * File locations reference\n* Debugging and development tools\n * Debugging commands\n * Common issues\n* Distribution and versioning reference\n * Version management\n\n## Resources\n\n### [legal-and-compliance](https://code.claude.com/docs/en/legal-and-compliance.md)\n\n* Legal agreements\n * License\n * Commercial agreements\n* Compliance\n * Healthcare compliance (BAA)\n* Security and trust\n * Trust and safety\n * Security vulnerability reporting\n\n\n---\n\n> To find navigation and other pages in this documentation, fetch the llms.txt file at: https://code.claude.com/docs/llms.txt"}]},"uuid":"a4af4730-008c-4501-9641-f07016d57b94","timestamp":"2026-01-08T16:22:58.919Z","toolUseResult":{"bytes":26316,"code":200,"codeText":"OK","result":"# null\n\n# Claude Code Documentation Map\n\nThis is a comprehensive map of all Claude Code documentation pages with their headings, designed for easy navigation by LLMs.\n\n> **Note:** This file is auto-generated by GitHub Actions. Do not edit manually.\n> Last updated: 2025-11-06 00:10:13 UTC\n\n## Document Structure\n\nThis map uses a hierarchical structure:\n\n* **##** marks documentation groups (e.g., 'Getting started')\n* **###** marks individual documentation pages\n* **Nested bullets** show the heading structure within each page\n* Each page title links to the full documentation\n\n## Getting started\n\n### [overview](https://code.claude.com/docs/en/overview.md)\n\n* Get started in 30 seconds\n* What Claude Code does for you\n* Why developers love Claude Code\n* Next steps\n* Additional resources\n\n### [quickstart](https://code.claude.com/docs/en/quickstart.md)\n\n* Before you begin\n* Step 1: Install Claude Code\n* Step 2: Log in to your account\n* Step 3: Start your first session\n* Step 4: Ask your first question\n* Step 5: Make your first code change\n* Step 6: Use Git with Claude Code\n* Step 7: Fix a bug or add a feature\n* Step 8: Test out other common workflows\n* Essential commands\n* Pro tips for beginners\n* What's next?\n* Getting help\n\n### [common-workflows](https://code.claude.com/docs/en/common-workflows.md)\n\n* Understand new codebases\n * Get a quick codebase overview\n * Find relevant code\n* Fix bugs efficiently\n* Refactor code\n* Use specialized subagents\n* Use Plan Mode for safe code analysis\n * When to use Plan Mode\n * How to use Plan Mode\n * Example: Planning a complex refactor\n * Configure Plan Mode as default\n* Work with tests\n* Create pull requests\n* Handle documentation\n* Work with images\n* Reference files and directories\n* Use extended thinking\n* Resume previous conversations\n* Run parallel Claude Code sessions with Git worktrees\n* Use Claude as a unix-style utility\n * Add Claude to your verification process\n * Pipe in, pipe out\n * Control output format\n* Create custom slash commands\n * Create project-specific commands\n * Add command arguments with \\$ARGUMENTS\n * Create personal slash commands\n* Ask Claude about its capabilities\n * Example questions\n* Next steps\n\n### [claude-code-on-the-web](https://code.claude.com/docs/en/claude-code-on-the-web.md)\n\n* What is Claude Code on the web?\n* Who can use Claude Code on the web?\n* Getting started\n* How it works\n* Moving tasks between web and terminal\n * From web to terminal\n* Cloud environment\n * Default image\n * Checking available tools\n * Language-specific setups\n * Environment configuration\n * Dependency management\n * Local vs remote execution\n * Persisting environment variables\n* Network access and security\n * Network policy\n * GitHub proxy\n * Security proxy\n * Access levels\n * Default allowed domains\n * Anthropic Services\n * Version Control\n * Container Registries\n * Cloud Platforms\n * Package Managers - JavaScript/Node\n * Package Managers - Python\n * Package Managers - Ruby\n * Package Managers - Rust\n * Package Managers - Go\n * Package Managers - JVM\n * Package Managers - Other Languages\n * Linux Distributions\n * Development Tools & Platforms\n * Cloud Services & Monitoring\n * Content Delivery & Mirrors\n * Schema & Configuration\n * Security best practices for customized network access\n* Security and isolation\n* Pricing and rate limits\n* Limitations\n* Best practices\n* Related resources\n\n## Build with Claude Code\n\n### [sub-agents](https://code.claude.com/docs/en/sub-agents.md)\n\n* What are subagents?\n* Key benefits\n* Quick start\n* Subagent configuration\n * File locations\n * Plugin agents\n * CLI-based configuration\n * File format\n * Configuration fields\n * Model selection\n * Available tools\n* Managing subagents\n * Using the /agents command (Recommended)\n * Direct file management\n* Using subagents effectively\n * Automatic delegation\n * Explicit invocation\n* Built-in subagents\n * Plan subagent\n* Example subagents\n * Code reviewer\n * Debugger\n * Data scientist\n* Best practices\n* Advanced usage\n * Chaining subagents\n * Dynamic subagent selection\n * Resumable subagents\n* Performance considerations\n* Related documentation\n\n### [plugins](https://code.claude.com/docs/en/plugins.md)\n\n* Quickstart\n * Prerequisites\n * Create your first plugin\n* Hello Command\n * Plugin structure overview\n * Install and manage plugins\n * Prerequisites\n * Add marketplaces\n * Install plugins\n * Via interactive menu (recommended for discovery)\n * Via direct commands (for quick installation)\n * Verify installation\n * Set up team plugin workflows\n * Develop more complex plugins\n * Add Skills to your plugin\n * Organize complex plugins\n * Test your plugins locally\n * Debug plugin issues\n * Share your plugins\n * Next steps\n * For plugin users\n * For plugin developers\n * For team leads and administrators\n * See also\n\n### [skills](https://code.claude.com/docs/en/skills.md)\n\n* Prerequisites\n* What are Agent Skills?\n* Create a Skill\n * Personal Skills\n * Project Skills\n * Plugin Skills\n* Write SKILL.md\n* Add supporting files\n* Restrict tool access with allowed-tools\n* View available Skills\n* Test a Skill\n* Debug a Skill\n * Make description specific\n * Verify file path\n * Check YAML syntax\n * View errors\n* Share Skills with your team\n * Step 1: Add Skill to your project\n * Step 2: Commit to git\n * Step 3: Team members get Skills automatically\n* Update a Skill\n* Remove a Skill\n* Best practices\n * Keep Skills focused\n * Write clear descriptions\n * Test with your team\n * Document Skill versions\n* Troubleshooting\n * Claude doesn't use my Skill\n * Skill has errors\n * Multiple Skills conflict\n* Examples\n * Simple Skill (single file)\n * Skill with tool permissions\n * Multi-file Skill\n* Next steps\n\n### [output-styles](https://code.claude.com/docs/en/output-styles.md)\n\n* Built-in output styles\n* How output styles work\n* Change your output style\n* Create a custom output style\n* Comparisons to related features\n * Output Styles vs. CLAUDE.md vs. --append-system-prompt\n * Output Styles vs. [Agents](/en/sub-agents)\n * Output Styles vs. [Custom Slash Commands](/en/slash-commands)\n\n### [hooks-guide](https://code.claude.com/docs/en/hooks-guide.md)\n\n* Hook Events Overview\n* Quickstart\n * Prerequisites\n * Step 1: Open hooks configuration\n * Step 2: Add a matcher\n * Step 3: Add the hook\n * Step 4: Save your configuration\n * Step 5: Verify your hook\n * Step 6: Test your hook\n* More Examples\n * Code Formatting Hook\n * Markdown Formatting Hook\n * Custom Notification Hook\n * File Protection Hook\n* Learn more\n\n### [headless](https://code.claude.com/docs/en/headless.md)\n\n* Overview\n* Basic usage\n* Configuration Options\n* Multi-turn conversations\n* Output Formats\n * Text Output (Default)\n * JSON Output\n * Streaming JSON Output\n* Input Formats\n * Text Input (Default)\n * Streaming JSON Input\n* Agent Integration Examples\n * SRE Incident Response Bot\n * Automated Security Review\n * Multi-turn Legal Assistant\n* Best Practices\n* Related Resources\n\n### [github-actions](https://code.claude.com/docs/en/github-actions.md)\n\n* Why use Claude Code GitHub Actions?\n* What can Claude do?\n * Claude Code Action\n* Setup\n* Quick setup\n* Manual setup\n* Upgrading from Beta\n * Essential changes\n * Breaking Changes Reference\n * Before and After Example\n* Example use cases\n * Basic workflow\n * Using slash commands\n * Custom automation with prompts\n * Common use cases\n* Best practices\n * CLAUDE.md configuration\n * Security considerations\n * Optimizing performance\n * CI costs\n* Configuration examples\n* Using with AWS Bedrock & Google Vertex AI\n * Prerequisites\n * For Google Cloud Vertex AI:\n * For AWS Bedrock:\n* Troubleshooting\n * Claude not responding to @claude commands\n * CI not running on Claude's commits\n * Authentication errors\n* Advanced configuration\n * Action parameters\n * Using claude\\_args\n * Alternative integration methods\n * Customizing Claude's behavior\n\n### [gitlab-ci-cd](https://code.claude.com/docs/en/gitlab-ci-cd.md)\n\n* Why use Claude Code with GitLab?\n* How it works\n* What can Claude do?\n* Setup\n * Quick setup\n * Manual setup (recommended for production)\n* Example use cases\n * Turn issues into MRs\n * Get implementation help\n * Fix bugs quickly\n* Using with AWS Bedrock & Google Vertex AI\n* Configuration examples\n * Basic .gitlab-ci.yml (Claude API)\n * AWS Bedrock job example (OIDC)\n * Google Vertex AI job example (Workload Identity Federation)\n* Best practices\n * CLAUDE.md configuration\n * Security considerations\n * Optimizing performance\n * CI costs\n* Security and governance\n* Troubleshooting\n * Claude not responding to @claude commands\n * Job can't write comments or open MRs\n * Authentication errors\n* Advanced configuration\n * Common parameters and variables\n * Customizing Claude's behavior\n\n### [mcp](https://code.claude.com/docs/en/mcp.md)\n\n* What you can do with MCP\n* Popular MCP servers\n* Installing MCP servers\n * Option 1: Add a remote HTTP server\n * Option 2: Add a remote SSE server\n * Option 3: Add a local stdio server\n * Managing your servers\n * Plugin-provided MCP servers\n* MCP installation scopes\n * Local scope\n * Project scope\n * User scope\n * Choosing the right scope\n * Scope hierarchy and precedence\n * Environment variable expansion in `.mcp.json`\n* Practical examples\n * Example: Monitor errors with Sentry\n * Example: Connect to GitHub for code reviews\n * Example: Query your PostgreSQL database\n* Authenticate with remote MCP servers\n* Add MCP servers from JSON configuration\n* Import MCP servers from Claude Desktop\n* Use Claude Code as an MCP server\n* MCP output limits and warnings\n* Use MCP resources\n * Reference MCP resources\n* Use MCP prompts as slash commands\n * Execute MCP prompts\n* Managed MCP configuration\n * Setting up enterprise MCP configuration\n * Restricting MCP servers with allowlists and denylists\n\n### [migration-guide](https://code.claude.com/docs/en/migration-guide.md)\n\n* Overview\n* What's Changed\n* Migration Steps\n * For TypeScript/JavaScript Projects\n * For Python Projects\n* Breaking changes\n * Python: ClaudeCodeOptions renamed to ClaudeAgentOptions\n * System prompt no longer default\n * Settings Sources No Longer Loaded by Default\n* Why the Rename?\n* Getting Help\n* Next Steps\n\n### [troubleshooting](https://code.claude.com/docs/en/troubleshooting.md)\n\n* Common installation issues\n * Windows installation issues: errors in WSL\n * Linux and Mac installation issues: permission or command not found errors\n * Recommended solution: Native Claude Code installation\n* Permissions and authentication\n * Repeated permission prompts\n * Authentication issues\n* Performance and stability\n * High CPU or memory usage\n * Command hangs or freezes\n * Search and discovery issues\n * Slow or incomplete search results on WSL\n* IDE integration issues\n * JetBrains IDE not detected on WSL2\n * WSL2 networking modes\n * Reporting Windows IDE integration issues (both native and WSL)\n * ESC key not working in JetBrains (IntelliJ, PyCharm, etc.) terminals\n* Markdown formatting issues\n * Missing language tags in code blocks\n * Inconsistent spacing and formatting\n * Best practices for markdown generation\n* Getting more help\n\n## Deployment\n\n### [third-party-integrations](https://code.claude.com/docs/en/third-party-integrations.md)\n\n* Provider comparison\n* Cloud providers\n* Corporate infrastructure\n* Configuration overview\n * Using Bedrock with corporate proxy\n * Using Bedrock with LLM Gateway\n * Using Vertex AI with corporate proxy\n * Using Vertex AI with LLM Gateway\n * Authentication configuration\n* Choosing the right deployment configuration\n * Direct provider access\n * Corporate proxy\n * LLM Gateway\n* Debugging\n* Best practices for organizations\n * 1. Invest in documentation and memory\n * 2. Simplify deployment\n * 3. Start with guided usage\n * 4. Configure security policies\n * 5. Leverage MCP for integrations\n* Next steps\n\n### [amazon-bedrock](https://code.claude.com/docs/en/amazon-bedrock.md)\n\n* Prerequisites\n* Setup\n * 1. Submit use case details\n * 2. Configure AWS credentials\n * Advanced credential configuration\n * Example configuration\n * Configuration settings explained\n * 3. Configure Claude Code\n * 4. Model configuration\n * 5. Output token configuration\n* IAM configuration\n* Troubleshooting\n* Additional resources\n\n### [google-vertex-ai](https://code.claude.com/docs/en/google-vertex-ai.md)\n\n* Prerequisites\n* Region Configuration\n* Setup\n * 1. Enable Vertex AI API\n * 2. Request model access\n * 3. Configure GCP credentials\n * 4. Configure Claude Code\n * 5. Model configuration\n* IAM configuration\n* 1M token context window\n* Troubleshooting\n* Additional resources\n\n### [network-config](https://code.claude.com/docs/en/network-config.md)\n\n* Proxy configuration\n * Environment variables\n * Basic authentication\n* Custom CA certificates\n* mTLS authentication\n* Network access requirements\n* Additional resources\n\n### [llm-gateway](https://code.claude.com/docs/en/llm-gateway.md)\n\n* LiteLLM configuration\n * Prerequisites\n * Basic LiteLLM setup\n * Authentication methods\n * Static API key\n * Dynamic API key with helper\n * Unified endpoint (recommended)\n * Provider-specific pass-through endpoints (alternative)\n * Claude API through LiteLLM\n * Amazon Bedrock through LiteLLM\n * Google Vertex AI through LiteLLM\n * Model selection\n* Additional resources\n\n### [devcontainer](https://code.claude.com/docs/en/devcontainer.md)\n\n* Key features\n* Getting started in 4 steps\n* Configuration breakdown\n* Security features\n* Customization options\n* Example use cases\n * Secure client work\n * Team onboarding\n * Consistent CI/CD environments\n* Related resources\n\n### [sandboxing](https://code.claude.com/docs/en/sandboxing.md)\n\n* Overview\n* Why sandboxing matters\n* How it works\n * Filesystem isolation\n * Network isolation\n * OS-level enforcement\n* Getting started\n * Enable sandboxing\n * Configure sandboxing\n* Security benefits\n * Protection against prompt injection\n * Reduced attack surface\n * Transparent operation\n* Security Limitations\n* Advanced usage\n * Custom proxy configuration\n * Integration with existing security tools\n* Best practices\n* Open source\n* Limitations\n* See also\n\n## Administration\n\n### [setup](https://code.claude.com/docs/en/setup.md)\n\n* System requirements\n * Additional dependencies\n* Standard installation\n* Windows setup\n* Alternative installation methods\n * Native installation options\n * NPM installation\n* Running on AWS or GCP\n* Update Claude Code\n * Auto updates\n * Update manually\n\n### [iam](https://code.claude.com/docs/en/iam.md)\n\n* Authentication methods\n * Claude API authentication\n * Cloud provider authentication\n* Access control and permissions\n * Permission system\n * Configuring permissions\n * Permission modes\n * Working directories\n * Tool-specific permission rules\n * Additional permission control with hooks\n * Managed policy settings\n * Settings precedence\n* Credential management\n\n### [security](https://code.claude.com/docs/en/security.md)\n\n* How we approach security\n * Security foundation\n * Permission-based architecture\n * Built-in protections\n * User responsibility\n* Protect against prompt injection\n * Core protections\n * Privacy safeguards\n * Additional safeguards\n* MCP security\n* IDE security\n* Cloud execution security\n* Security best practices\n * Working with sensitive code\n * Team security\n * Reporting security issues\n* Related resources\n\n### [data-usage](https://code.claude.com/docs/en/data-usage.md)\n\n* Data policies\n * Data training policy\n * Development Partner Program\n * Feedback using the `/bug` command\n * Session quality surveys\n * Data retention\n* Data flow and dependencies\n * Cloud execution\n* Telemetry services\n* Default behaviors by API provider\n\n### [monitoring-usage](https://code.claude.com/docs/en/monitoring-usage.md)\n\n* Quick Start\n* Administrator Configuration\n* Configuration Details\n * Common Configuration Variables\n * Metrics Cardinality Control\n * Dynamic Headers\n * Settings Configuration\n * Script Requirements\n * Important Limitations\n * Multi-Team Organization Support\n * Example Configurations\n* Available Metrics and Events\n * Standard Attributes\n * Metrics\n * Metric Details\n * Session Counter\n * Lines of Code Counter\n * Pull Request Counter\n * Commit Counter\n * Cost Counter\n * Token Counter\n * Code Edit Tool Decision Counter\n * Active Time Counter\n * Events\n * User Prompt Event\n * Tool Result Event\n * API Request Event\n * API Error Event\n * Tool Decision Event\n* Interpreting Metrics and Events Data\n * Usage Monitoring\n * Cost Monitoring\n * Alerting and Segmentation\n * Event Analysis\n* Backend Considerations\n * For Metrics:\n * For Events/Logs:\n* Service Information\n* ROI Measurement Resources\n* Security/Privacy Considerations\n* Monitoring Claude Code on Amazon Bedrock\n\n### [costs](https://code.claude.com/docs/en/costs.md)\n\n* Track your costs\n * Using the `/cost` command\n * Additional tracking options\n* Managing costs for teams\n * Rate limit recommendations\n* Reduce token usage\n* Background token usage\n* Tracking version changes and updates\n * Current version information\n * Understanding changes in Claude Code behavior\n * When cost reporting changes\n\n### [analytics](https://code.claude.com/docs/en/analytics.md)\n\n* Access analytics\n * Required roles\n* Available metrics\n * Lines of code accepted\n * Suggestion accept rate\n * Activity\n * Spend\n * Team insights\n* Using analytics effectively\n * Monitor adoption\n * Measure productivity\n* Related resources\n\n### [plugin-marketplaces](https://code.claude.com/docs/en/plugin-marketplaces.md)\n\n* Overview\n * Prerequisites\n* Add and use marketplaces\n * Add GitHub marketplaces\n * Add Git repositories\n * Add local marketplaces for development\n * Install plugins from marketplaces\n * Verify marketplace installation\n* Configure team marketplaces\n* Create your own marketplace\n * Prerequisites for marketplace creation\n * Create the marketplace file\n * Marketplace schema\n * Required fields\n * Optional metadata\n * Plugin entries\n * Optional plugin fields\n * Plugin sources\n * Relative paths\n * GitHub repositories\n * Git repositories\n * Advanced plugin entries\n* Host and distribute marketplaces\n * Host on GitHub (recommended)\n * Host on other git services\n * Use local marketplaces for development\n* Manage marketplace operations\n * List known marketplaces\n * Update marketplace metadata\n * Remove a marketplace\n* Troubleshooting marketplaces\n * Common marketplace issues\n * Marketplace not loading\n * Plugin installation failures\n * Validation and testing\n* Next steps\n * For marketplace users\n * For marketplace creators\n * For organizations\n* See also\n\n## Configuration\n\n### [settings](https://code.claude.com/docs/en/settings.md)\n\n* Settings files\n * Available settings\n * Permission settings\n * Sandbox settings\n * Settings precedence\n * Key points about the configuration system\n * System prompt availability\n * Excluding sensitive files\n* Subagent configuration\n* Plugin configuration\n * Plugin settings\n * `enabledPlugins`\n * `extraKnownMarketplaces`\n * Managing plugins\n* Environment variables\n* Tools available to Claude\n * Extending tools with hooks\n* See also\n\n### [vs-code](https://code.claude.com/docs/en/vs-code.md)\n\n* VS Code Extension (Beta)\n * Features\n * Requirements\n * Installation\n * How It Works\n * Using Third-Party Providers (Vertex and Bedrock)\n * Environment Variables\n * Not Yet Implemented\n* Security Considerations\n* Legacy CLI Integration\n* Troubleshooting\n * Extension Not Installing\n * Legacy Integration Not Working\n\n### [jetbrains](https://code.claude.com/docs/en/jetbrains.md)\n\n* Supported IDEs\n* Features\n* Installation\n * Marketplace Installation\n* Usage\n * From Your IDE\n * From External Terminals\n* Configuration\n * Claude Code Settings\n * Plugin Settings\n * General Settings\n * ESC Key Configuration\n* Special Configurations\n * Remote Development\n * WSL Configuration\n* Troubleshooting\n * Plugin Not Working\n * IDE Not Detected\n * Command Not Found\n* Security Considerations\n\n### [terminal-config](https://code.claude.com/docs/en/terminal-config.md)\n\n* Themes and appearance\n* Line breaks\n * Set up Shift+Enter (VS Code or iTerm2):\n * Set up Option+Enter (VS Code, iTerm2 or macOS Terminal.app):\n* Notification setup\n * iTerm 2 system notifications\n * Custom notification hooks\n* Handling large inputs\n* Vim Mode\n\n### [model-config](https://code.claude.com/docs/en/model-config.md)\n\n* Available models\n * Model aliases\n * Setting your model\n* Special model behavior\n * `default` model setting\n * `opusplan` model setting\n * Extended context with \\[1m]\n* Checking your current model\n* Environment variables\n * Prompt caching configuration\n\n### [memory](https://code.claude.com/docs/en/memory.md)\n\n* Determine memory type\n* CLAUDE.md imports\n* How Claude looks up memories\n* Quickly add memories with the `#` shortcut\n* Directly edit memories with `/memory`\n* Set up project memory\n* Organization-level memory management\n* Memory best practices\n\n### [statusline](https://code.claude.com/docs/en/statusline.md)\n\n* Create a custom status line\n* How it Works\n* JSON Input Structure\n* Example Scripts\n * Simple Status Line\n * Git-Aware Status Line\n * Python Example\n * Node.js Example\n * Helper Function Approach\n* Tips\n* Troubleshooting\n\n## Reference\n\n### [cli-reference](https://code.claude.com/docs/en/cli-reference.md)\n\n* CLI commands\n* CLI flags\n * Agents flag format\n * System prompt flags\n* See also\n\n### [interactive-mode](https://code.claude.com/docs/en/interactive-mode.md)\n\n* Keyboard shortcuts\n * General controls\n * Multiline input\n * Quick commands\n* Vim editor mode\n * Mode switching\n * Navigation (NORMAL mode)\n * Editing (NORMAL mode)\n* Command history\n * Reverse search with Ctrl+R\n* Background bash commands\n * How backgrounding works\n * Bash mode with `!` prefix\n* See also\n\n### [slash-commands](https://code.claude.com/docs/en/slash-commands.md)\n\n* Built-in slash commands\n* Custom slash commands\n * Syntax\n * Parameters\n * Command types\n * Project commands\n * Personal commands\n * Features\n * Namespacing\n * Arguments\n * All arguments with `$ARGUMENTS`\n * Individual arguments with `$1`, `$2`, etc.\n * Bash command execution\n * File references\n * Thinking mode\n * Frontmatter\n* Plugin commands\n * How plugin commands work\n * Plugin command structure\n * Invocation patterns\n* MCP slash commands\n * Command format\n * Features\n * Dynamic discovery\n * Arguments\n * Naming conventions\n * Managing MCP connections\n * MCP permissions and wildcards\n* `SlashCommand` tool\n * `SlashCommand` tool supported commands\n * Disable `SlashCommand` tool\n * Disable specific commands only\n * `SlashCommand` permission rules\n * Character budget limit\n* Skills vs slash commands\n * Use slash commands for\n * Use Skills for\n * Key differences\n * Example comparison\n * When to use each\n* See also\n\n### [checkpointing](https://code.claude.com/docs/en/checkpointing.md)\n\n* How checkpoints work\n * Automatic tracking\n * Rewinding changes\n* Common use cases\n* Limitations\n * Bash command changes not tracked\n * External changes not tracked\n * Not a replacement for version control\n* See also\n\n### [hooks](https://code.claude.com/docs/en/hooks.md)\n\n* Configuration\n * Structure\n * Project-Specific Hook Scripts\n * Plugin hooks\n* Prompt-Based Hooks\n * How prompt-based hooks work\n * Configuration\n * Response schema\n * Supported hook events\n * Example: Intelligent Stop hook\n * Example: SubagentStop with custom logic\n * Comparison with bash command hooks\n * Best practices\n* Hook Events\n * PreToolUse\n * PermissionRequest\n * PostToolUse\n * Notification\n * UserPromptSubmit\n * Stop\n * SubagentStop\n * PreCompact\n * SessionStart\n * Persisting environment variables\n * SessionEnd\n* Hook Input\n * PreToolUse Input\n * PermissionRequest\n * PostToolUse Input\n * Notification Input\n * UserPromptSubmit Input\n * Stop and SubagentStop Input\n * PreCompact Input\n * SessionStart Input\n * SessionEnd Input\n* Hook Output\n * Simple: Exit Code\n * Exit Code 2 Behavior\n * Advanced: JSON Output\n * Common JSON Fields\n * `PreToolUse` Decision Control\n * `PermissionRequest` Decision Control\n * `PostToolUse` Decision Control\n * `UserPromptSubmit` Decision Control\n * `Stop`/`SubagentStop` Decision Control\n * `SessionStart` Decision Control\n * `SessionEnd` Decision Control\n * Exit Code Example: Bash Command Validation\n * JSON Output Example: UserPromptSubmit to Add Context and Validation\n * JSON Output Example: PreToolUse with Approval\n* Working with MCP Tools\n * MCP Tool Naming\n * Configuring Hooks for MCP Tools\n* Examples\n* Security Considerations\n * Disclaimer\n * Security Best Practices\n * Configuration Safety\n* Hook Execution Details\n* Debugging\n * Basic Troubleshooting\n * Advanced Debugging\n * Debug Output Example\n\n### [plugins-reference](https://code.claude.com/docs/en/plugins-reference.md)\n\n* Plugin components reference\n * Commands\n * Agents\n * Skills\n * Hooks\n * MCP servers\n* Plugin manifest schema\n * Complete schema\n * Required fields\n * Metadata fields\n * Component path fields\n * Path behavior rules\n * Environment variables\n* Plugin directory structure\n * Standard plugin layout\n * File locations reference\n* Debugging and development tools\n * Debugging commands\n * Common issues\n* Distribution and versioning reference\n * Version management\n\n## Resources\n\n### [legal-and-compliance](https://code.claude.com/docs/en/legal-and-compliance.md)\n\n* Legal agreements\n * License\n * Commercial agreements\n* Compliance\n * Healthcare compliance (BAA)\n* Security and trust\n * Trust and safety\n * Security vulnerability reporting\n\n\n---\n\n> To find navigation and other pages in this documentation, fetch the llms.txt file at: https://code.claude.com/docs/llms.txt","durationMs":836,"url":"https://code.claude.com/docs/en/claude_code_docs_map.md"},"sourceToolAssistantUUID":"6f7e1bfc-97ed-4b3d-9a50-23ad6656ce17"}
{"parentUuid":"a4af4730-008c-4501-9641-f07016d57b94","isSidechain":true,"userType":"external","cwd":"C:\\Users\\MikeSwanson\\claude-projects","sessionId":"80ae4b0b-7fe1-4f71-a1fb-cfb90e991a13","version":"2.1.1","gitBranch":"main","agentId":"abceac8","message":{"model":"claude-haiku-4-5-20251001","id":"msg_01UygPUVFHn1989ud5ZU42U3","type":"message","role":"assistant","content":[{"type":"text","text":"Now let me fetch the settings documentation which covers permissions configuration:"}],"stop_reason":null,"stop_sequence":null,"usage":{"input_tokens":6,"cache_creation_input_tokens":7198,"cache_read_input_tokens":7400,"cache_creation":{"ephemeral_5m_input_tokens":7198,"ephemeral_1h_input_tokens":0},"output_tokens":1,"service_tier":"standard"}},"requestId":"req_011CWvDgADxNNZ7rk3a6KpJ5","type":"assistant","uuid":"8f700b6b-5bdf-4518-9cd8-c6cf45ee9dd0","timestamp":"2026-01-08T16:23:00.257Z"}
{"parentUuid":"8f700b6b-5bdf-4518-9cd8-c6cf45ee9dd0","isSidechain":true,"userType":"external","cwd":"C:\\Users\\MikeSwanson\\claude-projects","sessionId":"80ae4b0b-7fe1-4f71-a1fb-cfb90e991a13","version":"2.1.1","gitBranch":"main","agentId":"abceac8","message":{"model":"claude-haiku-4-5-20251001","id":"msg_01UygPUVFHn1989ud5ZU42U3","type":"message","role":"assistant","content":[{"type":"tool_use","id":"toolu_01QTFWHabJ6ubQHDXk6Ad6uW","name":"WebFetch","input":{"url":"https://code.claude.com/docs/en/settings.md","prompt":"permissions allow deny ask configuration format WebSearch WebFetch Bash"}}],"stop_reason":null,"stop_sequence":null,"usage":{"input_tokens":6,"cache_creation_input_tokens":7198,"cache_read_input_tokens":7400,"cache_creation":{"ephemeral_5m_input_tokens":7198,"ephemeral_1h_input_tokens":0},"output_tokens":1,"service_tier":"standard"}},"requestId":"req_011CWvDgADxNNZ7rk3a6KpJ5","type":"assistant","uuid":"50c19581-736c-4b8b-9382-aa4345841587","timestamp":"2026-01-08T16:23:00.833Z"}
{"parentUuid":"50c19581-736c-4b8b-9382-aa4345841587","isSidechain":true,"userType":"external","cwd":"C:\\Users\\MikeSwanson\\claude-projects","sessionId":"80ae4b0b-7fe1-4f71-a1fb-cfb90e991a13","version":"2.1.1","gitBranch":"main","agentId":"abceac8","message":{"model":"claude-haiku-4-5-20251001","id":"msg_01UygPUVFHn1989ud5ZU42U3","type":"message","role":"assistant","content":[{"type":"tool_use","id":"toolu_01AXGMM7gPKd3ruSQwJKpr8C","name":"WebFetch","input":{"url":"https://code.claude.com/docs/en/iam.md","prompt":"permissions access control allow deny ask configuration tool-specific rules"}}],"stop_reason":"tool_use","stop_sequence":null,"usage":{"input_tokens":6,"cache_creation_input_tokens":7198,"cache_read_input_tokens":7400,"cache_creation":{"ephemeral_5m_input_tokens":7198,"ephemeral_1h_input_tokens":0},"output_tokens":187,"service_tier":"standard"}},"requestId":"req_011CWvDgADxNNZ7rk3a6KpJ5","type":"assistant","uuid":"53e072e3-fd84-4ce3-9006-720a283d0e73","timestamp":"2026-01-08T16:23:01.277Z"}
{"parentUuid":"50c19581-736c-4b8b-9382-aa4345841587","isSidechain":true,"userType":"external","cwd":"C:\\Users\\MikeSwanson\\claude-projects","sessionId":"80ae4b0b-7fe1-4f71-a1fb-cfb90e991a13","version":"2.1.1","gitBranch":"main","agentId":"abceac8","type":"user","message":{"role":"user","content":[{"tool_use_id":"toolu_01QTFWHabJ6ubQHDXk6Ad6uW","type":"tool_result","content":"# Claude Code settings\n\n> Configure Claude Code with global and project-level settings, and environment variables.\n\nClaude Code offers a variety of settings to configure its behavior to meet your needs. You can configure Claude Code by running the `/config` command when using the interactive REPL, which opens a tabbed Settings interface where you can view status information and modify configuration options.\n\n## Configuration scopes\n\nClaude Code uses a **scope system** to determine where configurations apply and who they're shared with. Understanding scopes helps you decide how to configure Claude Code for personal use, team collaboration, or enterprise deployment.\n\n### Available scopes\n\n| Scope | Location | Who it affects | Shared with team? |\n| :---------- | :----------------------------------- | :----------------------------------- | :--------------------- |\n| **Managed** | System-level `managed-settings.json` | All users on the machine | Yes (deployed by IT) |\n| **User** | `~/.claude/` directory | You, across all projects | No |\n| **Project** | `.claude/` in repository | All collaborators on this repository | Yes (committed to git) |\n| **Local** | `.claude/*.local.*` files | You, in this repository only | No (gitignored) |\n\n### When to use each scope\n\n**Managed scope** is for:\n\n* Security policies that must be enforced organization-wide\n* Compliance requirements that can't be overridden\n* Standardized configurations deployed by IT/DevOps\n\n**User scope** is best for:\n\n* Personal preferences you want everywhere (themes, editor settings)\n* Tools and plugins you use across all projects\n* API keys and authentication (stored securely)\n\n**Project scope** is best for:\n\n* Team-shared settings (permissions, hooks, MCP servers)\n* Plugins the whole team should have\n* Standardizing tooling across collaborators\n\n**Local scope** is best for:\n\n* Personal overrides for a specific project\n* Testing configurations before sharing with the team\n* Machine-specific settings that won't work for others\n\n### How scopes interact\n\nWhen the same setting is configured in multiple scopes, more specific scopes take precedence:\n\n1. **Managed** (highest) - can't be overridden by anything\n2. **Command line arguments** - temporary session overrides\n3. **Local** - overrides project and user settings\n4. **Project** - overrides user settings\n5. **User** (lowest) - applies when nothing else specifies the setting\n\nFor example, if a permission is allowed in user settings but denied in project settings, the project setting takes precedence and the permission is blocked.\n\n### What uses scopes\n\nScopes apply to many Claude Code features:\n\n| Feature | User location | Project location | Local location |\n| :-------------- | :------------------------ | :--------------------------------- | :----------------------------- |\n| **Settings** | `~/.claude/settings.json` | `.claude/settings.json` | `.claude/settings.local.json` |\n| **Subagents** | `~/.claude/agents/` | `.claude/agents/` | — |\n| **MCP servers** | `~/.claude.json` | `.mcp.json` | `~/.claude.json` (per-project) |\n| **Plugins** | `~/.claude/settings.json` | `.claude/settings.json` | `.claude/settings.local.json` |\n| **CLAUDE.md** | `~/.claude/CLAUDE.md` | `CLAUDE.md` or `.claude/CLAUDE.md` | `CLAUDE.local.md` |\n\n***\n\n## Settings files\n\nThe `settings.json` file is our official mechanism for configuring Claude\nCode through hierarchical settings:\n\n* **User settings** are defined in `~/.claude/settings.json` and apply to all\n projects.\n* **Project settings** are saved in your project directory:\n * `.claude/settings.json` for settings that are checked into source control and shared with your team\n * `.claude/settings.local.json` for settings that are not checked in, useful for personal preferences and experimentation. Claude Code will configure git to ignore `.claude/settings.local.json` when it is created.\n* **Managed settings**: For organizations that need centralized control, Claude Code supports `managed-settings.json` and `managed-mcp.json` files that can be deployed to system directories:\n\n * macOS: `/Library/Application Support/ClaudeCode/`\n * Linux and WSL: `/etc/claude-code/`\n * Windows: `C:\\Program Files\\ClaudeCode\\`\n\n <Note>\n These are system-wide paths (not user home directories like `~/Library/...`) that require administrator privileges. They are designed to be deployed by IT administrators.\n </Note>\n\n See [Managed settings](/en/iam#managed-settings) and [Managed MCP configuration](/en/mcp#managed-mcp-configuration) for details.\n\n <Note>\n Managed deployments can also restrict **plugin marketplace additions** using\n `strictKnownMarketplaces`. For more information, see [Managed marketplace restrictions](/en/plugin-marketplaces#managed-marketplace-restrictions).\n </Note>\n* **Other configuration** is stored in `~/.claude.json`. This file contains your preferences (theme, notification settings, editor mode), OAuth session, [MCP server](/en/mcp) configurations for user and local scopes, per-project state (allowed tools, trust settings), and various caches. Project-scoped MCP servers are stored separately in `.mcp.json`.\n\n```JSON Example settings.json theme={null}\n{\n \"permissions\": {\n \"allow\": [\n \"Bash(npm run lint)\",\n \"Bash(npm run test:*)\",\n \"Read(~/.zshrc)\"\n ],\n \"deny\": [\n \"Bash(curl:*)\",\n \"Read(./.env)\",\n \"Read(./.env.*)\",\n \"Read(./secrets/**)\"\n ]\n },\n \"env\": {\n \"CLAUDE_CODE_ENABLE_TELEMETRY\": \"1\",\n \"OTEL_METRICS_EXPORTER\": \"otlp\"\n },\n \"companyAnnouncements\": [\n \"Welcome to Acme Corp! Review our code guidelines at docs.acme.com\",\n \"Reminder: Code reviews required for all PRs\",\n \"New security policy in effect\"\n ]\n}\n```\n\n### Available settings\n\n`settings.json` supports a number of options:\n\n| Key | Description | Example |\n| :--------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | :---------------------------------------------------------------------- |\n| `apiKeyHelper` | Custom script, to be executed in `/bin/sh`, to generate an auth value. This value will be sent as `X-Api-Key` and `Authorization: Bearer` headers for model requests | `/bin/generate_temp_api_key.sh` |\n| `cleanupPeriodDays` | Sessions inactive for longer than this period are deleted at startup. Setting to `0` immediately deletes all sessions. (default: 30 days) | `20` |\n| `companyAnnouncements` | Announcement to display to users at startup. If multiple announcements are provided, they will be cycled through at random. | `[\"Welcome to Acme Corp! Review our code guidelines at docs.acme.com\"]` |\n| `env` | Environment variables that will be applied to every session | `{\"FOO\": \"bar\"}` |\n| `attribution` | Customize attribution for git commits and pull requests. See [Attribution settings](#attribution-settings) | `{\"commit\": \"🤖 Generated with Claude Code\", \"pr\": \"\"}` |\n| `includeCoAuthoredBy` | **Deprecated**: Use `attribution` instead. Whether to include the `co-authored-by Claude` byline in git commits and pull requests (default: `true`) | `false` |\n| `permissions` | See table below for structure of permissions. | |\n| `hooks` | Configure custom commands to run before or after tool executions. See [hooks documentation](/en/hooks) | `{\"PreToolUse\": {\"Bash\": \"echo 'Running command...'\"}}` |\n| `disableAllHooks` | Disable all [hooks](/en/hooks) | `true` |\n| `allowManagedHooksOnly` | (Managed settings only) Prevent loading of user, project, and plugin hooks. Only allows managed hooks and SDK hooks. See [Hook configuration](#hook-configuration) | `true` |\n| `model` | Override the default model to use for Claude Code | `\"claude-sonnet-4-5-20250929\"` |\n| `otelHeadersHelper` | Script to generate dynamic OpenTelemetry headers. Runs at startup and periodically (see [Dynamic headers](/en/monitoring-usage#dynamic-headers)) | `/bin/generate_otel_headers.sh` |\n| `statusLine` | Configure a custom status line to display context. See [`statusLine` documentation](/en/statusline) | `{\"type\": \"command\", \"command\": \"~/.claude/statusline.sh\"}` |\n| `fileSuggestion` | Configure a custom script for `@` file autocomplete. See [File suggestion settings](#file-suggestion-settings) | `{\"type\": \"command\", \"command\": \"~/.claude/file-suggestion.sh\"}` |\n| `respectGitignore` | Control whether the `@` file picker respects `.gitignore` patterns. When `true` (default), files matching `.gitignore` patterns are excluded from suggestions | `false` |\n| `outputStyle` | Configure an output style to adjust the system prompt. See [output styles documentation](/en/output-styles) | `\"Explanatory\"` |\n| `forceLoginMethod` | Use `claudeai` to restrict login to Claude.ai accounts, `console` to restrict login to Claude Console (API usage billing) accounts | `claudeai` |\n| `forceLoginOrgUUID` | Specify the UUID of an organization to automatically select it during login, bypassing the organization selection step. Requires `forceLoginMethod` to be set | `\"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\"` |\n| `enableAllProjectMcpServers` | Automatically approve all MCP servers defined in project `.mcp.json` files | `true` |\n| `enabledMcpjsonServers` | List of specific MCP servers from `.mcp.json` files to approve | `[\"memory\", \"github\"]` |\n| `disabledMcpjsonServers` | List of specific MCP servers from `.mcp.json` files to reject | `[\"filesystem\"]` |\n| `allowedMcpServers` | When set in managed-settings.json, allowlist of MCP servers users can configure. Undefined = no restrictions, empty array = lockdown. Applies to all scopes. Denylist takes precedence. See [Managed MCP configuration](/en/mcp#managed-mcp-configuration) | `[{ \"serverName\": \"github\" }]` |\n| `deniedMcpServers` | When set in managed-settings.json, denylist of MCP servers that are explicitly blocked. Applies to all scopes including managed servers. Denylist takes precedence over allowlist. See [Managed MCP configuration](/en/mcp#managed-mcp-configuration) | `[{ \"serverName\": \"filesystem\" }]` |\n| `strictKnownMarketplaces` | When set in managed-settings.json, allowlist of plugin marketplaces users can add. Undefined = no restrictions, empty array = lockdown. Applies to marketplace additions only. See [Managed marketplace restrictions](/en/plugin-marketplaces#managed-marketplace-restrictions) | `[{ \"source\": \"github\", \"repo\": \"acme-corp/plugins\" }]` |\n| `awsAuthRefresh` | Custom script that modifies the `.aws` directory (see [advanced credential configuration](/en/amazon-bedrock#advanced-credential-configuration)) | `aws sso login --profile myprofile` |\n| `awsCredentialExport` | Custom script that outputs JSON with AWS credentials (see [advanced credential configuration](/en/amazon-bedrock#advanced-credential-configuration)) | `/bin/generate_aws_grant.sh` |\n| `alwaysThinkingEnabled` | Enable [extended thinking](/en/common-workflows#use-extended-thinking) by default for all sessions. Typically configured via the `/config` command rather than editing directly | `true` |\n| `language` | Configure Claude's preferred response language (e.g., `\"japanese\"`, `\"spanish\"`, `\"french\"`). Claude will respond in this language by default | `\"japanese\"` |\n\n### Permission settings\n\n| Keys | Description | Example |\n| :----------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | :--------------------------------------------------------------------- |\n| `allow` | Array of [permission rules](/en/iam#configuring-permissions) to allow tool use. **Note:** Bash rules use prefix matching, not regex | `[ \"Bash(git diff:*)\" ]` |\n| `ask` | Array of [permission rules](/en/iam#configuring-permissions) to ask for confirmation upon tool use. | `[ \"Bash(git push:*)\" ]` |\n| `deny` | Array of [permission rules](/en/iam#configuring-permissions) to deny tool use. Use this to also exclude sensitive files from Claude Code access. **Note:** Bash patterns are prefix matches and can be bypassed (see [Bash permission limitations](/en/iam#tool-specific-permission-rules)) | `[ \"WebFetch\", \"Bash(curl:*)\", \"Read(./.env)\", \"Read(./secrets/**)\" ]` |\n| `additionalDirectories` | Additional [working directories](/en/iam#working-directories) that Claude has access to | `[ \"../docs/\" ]` |\n| `defaultMode` | Default [permission mode](/en/iam#permission-modes) when opening Claude Code | `\"acceptEdits\"` |\n| `disableBypassPermissionsMode` | Set to `\"disable\"` to prevent `bypassPermissions` mode from being activated. This disables the `--dangerously-skip-permissions` command-line flag. See [managed settings](/en/iam#managed-settings) | `\"disable\"` |\n\n### Sandbox settings\n\nConfigure advanced sandboxing behavior. Sandboxing isolates bash commands from your filesystem and network. See [Sandboxing](/en/sandboxing) for details.\n\n**Filesystem and network restrictions** are configured via Read, Edit, and WebFetch permission rules, not via these sandbox settings.\n\n| Keys | Description | Example |\n| :-------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------ |\n| `enabled` | Enable bash sandboxing (macOS/Linux only). Default: false | `true` |\n| `autoAllowBashIfSandboxed` | Auto-approve bash commands when sandboxed. Default: true | `true` |\n| `excludedCommands` | Commands that should run outside of the sandbox | `[\"git\", \"docker\"]` |\n| `allowUnsandboxedCommands` | Allow commands to run outside the sandbox via the `dangerouslyDisableSandbox` parameter. When set to `false`, the `dangerouslyDisableSandbox` escape hatch is completely disabled and all commands must run sandboxed (or be in `excludedCommands`). Useful for enterprise policies that require strict sandboxing. Default: true | `false` |\n| `network.allowUnixSockets` | Unix socket paths accessible in sandbox (for SSH agents, etc.) | `[\"~/.ssh/agent-socket\"]` |\n| `network.allowLocalBinding` | Allow binding to localhost ports (macOS only). Default: false | `true` |\n| `network.httpProxyPort` | HTTP proxy port used if you wish to bring your own proxy. If not specified, Claude will run its own proxy. | `8080` |\n| `network.socksProxyPort` | SOCKS5 proxy port used if you wish to bring your own proxy. If not specified, Claude will run its own proxy. | `8081` |\n| `enableWeakerNestedSandbox` | Enable weaker sandbox for unprivileged Docker environments (Linux only). **Reduces security.** Default: false | `true` |\n\n**Configuration example:**\n\n```json theme={null}\n{\n \"sandbox\": {\n \"enabled\": true,\n \"autoAllowBashIfSandboxed\": true,\n \"excludedCommands\": [\"docker\"],\n \"network\": {\n \"allowUnixSockets\": [\n \"/var/run/docker.sock\"\n ],\n \"allowLocalBinding\": true\n }\n },\n \"permissions\": {\n \"deny\": [\n \"Read(.envrc)\",\n \"Read(~/.aws/**)\"\n ]\n }\n}\n```\n\n**Filesystem and network restrictions** use standard permission rules:\n\n* Use `Read` deny rules to block Claude from reading specific files or directories\n* Use `Edit` allow rules to let Claude write to directories beyond the current working directory\n* Use `Edit` deny rules to block writes to specific paths\n* Use `WebFetch` allow/deny rules to control which network domains Claude can access\n\n### Attribution settings\n\nClaude Code adds attribution to git commits and pull requests. These are configured separately:\n\n* Commits use [git trailers](https://git-scm.com/docs/git-interpret-trailers) (like `Co-Authored-By`) by default, which can be customized or disabled\n* Pull request descriptions are plain text\n\n| Keys | Description |\n| :------- | :----------------------------------------------------------------------------------------- |\n| `commit` | Attribution for git commits, including any trailers. Empty string hides commit attribution |\n| `pr` | Attribution for pull request descriptions. Empty string hides pull request attribution |\n\n**Default commit attribution:**\n\n```\n🤖 Generated with [Claude Code](https://claude.com/claude-code)\n\n Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>\n```\n\n**Default pull request attribution:**\n\n```\n🤖 Generated with [Claude Code](https://claude.com/claude-code)\n```\n\n**Example:**\n\n```json theme={null}\n{\n \"attribution\": {\n \"commit\": \"Generated with AI\\n\\nCo-Authored-By: AI <ai@example.com>\",\n \"pr\": \"\"\n }\n}\n```\n\n<Note>\n The `attribution` setting takes precedence over the deprecated `includeCoAuthoredBy` setting. To hide all attribution, set `commit` and `pr` to empty strings.\n</Note>\n\n### File suggestion settings\n\nConfigure a custom command for `@` file path autocomplete. The built-in file suggestion uses fast filesystem traversal, but large monorepos may benefit from project-specific indexing such as a pre-built file index or custom tooling.\n\n```json theme={null}\n{\n \"fileSuggestion\": {\n \"type\": \"command\",\n \"command\": \"~/.claude/file-suggestion.sh\"\n }\n}\n```\n\nThe command runs with the same environment variables as [hooks](/en/hooks), including `CLAUDE_PROJECT_DIR`. It receives JSON via stdin with a `query` field:\n\n```json theme={null}\n{\"query\": \"src/comp\"}\n```\n\nOutput newline-separated file paths to stdout (currently limited to 15):\n\n```\nsrc/components/Button.tsx\nsrc/components/Modal.tsx\nsrc/components/Form.tsx\n```\n\n**Example:**\n\n```bash theme={null}\n#!/bin/bash\nquery=$(cat | jq -r '.query')\nyour-repo-file-index --query \"$query\" | head -20\n```\n\n### Hook configuration\n\n**Managed settings only**: Controls which hooks are allowed to run. This setting can only be configured in [managed settings](#settings-files) and provides administrators with strict control over hook execution.\n\n**Behavior when `allowManagedHooksOnly` is `true`:**\n\n* Managed hooks and SDK hooks are loaded\n* User hooks, project hooks, and plugin hooks are blocked\n\n**Configuration:**\n\n```json theme={null}\n{\n \"allowManagedHooksOnly\": true\n}\n```\n\n### Settings precedence\n\nSettings apply in order of precedence. From highest to lowest:\n\n1. **Managed settings** (`managed-settings.json`)\n * Policies deployed by IT/DevOps to system directories\n * Cannot be overridden by user or project settings\n\n2. **Command line arguments**\n * Temporary overrides for a specific session\n\n3. **Local project settings** (`.claude/settings.local.json`)\n * Personal project-specific settings\n\n4. **Shared project settings** (`.claude/settings.json`)\n * Team-shared project settings in source control\n\n5. **User settings** (`~/.claude/settings.json`)\n * Personal global settings\n\nThis hierarchy ensures that organizational policies are always enforced while still allowing teams and individuals to customize their experience.\n\nFor example, if your user settings allow `Bash(npm run:*)` but a project's shared settings deny it, the project setting takes precedence and the command is blocked.\n\n### Key points about the configuration system\n\n* **Memory files (`CLAUDE.md`)**: Contain instructions and context that Claude loads at startup\n* **Settings files (JSON)**: Configure permissions, environment variables, and tool behavior\n* **Slash commands**: Custom commands that can be invoked during a session with `/command-name`\n* **MCP servers**: Extend Claude Code with additional tools and integrations\n* **Precedence**: Higher-level configurations (Managed) override lower-level ones (User/Project)\n* **Inheritance**: Settings are merged, with more specific settings adding to or overriding broader ones\n\n### System prompt\n\nClaude Code's internal system prompt is not published. To add custom instructions, use `CLAUDE.md` files or the `--append-system-prompt` flag.\n\n### Excluding sensitive files\n\nTo prevent Claude Code from accessing files containing sensitive information like API keys, secrets, and environment files, use the `permissions.deny` setting in your `.claude/settings.json` file:\n\n```json theme={null}\n{\n \"permissions\": {\n \"deny\": [\n \"Read(./.env)\",\n \"Read(./.env.*)\",\n \"Read(./secrets/**)\",\n \"Read(./config/credentials.json)\",\n \"Read(./build)\"\n ]\n }\n}\n```\n\nThis replaces the deprecated `ignorePatterns` configuration. Files matching these patterns will be completely invisible to Claude Code, preventing any accidental exposure of sensitive data.\n\n## Subagent configuration\n\nClaude Code supports custom AI subagents that can be configured at both user and project levels. These subagents are stored as Markdown files with YAML frontmatter:\n\n* **User subagents**: `~/.claude/agents/` - Available across all your projects\n* **Project subagents**: `.claude/agents/` - Specific to your project and can be shared with your team\n\nSubagent files define specialized AI assistants with custom prompts and tool permissions. Learn more about creating and using subagents in the [subagents documentation](/en/sub-agents).\n\n## Plugin configuration\n\nClaude Code supports a plugin system that lets you extend functionality with custom commands, agents, hooks, and MCP servers. Plugins are distributed through marketplaces and can be configured at both user and repository levels.\n\n### Plugin settings\n\nPlugin-related settings in `settings.json`:\n\n```json theme={null}\n{\n \"enabledPlugins\": {\n \"formatter@acme-tools\": true,\n \"deployer@acme-tools\": true,\n \"analyzer@security-plugins\": false\n },\n \"extraKnownMarketplaces\": {\n \"acme-tools\": {\n \"source\": \"github\",\n \"repo\": \"acme-corp/claude-plugins\"\n }\n }\n}\n```\n\n#### `enabledPlugins`\n\nControls which plugins are enabled. Format: `\"plugin-name@marketplace-name\": true/false`\n\n**Scopes**:\n\n* **User settings** (`~/.claude/settings.json`): Personal plugin preferences\n* **Project settings** (`.claude/settings.json`): Project-specific plugins shared with team\n* **Local settings** (`.claude/settings.local.json`): Per-machine overrides (not committed)\n\n**Example**:\n\n```json theme={null}\n{\n \"enabledPlugins\": {\n \"code-formatter@team-tools\": true,\n \"deployment-tools@team-tools\": true,\n \"experimental-features@personal\": false\n }\n}\n```\n\n#### `extraKnownMarketplaces`\n\nDefines additional marketplaces that should be made available for the repository. Typically used in repository-level settings to ensure team members have access to required plugin sources.\n\n**When a repository includes `extraKnownMarketplaces`**:\n\n1. Team members are prompted to install the marketplace when they trust the folder\n2. Team members are then prompted to install plugins from that marketplace\n3. Users can skip unwanted marketplaces or plugins (stored in user settings)\n4. Installation respects trust boundaries and requires explicit consent\n\n**Example**:\n\n```json theme={null}\n{\n \"extraKnownMarketplaces\": {\n \"acme-tools\": {\n \"source\": {\n \"source\": \"github\",\n \"repo\": \"acme-corp/claude-plugins\"\n }\n },\n \"security-plugins\": {\n \"source\": {\n \"source\": \"git\",\n \"url\": \"https://git.example.com/security/plugins.git\"\n }\n }\n }\n}\n```\n\n**Marketplace source types**:\n\n* `github`: GitHub repository (uses `repo`)\n* `git`: Any git URL (uses `url`)\n* `directory`: Local filesystem path (uses `path`, for development only)\n\n#### `strictKnownMarketplaces`\n\n**Managed settings only**: Controls which plugin marketplaces users are allowed to add. This setting can only be configured in [`managed-settings.json`](/en/iam#managed-settings) and provides administrators with strict control over marketplace sources.\n\n**Managed settings file locations**:\n\n* **macOS**: `/Library/Application Support/ClaudeCode/managed-settings.json`\n* **Linux and WSL**: `/etc/claude-code/managed-settings.json`\n* **Windows**: `C:\\Program Files\\ClaudeCode\\managed-settings.json`\n\n**Key characteristics**:\n\n* Only available in managed settings (`managed-settings.json`)\n* Cannot be overridden by user or project settings (highest precedence)\n* Enforced BEFORE network/filesystem operations (blocked sources never execute)\n* Uses exact matching for source specifications (including `ref`, `path` for git sources)\n\n**Allowlist behavior**:\n\n* `undefined` (default): No restrictions - users can add any marketplace\n* Empty array `[]`: Complete lockdown - users cannot add any new marketplaces\n* List of sources: Users can only add marketplaces that match exactly\n\n**All supported source types**:\n\nThe allowlist supports six marketplace source types. Each source must match exactly for a user's marketplace addition to be allowed.\n\n1. **GitHub repositories**:\n\n```json theme={null}\n{ \"source\": \"github\", \"repo\": \"acme-corp/approved-plugins\" }\n{ \"source\": \"github\", \"repo\": \"acme-corp/security-tools\", \"ref\": \"v2.0\" }\n{ \"source\": \"github\", \"repo\": \"acme-corp/plugins\", \"ref\": \"main\", \"path\": \"marketplace\" }\n```\n\nFields: `repo` (required), `ref` (optional: branch/tag/SHA), `path` (optional: subdirectory)\n\n2. **Git repositories**:\n\n```json theme={null}\n{ \"source\": \"git\", \"url\": \"https://gitlab.example.com/tools/plugins.git\" }\n{ \"source\": \"git\", \"url\": \"https://bitbucket.org/acme-corp/plugins.git\", \"ref\": \"production\" }\n{ \"source\": \"git\", \"url\": \"ssh://git@git.example.com/plugins.git\", \"ref\": \"v3.1\", \"path\": \"approved\" }\n```\n\nFields: `url` (required), `ref` (optional: branch/tag/SHA), `path` (optional: subdirectory)\n\n3. **URL-based marketplaces**:\n\n```json theme={null}\n{ \"source\": \"url\", \"url\": \"https://plugins.example.com/marketplace.json\" }\n{ \"source\": \"url\", \"url\": \"https://cdn.example.com/marketplace.json\", \"headers\": { \"Authorization\": \"Bearer ${TOKEN}\" } }\n```\n\nFields: `url` (required), `headers` (optional: HTTP headers for authenticated access)\n\n4. **NPM packages**:\n\n```json theme={null}\n{ \"source\": \"npm\", \"package\": \"@acme-corp/claude-plugins\" }\n{ \"source\": \"npm\", \"package\": \"@acme-corp/approved-marketplace\" }\n```\n\nFields: `package` (required, supports scoped packages)\n\n5. **File paths**:\n\n```json theme={null}\n{ \"source\": \"file\", \"path\": \"/usr/local/share/claude/acme-marketplace.json\" }\n{ \"source\": \"file\", \"path\": \"/opt/acme-corp/plugins/marketplace.json\" }\n```\n\nFields: `path` (required: absolute path to marketplace.json file)\n\n6. **Directory paths**:\n\n```json theme={null}\n{ \"source\": \"directory\", \"path\": \"/usr/local/share/claude/acme-plugins\" }\n{ \"source\": \"directory\", \"path\": \"/opt/acme-corp/approved-marketplaces\" }\n```\n\nFields: `path` (required: absolute path to directory containing `.claude-plugin/marketplace.json`)\n\n**Configuration examples**:\n\nExample - Allow specific marketplaces only:\n\n```json theme={null}\n{\n \"strictKnownMarketplaces\": [\n {\n \"source\": \"github\",\n \"repo\": \"acme-corp/approved-plugins\"\n },\n {\n \"source\": \"github\",\n \"repo\": \"acme-corp/security-tools\",\n \"ref\": \"v2.0\"\n },\n {\n \"source\": \"url\",\n \"url\": \"https://plugins.example.com/marketplace.json\"\n },\n {\n \"source\": \"npm\",\n \"package\": \"@acme-corp/compliance-plugins\"\n }\n ]\n}\n```\n\nExample - Disable all marketplace additions:\n\n```json theme={null}\n{\n \"strictKnownMarketplaces\": []\n}\n```\n\n**Exact matching requirements**:\n\nMarketplace sources must match **exactly** for a user's addition to be allowed. For git-based sources (`github` and `git`), this includes all optional fields:\n\n* The `repo` or `url` must match exactly\n* The `ref` field must match exactly (or both be undefined)\n* The `path` field must match exactly (or both be undefined)\n\nExamples of sources that **do NOT match**:\n\n```json theme={null}\n// These are DIFFERENT sources:\n{ \"source\": \"github\", \"repo\": \"acme-corp/plugins\" }\n{ \"source\": \"github\", \"repo\": \"acme-corp/plugins\", \"ref\": \"main\" }\n\n// These are also DIFFERENT:\n{ \"source\": \"github\", \"repo\": \"acme-corp/plugins\", \"path\": \"marketplace\" }\n{ \"source\": \"github\", \"repo\": \"acme-corp/plugins\" }\n```\n\n**Comparison with `extraKnownMarketplaces`**:\n\n| Aspect | `strictKnownMarketplaces` | `extraKnownMarketplaces` |\n| --------------------- | ------------------------------------ | ------------------------------------ |\n| **Purpose** | Organizational policy enforcement | Team convenience |\n| **Settings file** | `managed-settings.json` only | Any settings file |\n| **Behavior** | Blocks non-allowlisted additions | Auto-installs missing marketplaces |\n| **When enforced** | Before network/filesystem operations | After user trust prompt |\n| **Can be overridden** | No (highest precedence) | Yes (by higher precedence settings) |\n| **Source format** | Direct source object | Named marketplace with nested source |\n| **Use case** | Compliance, security restrictions | Onboarding, standardization |\n\n**Format difference**:\n\n`strictKnownMarketplaces` uses direct source objects:\n\n```json theme={null}\n{\n \"strictKnownMarketplaces\": [\n { \"source\": \"github\", \"repo\": \"acme-corp/plugins\" }\n ]\n}\n```\n\n`extraKnownMarketplaces` requires named marketplaces:\n\n```json theme={null}\n{\n \"extraKnownMarketplaces\": {\n \"acme-tools\": {\n \"source\": { \"source\": \"github\", \"repo\": \"acme-corp/plugins\" }\n }\n }\n}\n```\n\n**Important notes**:\n\n* Restrictions are checked BEFORE any network requests or filesystem operations\n* When blocked, users see clear error messages indicating the source is blocked by managed policy\n* The restriction applies only to adding NEW marketplaces; previously installed marketplaces remain accessible\n* Managed settings have the highest precedence and cannot be overridden\n\nSee [Managed marketplace restrictions](/en/plugin-marketplaces#managed-marketplace-restrictions) for user-facing documentation.\n\n### Managing plugins\n\nUse the `/plugin` command to manage plugins interactively:\n\n* Browse available plugins from marketplaces\n* Install/uninstall plugins\n* Enable/disable plugins\n* View plugin details (commands, agents, hooks provided)\n* Add/remove marketplaces\n\nLearn more about the plugin system in the [plugins documentation](/en/plugins).\n\n## Environment variables\n\nClaude Code supports the following environment variables to control its behavior:\n\n<Note>\n All environment variables can also be configured in [`settings.json`](#available-settings). This is useful as a way to automatically set environment variables for each session, or to roll out a set of environment variables for your whole team or organization.\n</Note>\n\n| Variable | Purpose |\n| :-------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| `ANTHROPIC_API_KEY` | API key sent as `X-Api-Key` header, typically for the Claude SDK (for interactive usage, run `/login`) |\n| `ANTHROPIC_AUTH_TOKEN` | Custom value for the `Authorization` header (the value you set here will be prefixed with `Bearer `) |\n| `ANTHROPIC_CUSTOM_HEADERS` | Custom headers you want to add to the request (in `Name: Value` format) |\n| `ANTHROPIC_DEFAULT_HAIKU_MODEL` | See [Model configuration](/en/model-config#environment-variables) |\n| `ANTHROPIC_DEFAULT_OPUS_MODEL` | See [Model configuration](/en/model-config#environment-variables) |\n| `ANTHROPIC_DEFAULT_SONNET_MODEL` | See [Model configuration](/en/model-config#environment-variables) |\n| `ANTHROPIC_FOUNDRY_API_KEY` | API key for Microsoft Foundry authentication (see [Microsoft Foundry](/en/microsoft-foundry)) |\n| `ANTHROPIC_MODEL` | Name of the model setting to use (see [Model Configuration](/en/model-config#environment-variables)) |\n| `ANTHROPIC_SMALL_FAST_MODEL` | \\[DEPRECATED] Name of [Haiku-class model for background tasks](/en/costs) |\n| `ANTHROPIC_SMALL_FAST_MODEL_AWS_REGION` | Override AWS region for the Haiku-class model when using Bedrock |\n| `AWS_BEARER_TOKEN_BEDROCK` | Bedrock API key for authentication (see [Bedrock API keys](https://aws.amazon.com/blogs/machine-learning/accelerate-ai-development-with-amazon-bedrock-api-keys/)) |\n| `BASH_DEFAULT_TIMEOUT_MS` | Default timeout for long-running bash commands |\n| `BASH_MAX_OUTPUT_LENGTH` | Maximum number of characters in bash outputs before they are middle-truncated |\n| `BASH_MAX_TIMEOUT_MS` | Maximum timeout the model can set for long-running bash commands |\n| `CLAUDE_BASH_MAINTAIN_PROJECT_WORKING_DIR` | Return to the original working directory after each Bash command |\n| `CLAUDE_CODE_API_KEY_HELPER_TTL_MS` | Interval in milliseconds at which credentials should be refreshed (when using `apiKeyHelper`) |\n| `CLAUDE_CODE_CLIENT_CERT` | Path to client certificate file for mTLS authentication |\n| `CLAUDE_CODE_CLIENT_KEY_PASSPHRASE` | Passphrase for encrypted CLAUDE\\_CODE\\_CLIENT\\_KEY (optional) |\n| `CLAUDE_CODE_CLIENT_KEY` | Path to client private key file for mTLS authentication |\n| `CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS` | Set to `1` to disable Anthropic API-specific `anthropic-beta` headers. Use this if experiencing issues like \"Unexpected value(s) for the `anthropic-beta` header\" when using an LLM gateway with third-party providers |\n| `CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC` | Equivalent of setting `DISABLE_AUTOUPDATER`, `DISABLE_BUG_COMMAND`, `DISABLE_ERROR_REPORTING`, and `DISABLE_TELEMETRY` |\n| `CLAUDE_CODE_DISABLE_TERMINAL_TITLE` | Set to `1` to disable automatic terminal title updates based on conversation context |\n| `CLAUDE_CODE_FILE_READ_MAX_OUTPUT_TOKENS` | Override the default token limit for file reads. Useful when you need to read larger files in full |\n| `CLAUDE_CODE_HIDE_ACCOUNT_INFO` | Set to `1` to hide your email address and organization name from the Claude Code UI. Useful when streaming or recording |\n| `CLAUDE_CODE_IDE_SKIP_AUTO_INSTALL` | Skip auto-installation of IDE extensions |\n| `CLAUDE_CODE_MAX_OUTPUT_TOKENS` | Set the maximum number of output tokens for most requests |\n| `CLAUDE_CODE_OTEL_HEADERS_HELPER_DEBOUNCE_MS` | Interval for refreshing dynamic OpenTelemetry headers in milliseconds (default: 1740000 / 29 minutes). See [Dynamic headers](/en/monitoring-usage#dynamic-headers) |\n| `CLAUDE_CODE_SHELL` | Override automatic shell detection. Useful when your login shell differs from your preferred working shell (for example, `bash` vs `zsh`) |\n| `CLAUDE_CODE_SHELL_PREFIX` | Command prefix to wrap all bash commands (for example, for logging or auditing). Example: `/path/to/logger.sh` will execute `/path/to/logger.sh <command>` |\n| `CLAUDE_CODE_SKIP_BEDROCK_AUTH` | Skip AWS authentication for Bedrock (for example, when using an LLM gateway) |\n| `CLAUDE_CODE_SKIP_FOUNDRY_AUTH` | Skip Azure authentication for Microsoft Foundry (for example, when using an LLM gateway) |\n| `CLAUDE_CODE_SKIP_VERTEX_AUTH` | Skip Google authentication for Vertex (for example, when using an LLM gateway) |\n| `CLAUDE_CODE_SUBAGENT_MODEL` | See [Model configuration](/en/model-config) |\n| `CLAUDE_CODE_USE_BEDROCK` | Use [Bedrock](/en/amazon-bedrock) |\n| `CLAUDE_CODE_USE_FOUNDRY` | Use [Microsoft Foundry](/en/microsoft-foundry) |\n| `CLAUDE_CODE_USE_VERTEX` | Use [Vertex](/en/google-vertex-ai) |\n| `CLAUDE_CONFIG_DIR` | Customize where Claude Code stores its configuration and data files |\n| `DISABLE_AUTOUPDATER` | Set to `1` to disable automatic updates. |\n| `DISABLE_BUG_COMMAND` | Set to `1` to disable the `/bug` command |\n| `DISABLE_COST_WARNINGS` | Set to `1` to disable cost warning messages |\n| `DISABLE_ERROR_REPORTING` | Set to `1` to opt out of Sentry error reporting |\n| `DISABLE_NON_ESSENTIAL_MODEL_CALLS` | Set to `1` to disable model calls for non-critical paths like flavor text |\n| `DISABLE_PROMPT_CACHING` | Set to `1` to disable prompt caching for all models (takes precedence over per-model settings) |\n| `DISABLE_PROMPT_CACHING_HAIKU` | Set to `1` to disable prompt caching for Haiku models |\n| `DISABLE_PROMPT_CACHING_OPUS` | Set to `1` to disable prompt caching for Opus models |\n| `DISABLE_PROMPT_CACHING_SONNET` | Set to `1` to disable prompt caching for Sonnet models |\n| `DISABLE_TELEMETRY` | Set to `1` to opt out of Statsig telemetry (note that Statsig events do not include user data like code, file paths, or bash commands) |\n| `HTTP_PROXY` | Specify HTTP proxy server for network connections |\n| `HTTPS_PROXY` | Specify HTTPS proxy server for network connections |\n| `MAX_MCP_OUTPUT_TOKENS` | Maximum number of tokens allowed in MCP tool responses. Claude Code displays a warning when output exceeds 10,000 tokens (default: 25000) |\n| `MAX_THINKING_TOKENS` | Enable [extended thinking](https://docs.claude.com/en/docs/build-with-claude/extended-thinking) and set the token budget for the thinking process. Extended thinking improves performance on complex reasoning and coding tasks but impacts [prompt caching efficiency](https://docs.claude.com/en/docs/build-with-claude/prompt-caching#caching-with-thinking-blocks). Disabled by default. |\n| `MCP_TIMEOUT` | Timeout in milliseconds for MCP server startup |\n| `MCP_TOOL_TIMEOUT` | Timeout in milliseconds for MCP tool execution |\n| `NO_PROXY` | List of domains and IPs to which requests will be directly issued, bypassing proxy |\n| `SLASH_COMMAND_TOOL_CHAR_BUDGET` | Maximum number of characters for slash command metadata shown to [SlashCommand tool](/en/slash-commands#slashcommand-tool) (default: 15000) |\n| `USE_BUILTIN_RIPGREP` | Set to `0` to use system-installed `rg` instead of `rg` included with Claude Code |\n| `VERTEX_REGION_CLAUDE_3_5_HAIKU` | Override region for Claude 3.5 Haiku when using Vertex AI |\n| `VERTEX_REGION_CLAUDE_3_7_SONNET` | Override region for Claude 3.7 Sonnet when using Vertex AI |\n| `VERTEX_REGION_CLAUDE_4_0_OPUS` | Override region for Claude 4.0 Opus when using Vertex AI |\n| `VERTEX_REGION_CLAUDE_4_0_SONNET` | Override region for Claude 4.0 Sonnet when using Vertex AI |\n| `VERTEX_REGION_CLAUDE_4_1_OPUS` | Override region for Claude 4.1 Opus when using Vertex AI |\n\n## Tools available to Claude\n\nClaude Code has access to a set of powerful tools that help it understand and modify your codebase:\n\n| Tool | Description | Permission Required |\n| :------------------ | :------------------------------------------------------------------------------------------------ | :------------------ |\n| **AskUserQuestion** | Asks the user multiple choice questions to gather information or clarify ambiguity | No |\n| **Bash** | Executes shell commands in your environment (see [Bash tool behavior](#bash-tool-behavior) below) | Yes |\n| **BashOutput** | Retrieves output from a background bash shell | No |\n| **Edit** | Makes targeted edits to specific files | Yes |\n| **ExitPlanMode** | Prompts the user to exit plan mode and start coding | Yes |\n| **Glob** | Finds files based on pattern matching | No |\n| **Grep** | Searches for patterns in file contents | No |\n| **KillShell** | Kills a running background bash shell by its ID | No |\n| **NotebookEdit** | Modifies Jupyter notebook cells | Yes |\n| **Read** | Reads the contents of files | No |\n| **Skill** | Executes a skill within the main conversation | Yes |\n| **SlashCommand** | Runs a [custom slash command](/en/slash-commands#slashcommand-tool) | Yes |\n| **Task** | Runs a sub-agent to handle complex, multi-step tasks | No |\n| **TodoWrite** | Creates and manages structured task lists | No |\n| **WebFetch** | Fetches content from a specified URL | Yes |\n| **WebSearch** | Performs web searches with domain filtering | Yes |\n| **Write** | Creates or overwrites files | Yes |\n\nPermission rules can be configured using `/allowed-tools` or in [permission settings](/en/settings#available-settings). Also see [Tool-specific permission rules](/en/iam#tool-specific-permission-rules).\n\n### Bash tool behavior\n\nThe Bash tool executes shell commands with the following persistence behavior:\n\n* **Working directory persists**: When Claude changes the working directory (for example, `cd /path/to/dir`), subsequent Bash commands will execute in that directory. You can use `CLAUDE_BASH_MAINTAIN_PROJECT_WORKING_DIR=1` to reset to the project directory after each command.\n* **Environment variables do NOT persist**: Environment variables set in one Bash command (for example, `export MY_VAR=value`) are **not** available in subsequent Bash commands. Each Bash command runs in a fresh shell environment.\n\nTo make environment variables available in Bash commands, you have **three options**:\n\n**Option 1: Activate environment before starting Claude Code** (simplest approach)\n\nActivate your virtual environment in your terminal before launching Claude Code:\n\n```bash theme={null}\nconda activate myenv\n# or: source /path/to/venv/bin/activate\nclaude\n```\n\nThis works for shell environments but environment variables set within Claude's Bash commands will not persist between commands.\n\n**Option 2: Set CLAUDE\\_ENV\\_FILE before starting Claude Code** (persistent environment setup)\n\nExport the path to a shell script containing your environment setup:\n\n```bash theme={null}\nexport CLAUDE_ENV_FILE=/path/to/env-setup.sh\nclaude\n```\n\nWhere `/path/to/env-setup.sh` contains:\n\n```bash theme={null}\nconda activate myenv\n# or: source /path/to/venv/bin/activate\n# or: export MY_VAR=value\n```\n\nClaude Code will source this file before each Bash command, making the environment persistent across all commands.\n\n**Option 3: Use a SessionStart hook** (project-specific configuration)\n\nConfigure in `.claude/settings.json`:\n\n```json theme={null}\n{\n \"hooks\": {\n \"SessionStart\": [{\n \"matcher\": \"startup\",\n \"hooks\": [{\n \"type\": \"command\",\n \"command\": \"echo 'conda activate myenv' >> \\\"$CLAUDE_ENV_FILE\\\"\"\n }]\n }]\n }\n}\n```\n\nThe hook writes to `$CLAUDE_ENV_FILE`, which is then sourced before each Bash command. This is ideal for team-shared project configurations.\n\nSee [SessionStart hooks](/en/hooks#persisting-environment-variables) for more details on Option 3.\n\n### Extending tools with hooks\n\nYou can run custom commands before or after any tool executes using\n[Claude Code hooks](/en/hooks-guide).\n\nFor example, you could automatically run a Python formatter after Claude\nmodifies Python files, or prevent modifications to production configuration\nfiles by blocking Write operations to certain paths.\n\n## See also\n\n* [Identity and Access Management](/en/iam#configuring-permissions) - Learn about Claude Code's permission system\n* [IAM and access control](/en/iam#managed-settings) - Managed policy configuration\n* [Troubleshooting](/en/troubleshooting#auto-updater-issues) - Solutions for common configuration issues\n\n\n---\n\n> To find navigation and other pages in this documentation, fetch the llms.txt file at: https://code.claude.com/docs/llms.txt"}]},"uuid":"d56e224f-ef11-4643-9048-172d4da9d36c","timestamp":"2026-01-08T16:23:01.711Z","toolUseResult":{"bytes":74598,"code":200,"codeText":"OK","result":"# Claude Code settings\n\n> Configure Claude Code with global and project-level settings, and environment variables.\n\nClaude Code offers a variety of settings to configure its behavior to meet your needs. You can configure Claude Code by running the `/config` command when using the interactive REPL, which opens a tabbed Settings interface where you can view status information and modify configuration options.\n\n## Configuration scopes\n\nClaude Code uses a **scope system** to determine where configurations apply and who they're shared with. Understanding scopes helps you decide how to configure Claude Code for personal use, team collaboration, or enterprise deployment.\n\n### Available scopes\n\n| Scope | Location | Who it affects | Shared with team? |\n| :---------- | :----------------------------------- | :----------------------------------- | :--------------------- |\n| **Managed** | System-level `managed-settings.json` | All users on the machine | Yes (deployed by IT) |\n| **User** | `~/.claude/` directory | You, across all projects | No |\n| **Project** | `.claude/` in repository | All collaborators on this repository | Yes (committed to git) |\n| **Local** | `.claude/*.local.*` files | You, in this repository only | No (gitignored) |\n\n### When to use each scope\n\n**Managed scope** is for:\n\n* Security policies that must be enforced organization-wide\n* Compliance requirements that can't be overridden\n* Standardized configurations deployed by IT/DevOps\n\n**User scope** is best for:\n\n* Personal preferences you want everywhere (themes, editor settings)\n* Tools and plugins you use across all projects\n* API keys and authentication (stored securely)\n\n**Project scope** is best for:\n\n* Team-shared settings (permissions, hooks, MCP servers)\n* Plugins the whole team should have\n* Standardizing tooling across collaborators\n\n**Local scope** is best for:\n\n* Personal overrides for a specific project\n* Testing configurations before sharing with the team\n* Machine-specific settings that won't work for others\n\n### How scopes interact\n\nWhen the same setting is configured in multiple scopes, more specific scopes take precedence:\n\n1. **Managed** (highest) - can't be overridden by anything\n2. **Command line arguments** - temporary session overrides\n3. **Local** - overrides project and user settings\n4. **Project** - overrides user settings\n5. **User** (lowest) - applies when nothing else specifies the setting\n\nFor example, if a permission is allowed in user settings but denied in project settings, the project setting takes precedence and the permission is blocked.\n\n### What uses scopes\n\nScopes apply to many Claude Code features:\n\n| Feature | User location | Project location | Local location |\n| :-------------- | :------------------------ | :--------------------------------- | :----------------------------- |\n| **Settings** | `~/.claude/settings.json` | `.claude/settings.json` | `.claude/settings.local.json` |\n| **Subagents** | `~/.claude/agents/` | `.claude/agents/` | — |\n| **MCP servers** | `~/.claude.json` | `.mcp.json` | `~/.claude.json` (per-project) |\n| **Plugins** | `~/.claude/settings.json` | `.claude/settings.json` | `.claude/settings.local.json` |\n| **CLAUDE.md** | `~/.claude/CLAUDE.md` | `CLAUDE.md` or `.claude/CLAUDE.md` | `CLAUDE.local.md` |\n\n***\n\n## Settings files\n\nThe `settings.json` file is our official mechanism for configuring Claude\nCode through hierarchical settings:\n\n* **User settings** are defined in `~/.claude/settings.json` and apply to all\n projects.\n* **Project settings** are saved in your project directory:\n * `.claude/settings.json` for settings that are checked into source control and shared with your team\n * `.claude/settings.local.json` for settings that are not checked in, useful for personal preferences and experimentation. Claude Code will configure git to ignore `.claude/settings.local.json` when it is created.\n* **Managed settings**: For organizations that need centralized control, Claude Code supports `managed-settings.json` and `managed-mcp.json` files that can be deployed to system directories:\n\n * macOS: `/Library/Application Support/ClaudeCode/`\n * Linux and WSL: `/etc/claude-code/`\n * Windows: `C:\\Program Files\\ClaudeCode\\`\n\n <Note>\n These are system-wide paths (not user home directories like `~/Library/...`) that require administrator privileges. They are designed to be deployed by IT administrators.\n </Note>\n\n See [Managed settings](/en/iam#managed-settings) and [Managed MCP configuration](/en/mcp#managed-mcp-configuration) for details.\n\n <Note>\n Managed deployments can also restrict **plugin marketplace additions** using\n `strictKnownMarketplaces`. For more information, see [Managed marketplace restrictions](/en/plugin-marketplaces#managed-marketplace-restrictions).\n </Note>\n* **Other configuration** is stored in `~/.claude.json`. This file contains your preferences (theme, notification settings, editor mode), OAuth session, [MCP server](/en/mcp) configurations for user and local scopes, per-project state (allowed tools, trust settings), and various caches. Project-scoped MCP servers are stored separately in `.mcp.json`.\n\n```JSON Example settings.json theme={null}\n{\n \"permissions\": {\n \"allow\": [\n \"Bash(npm run lint)\",\n \"Bash(npm run test:*)\",\n \"Read(~/.zshrc)\"\n ],\n \"deny\": [\n \"Bash(curl:*)\",\n \"Read(./.env)\",\n \"Read(./.env.*)\",\n \"Read(./secrets/**)\"\n ]\n },\n \"env\": {\n \"CLAUDE_CODE_ENABLE_TELEMETRY\": \"1\",\n \"OTEL_METRICS_EXPORTER\": \"otlp\"\n },\n \"companyAnnouncements\": [\n \"Welcome to Acme Corp! Review our code guidelines at docs.acme.com\",\n \"Reminder: Code reviews required for all PRs\",\n \"New security policy in effect\"\n ]\n}\n```\n\n### Available settings\n\n`settings.json` supports a number of options:\n\n| Key | Description | Example |\n| :--------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | :---------------------------------------------------------------------- |\n| `apiKeyHelper` | Custom script, to be executed in `/bin/sh`, to generate an auth value. This value will be sent as `X-Api-Key` and `Authorization: Bearer` headers for model requests | `/bin/generate_temp_api_key.sh` |\n| `cleanupPeriodDays` | Sessions inactive for longer than this period are deleted at startup. Setting to `0` immediately deletes all sessions. (default: 30 days) | `20` |\n| `companyAnnouncements` | Announcement to display to users at startup. If multiple announcements are provided, they will be cycled through at random. | `[\"Welcome to Acme Corp! Review our code guidelines at docs.acme.com\"]` |\n| `env` | Environment variables that will be applied to every session | `{\"FOO\": \"bar\"}` |\n| `attribution` | Customize attribution for git commits and pull requests. See [Attribution settings](#attribution-settings) | `{\"commit\": \"🤖 Generated with Claude Code\", \"pr\": \"\"}` |\n| `includeCoAuthoredBy` | **Deprecated**: Use `attribution` instead. Whether to include the `co-authored-by Claude` byline in git commits and pull requests (default: `true`) | `false` |\n| `permissions` | See table below for structure of permissions. | |\n| `hooks` | Configure custom commands to run before or after tool executions. See [hooks documentation](/en/hooks) | `{\"PreToolUse\": {\"Bash\": \"echo 'Running command...'\"}}` |\n| `disableAllHooks` | Disable all [hooks](/en/hooks) | `true` |\n| `allowManagedHooksOnly` | (Managed settings only) Prevent loading of user, project, and plugin hooks. Only allows managed hooks and SDK hooks. See [Hook configuration](#hook-configuration) | `true` |\n| `model` | Override the default model to use for Claude Code | `\"claude-sonnet-4-5-20250929\"` |\n| `otelHeadersHelper` | Script to generate dynamic OpenTelemetry headers. Runs at startup and periodically (see [Dynamic headers](/en/monitoring-usage#dynamic-headers)) | `/bin/generate_otel_headers.sh` |\n| `statusLine` | Configure a custom status line to display context. See [`statusLine` documentation](/en/statusline) | `{\"type\": \"command\", \"command\": \"~/.claude/statusline.sh\"}` |\n| `fileSuggestion` | Configure a custom script for `@` file autocomplete. See [File suggestion settings](#file-suggestion-settings) | `{\"type\": \"command\", \"command\": \"~/.claude/file-suggestion.sh\"}` |\n| `respectGitignore` | Control whether the `@` file picker respects `.gitignore` patterns. When `true` (default), files matching `.gitignore` patterns are excluded from suggestions | `false` |\n| `outputStyle` | Configure an output style to adjust the system prompt. See [output styles documentation](/en/output-styles) | `\"Explanatory\"` |\n| `forceLoginMethod` | Use `claudeai` to restrict login to Claude.ai accounts, `console` to restrict login to Claude Console (API usage billing) accounts | `claudeai` |\n| `forceLoginOrgUUID` | Specify the UUID of an organization to automatically select it during login, bypassing the organization selection step. Requires `forceLoginMethod` to be set | `\"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\"` |\n| `enableAllProjectMcpServers` | Automatically approve all MCP servers defined in project `.mcp.json` files | `true` |\n| `enabledMcpjsonServers` | List of specific MCP servers from `.mcp.json` files to approve | `[\"memory\", \"github\"]` |\n| `disabledMcpjsonServers` | List of specific MCP servers from `.mcp.json` files to reject | `[\"filesystem\"]` |\n| `allowedMcpServers` | When set in managed-settings.json, allowlist of MCP servers users can configure. Undefined = no restrictions, empty array = lockdown. Applies to all scopes. Denylist takes precedence. See [Managed MCP configuration](/en/mcp#managed-mcp-configuration) | `[{ \"serverName\": \"github\" }]` |\n| `deniedMcpServers` | When set in managed-settings.json, denylist of MCP servers that are explicitly blocked. Applies to all scopes including managed servers. Denylist takes precedence over allowlist. See [Managed MCP configuration](/en/mcp#managed-mcp-configuration) | `[{ \"serverName\": \"filesystem\" }]` |\n| `strictKnownMarketplaces` | When set in managed-settings.json, allowlist of plugin marketplaces users can add. Undefined = no restrictions, empty array = lockdown. Applies to marketplace additions only. See [Managed marketplace restrictions](/en/plugin-marketplaces#managed-marketplace-restrictions) | `[{ \"source\": \"github\", \"repo\": \"acme-corp/plugins\" }]` |\n| `awsAuthRefresh` | Custom script that modifies the `.aws` directory (see [advanced credential configuration](/en/amazon-bedrock#advanced-credential-configuration)) | `aws sso login --profile myprofile` |\n| `awsCredentialExport` | Custom script that outputs JSON with AWS credentials (see [advanced credential configuration](/en/amazon-bedrock#advanced-credential-configuration)) | `/bin/generate_aws_grant.sh` |\n| `alwaysThinkingEnabled` | Enable [extended thinking](/en/common-workflows#use-extended-thinking) by default for all sessions. Typically configured via the `/config` command rather than editing directly | `true` |\n| `language` | Configure Claude's preferred response language (e.g., `\"japanese\"`, `\"spanish\"`, `\"french\"`). Claude will respond in this language by default | `\"japanese\"` |\n\n### Permission settings\n\n| Keys | Description | Example |\n| :----------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | :--------------------------------------------------------------------- |\n| `allow` | Array of [permission rules](/en/iam#configuring-permissions) to allow tool use. **Note:** Bash rules use prefix matching, not regex | `[ \"Bash(git diff:*)\" ]` |\n| `ask` | Array of [permission rules](/en/iam#configuring-permissions) to ask for confirmation upon tool use. | `[ \"Bash(git push:*)\" ]` |\n| `deny` | Array of [permission rules](/en/iam#configuring-permissions) to deny tool use. Use this to also exclude sensitive files from Claude Code access. **Note:** Bash patterns are prefix matches and can be bypassed (see [Bash permission limitations](/en/iam#tool-specific-permission-rules)) | `[ \"WebFetch\", \"Bash(curl:*)\", \"Read(./.env)\", \"Read(./secrets/**)\" ]` |\n| `additionalDirectories` | Additional [working directories](/en/iam#working-directories) that Claude has access to | `[ \"../docs/\" ]` |\n| `defaultMode` | Default [permission mode](/en/iam#permission-modes) when opening Claude Code | `\"acceptEdits\"` |\n| `disableBypassPermissionsMode` | Set to `\"disable\"` to prevent `bypassPermissions` mode from being activated. This disables the `--dangerously-skip-permissions` command-line flag. See [managed settings](/en/iam#managed-settings) | `\"disable\"` |\n\n### Sandbox settings\n\nConfigure advanced sandboxing behavior. Sandboxing isolates bash commands from your filesystem and network. See [Sandboxing](/en/sandboxing) for details.\n\n**Filesystem and network restrictions** are configured via Read, Edit, and WebFetch permission rules, not via these sandbox settings.\n\n| Keys | Description | Example |\n| :-------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------ |\n| `enabled` | Enable bash sandboxing (macOS/Linux only). Default: false | `true` |\n| `autoAllowBashIfSandboxed` | Auto-approve bash commands when sandboxed. Default: true | `true` |\n| `excludedCommands` | Commands that should run outside of the sandbox | `[\"git\", \"docker\"]` |\n| `allowUnsandboxedCommands` | Allow commands to run outside the sandbox via the `dangerouslyDisableSandbox` parameter. When set to `false`, the `dangerouslyDisableSandbox` escape hatch is completely disabled and all commands must run sandboxed (or be in `excludedCommands`). Useful for enterprise policies that require strict sandboxing. Default: true | `false` |\n| `network.allowUnixSockets` | Unix socket paths accessible in sandbox (for SSH agents, etc.) | `[\"~/.ssh/agent-socket\"]` |\n| `network.allowLocalBinding` | Allow binding to localhost ports (macOS only). Default: false | `true` |\n| `network.httpProxyPort` | HTTP proxy port used if you wish to bring your own proxy. If not specified, Claude will run its own proxy. | `8080` |\n| `network.socksProxyPort` | SOCKS5 proxy port used if you wish to bring your own proxy. If not specified, Claude will run its own proxy. | `8081` |\n| `enableWeakerNestedSandbox` | Enable weaker sandbox for unprivileged Docker environments (Linux only). **Reduces security.** Default: false | `true` |\n\n**Configuration example:**\n\n```json theme={null}\n{\n \"sandbox\": {\n \"enabled\": true,\n \"autoAllowBashIfSandboxed\": true,\n \"excludedCommands\": [\"docker\"],\n \"network\": {\n \"allowUnixSockets\": [\n \"/var/run/docker.sock\"\n ],\n \"allowLocalBinding\": true\n }\n },\n \"permissions\": {\n \"deny\": [\n \"Read(.envrc)\",\n \"Read(~/.aws/**)\"\n ]\n }\n}\n```\n\n**Filesystem and network restrictions** use standard permission rules:\n\n* Use `Read` deny rules to block Claude from reading specific files or directories\n* Use `Edit` allow rules to let Claude write to directories beyond the current working directory\n* Use `Edit` deny rules to block writes to specific paths\n* Use `WebFetch` allow/deny rules to control which network domains Claude can access\n\n### Attribution settings\n\nClaude Code adds attribution to git commits and pull requests. These are configured separately:\n\n* Commits use [git trailers](https://git-scm.com/docs/git-interpret-trailers) (like `Co-Authored-By`) by default, which can be customized or disabled\n* Pull request descriptions are plain text\n\n| Keys | Description |\n| :------- | :----------------------------------------------------------------------------------------- |\n| `commit` | Attribution for git commits, including any trailers. Empty string hides commit attribution |\n| `pr` | Attribution for pull request descriptions. Empty string hides pull request attribution |\n\n**Default commit attribution:**\n\n```\n🤖 Generated with [Claude Code](https://claude.com/claude-code)\n\n Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>\n```\n\n**Default pull request attribution:**\n\n```\n🤖 Generated with [Claude Code](https://claude.com/claude-code)\n```\n\n**Example:**\n\n```json theme={null}\n{\n \"attribution\": {\n \"commit\": \"Generated with AI\\n\\nCo-Authored-By: AI <ai@example.com>\",\n \"pr\": \"\"\n }\n}\n```\n\n<Note>\n The `attribution` setting takes precedence over the deprecated `includeCoAuthoredBy` setting. To hide all attribution, set `commit` and `pr` to empty strings.\n</Note>\n\n### File suggestion settings\n\nConfigure a custom command for `@` file path autocomplete. The built-in file suggestion uses fast filesystem traversal, but large monorepos may benefit from project-specific indexing such as a pre-built file index or custom tooling.\n\n```json theme={null}\n{\n \"fileSuggestion\": {\n \"type\": \"command\",\n \"command\": \"~/.claude/file-suggestion.sh\"\n }\n}\n```\n\nThe command runs with the same environment variables as [hooks](/en/hooks), including `CLAUDE_PROJECT_DIR`. It receives JSON via stdin with a `query` field:\n\n```json theme={null}\n{\"query\": \"src/comp\"}\n```\n\nOutput newline-separated file paths to stdout (currently limited to 15):\n\n```\nsrc/components/Button.tsx\nsrc/components/Modal.tsx\nsrc/components/Form.tsx\n```\n\n**Example:**\n\n```bash theme={null}\n#!/bin/bash\nquery=$(cat | jq -r '.query')\nyour-repo-file-index --query \"$query\" | head -20\n```\n\n### Hook configuration\n\n**Managed settings only**: Controls which hooks are allowed to run. This setting can only be configured in [managed settings](#settings-files) and provides administrators with strict control over hook execution.\n\n**Behavior when `allowManagedHooksOnly` is `true`:**\n\n* Managed hooks and SDK hooks are loaded\n* User hooks, project hooks, and plugin hooks are blocked\n\n**Configuration:**\n\n```json theme={null}\n{\n \"allowManagedHooksOnly\": true\n}\n```\n\n### Settings precedence\n\nSettings apply in order of precedence. From highest to lowest:\n\n1. **Managed settings** (`managed-settings.json`)\n * Policies deployed by IT/DevOps to system directories\n * Cannot be overridden by user or project settings\n\n2. **Command line arguments**\n * Temporary overrides for a specific session\n\n3. **Local project settings** (`.claude/settings.local.json`)\n * Personal project-specific settings\n\n4. **Shared project settings** (`.claude/settings.json`)\n * Team-shared project settings in source control\n\n5. **User settings** (`~/.claude/settings.json`)\n * Personal global settings\n\nThis hierarchy ensures that organizational policies are always enforced while still allowing teams and individuals to customize their experience.\n\nFor example, if your user settings allow `Bash(npm run:*)` but a project's shared settings deny it, the project setting takes precedence and the command is blocked.\n\n### Key points about the configuration system\n\n* **Memory files (`CLAUDE.md`)**: Contain instructions and context that Claude loads at startup\n* **Settings files (JSON)**: Configure permissions, environment variables, and tool behavior\n* **Slash commands**: Custom commands that can be invoked during a session with `/command-name`\n* **MCP servers**: Extend Claude Code with additional tools and integrations\n* **Precedence**: Higher-level configurations (Managed) override lower-level ones (User/Project)\n* **Inheritance**: Settings are merged, with more specific settings adding to or overriding broader ones\n\n### System prompt\n\nClaude Code's internal system prompt is not published. To add custom instructions, use `CLAUDE.md` files or the `--append-system-prompt` flag.\n\n### Excluding sensitive files\n\nTo prevent Claude Code from accessing files containing sensitive information like API keys, secrets, and environment files, use the `permissions.deny` setting in your `.claude/settings.json` file:\n\n```json theme={null}\n{\n \"permissions\": {\n \"deny\": [\n \"Read(./.env)\",\n \"Read(./.env.*)\",\n \"Read(./secrets/**)\",\n \"Read(./config/credentials.json)\",\n \"Read(./build)\"\n ]\n }\n}\n```\n\nThis replaces the deprecated `ignorePatterns` configuration. Files matching these patterns will be completely invisible to Claude Code, preventing any accidental exposure of sensitive data.\n\n## Subagent configuration\n\nClaude Code supports custom AI subagents that can be configured at both user and project levels. These subagents are stored as Markdown files with YAML frontmatter:\n\n* **User subagents**: `~/.claude/agents/` - Available across all your projects\n* **Project subagents**: `.claude/agents/` - Specific to your project and can be shared with your team\n\nSubagent files define specialized AI assistants with custom prompts and tool permissions. Learn more about creating and using subagents in the [subagents documentation](/en/sub-agents).\n\n## Plugin configuration\n\nClaude Code supports a plugin system that lets you extend functionality with custom commands, agents, hooks, and MCP servers. Plugins are distributed through marketplaces and can be configured at both user and repository levels.\n\n### Plugin settings\n\nPlugin-related settings in `settings.json`:\n\n```json theme={null}\n{\n \"enabledPlugins\": {\n \"formatter@acme-tools\": true,\n \"deployer@acme-tools\": true,\n \"analyzer@security-plugins\": false\n },\n \"extraKnownMarketplaces\": {\n \"acme-tools\": {\n \"source\": \"github\",\n \"repo\": \"acme-corp/claude-plugins\"\n }\n }\n}\n```\n\n#### `enabledPlugins`\n\nControls which plugins are enabled. Format: `\"plugin-name@marketplace-name\": true/false`\n\n**Scopes**:\n\n* **User settings** (`~/.claude/settings.json`): Personal plugin preferences\n* **Project settings** (`.claude/settings.json`): Project-specific plugins shared with team\n* **Local settings** (`.claude/settings.local.json`): Per-machine overrides (not committed)\n\n**Example**:\n\n```json theme={null}\n{\n \"enabledPlugins\": {\n \"code-formatter@team-tools\": true,\n \"deployment-tools@team-tools\": true,\n \"experimental-features@personal\": false\n }\n}\n```\n\n#### `extraKnownMarketplaces`\n\nDefines additional marketplaces that should be made available for the repository. Typically used in repository-level settings to ensure team members have access to required plugin sources.\n\n**When a repository includes `extraKnownMarketplaces`**:\n\n1. Team members are prompted to install the marketplace when they trust the folder\n2. Team members are then prompted to install plugins from that marketplace\n3. Users can skip unwanted marketplaces or plugins (stored in user settings)\n4. Installation respects trust boundaries and requires explicit consent\n\n**Example**:\n\n```json theme={null}\n{\n \"extraKnownMarketplaces\": {\n \"acme-tools\": {\n \"source\": {\n \"source\": \"github\",\n \"repo\": \"acme-corp/claude-plugins\"\n }\n },\n \"security-plugins\": {\n \"source\": {\n \"source\": \"git\",\n \"url\": \"https://git.example.com/security/plugins.git\"\n }\n }\n }\n}\n```\n\n**Marketplace source types**:\n\n* `github`: GitHub repository (uses `repo`)\n* `git`: Any git URL (uses `url`)\n* `directory`: Local filesystem path (uses `path`, for development only)\n\n#### `strictKnownMarketplaces`\n\n**Managed settings only**: Controls which plugin marketplaces users are allowed to add. This setting can only be configured in [`managed-settings.json`](/en/iam#managed-settings) and provides administrators with strict control over marketplace sources.\n\n**Managed settings file locations**:\n\n* **macOS**: `/Library/Application Support/ClaudeCode/managed-settings.json`\n* **Linux and WSL**: `/etc/claude-code/managed-settings.json`\n* **Windows**: `C:\\Program Files\\ClaudeCode\\managed-settings.json`\n\n**Key characteristics**:\n\n* Only available in managed settings (`managed-settings.json`)\n* Cannot be overridden by user or project settings (highest precedence)\n* Enforced BEFORE network/filesystem operations (blocked sources never execute)\n* Uses exact matching for source specifications (including `ref`, `path` for git sources)\n\n**Allowlist behavior**:\n\n* `undefined` (default): No restrictions - users can add any marketplace\n* Empty array `[]`: Complete lockdown - users cannot add any new marketplaces\n* List of sources: Users can only add marketplaces that match exactly\n\n**All supported source types**:\n\nThe allowlist supports six marketplace source types. Each source must match exactly for a user's marketplace addition to be allowed.\n\n1. **GitHub repositories**:\n\n```json theme={null}\n{ \"source\": \"github\", \"repo\": \"acme-corp/approved-plugins\" }\n{ \"source\": \"github\", \"repo\": \"acme-corp/security-tools\", \"ref\": \"v2.0\" }\n{ \"source\": \"github\", \"repo\": \"acme-corp/plugins\", \"ref\": \"main\", \"path\": \"marketplace\" }\n```\n\nFields: `repo` (required), `ref` (optional: branch/tag/SHA), `path` (optional: subdirectory)\n\n2. **Git repositories**:\n\n```json theme={null}\n{ \"source\": \"git\", \"url\": \"https://gitlab.example.com/tools/plugins.git\" }\n{ \"source\": \"git\", \"url\": \"https://bitbucket.org/acme-corp/plugins.git\", \"ref\": \"production\" }\n{ \"source\": \"git\", \"url\": \"ssh://git@git.example.com/plugins.git\", \"ref\": \"v3.1\", \"path\": \"approved\" }\n```\n\nFields: `url` (required), `ref` (optional: branch/tag/SHA), `path` (optional: subdirectory)\n\n3. **URL-based marketplaces**:\n\n```json theme={null}\n{ \"source\": \"url\", \"url\": \"https://plugins.example.com/marketplace.json\" }\n{ \"source\": \"url\", \"url\": \"https://cdn.example.com/marketplace.json\", \"headers\": { \"Authorization\": \"Bearer ${TOKEN}\" } }\n```\n\nFields: `url` (required), `headers` (optional: HTTP headers for authenticated access)\n\n4. **NPM packages**:\n\n```json theme={null}\n{ \"source\": \"npm\", \"package\": \"@acme-corp/claude-plugins\" }\n{ \"source\": \"npm\", \"package\": \"@acme-corp/approved-marketplace\" }\n```\n\nFields: `package` (required, supports scoped packages)\n\n5. **File paths**:\n\n```json theme={null}\n{ \"source\": \"file\", \"path\": \"/usr/local/share/claude/acme-marketplace.json\" }\n{ \"source\": \"file\", \"path\": \"/opt/acme-corp/plugins/marketplace.json\" }\n```\n\nFields: `path` (required: absolute path to marketplace.json file)\n\n6. **Directory paths**:\n\n```json theme={null}\n{ \"source\": \"directory\", \"path\": \"/usr/local/share/claude/acme-plugins\" }\n{ \"source\": \"directory\", \"path\": \"/opt/acme-corp/approved-marketplaces\" }\n```\n\nFields: `path` (required: absolute path to directory containing `.claude-plugin/marketplace.json`)\n\n**Configuration examples**:\n\nExample - Allow specific marketplaces only:\n\n```json theme={null}\n{\n \"strictKnownMarketplaces\": [\n {\n \"source\": \"github\",\n \"repo\": \"acme-corp/approved-plugins\"\n },\n {\n \"source\": \"github\",\n \"repo\": \"acme-corp/security-tools\",\n \"ref\": \"v2.0\"\n },\n {\n \"source\": \"url\",\n \"url\": \"https://plugins.example.com/marketplace.json\"\n },\n {\n \"source\": \"npm\",\n \"package\": \"@acme-corp/compliance-plugins\"\n }\n ]\n}\n```\n\nExample - Disable all marketplace additions:\n\n```json theme={null}\n{\n \"strictKnownMarketplaces\": []\n}\n```\n\n**Exact matching requirements**:\n\nMarketplace sources must match **exactly** for a user's addition to be allowed. For git-based sources (`github` and `git`), this includes all optional fields:\n\n* The `repo` or `url` must match exactly\n* The `ref` field must match exactly (or both be undefined)\n* The `path` field must match exactly (or both be undefined)\n\nExamples of sources that **do NOT match**:\n\n```json theme={null}\n// These are DIFFERENT sources:\n{ \"source\": \"github\", \"repo\": \"acme-corp/plugins\" }\n{ \"source\": \"github\", \"repo\": \"acme-corp/plugins\", \"ref\": \"main\" }\n\n// These are also DIFFERENT:\n{ \"source\": \"github\", \"repo\": \"acme-corp/plugins\", \"path\": \"marketplace\" }\n{ \"source\": \"github\", \"repo\": \"acme-corp/plugins\" }\n```\n\n**Comparison with `extraKnownMarketplaces`**:\n\n| Aspect | `strictKnownMarketplaces` | `extraKnownMarketplaces` |\n| --------------------- | ------------------------------------ | ------------------------------------ |\n| **Purpose** | Organizational policy enforcement | Team convenience |\n| **Settings file** | `managed-settings.json` only | Any settings file |\n| **Behavior** | Blocks non-allowlisted additions | Auto-installs missing marketplaces |\n| **When enforced** | Before network/filesystem operations | After user trust prompt |\n| **Can be overridden** | No (highest precedence) | Yes (by higher precedence settings) |\n| **Source format** | Direct source object | Named marketplace with nested source |\n| **Use case** | Compliance, security restrictions | Onboarding, standardization |\n\n**Format difference**:\n\n`strictKnownMarketplaces` uses direct source objects:\n\n```json theme={null}\n{\n \"strictKnownMarketplaces\": [\n { \"source\": \"github\", \"repo\": \"acme-corp/plugins\" }\n ]\n}\n```\n\n`extraKnownMarketplaces` requires named marketplaces:\n\n```json theme={null}\n{\n \"extraKnownMarketplaces\": {\n \"acme-tools\": {\n \"source\": { \"source\": \"github\", \"repo\": \"acme-corp/plugins\" }\n }\n }\n}\n```\n\n**Important notes**:\n\n* Restrictions are checked BEFORE any network requests or filesystem operations\n* When blocked, users see clear error messages indicating the source is blocked by managed policy\n* The restriction applies only to adding NEW marketplaces; previously installed marketplaces remain accessible\n* Managed settings have the highest precedence and cannot be overridden\n\nSee [Managed marketplace restrictions](/en/plugin-marketplaces#managed-marketplace-restrictions) for user-facing documentation.\n\n### Managing plugins\n\nUse the `/plugin` command to manage plugins interactively:\n\n* Browse available plugins from marketplaces\n* Install/uninstall plugins\n* Enable/disable plugins\n* View plugin details (commands, agents, hooks provided)\n* Add/remove marketplaces\n\nLearn more about the plugin system in the [plugins documentation](/en/plugins).\n\n## Environment variables\n\nClaude Code supports the following environment variables to control its behavior:\n\n<Note>\n All environment variables can also be configured in [`settings.json`](#available-settings). This is useful as a way to automatically set environment variables for each session, or to roll out a set of environment variables for your whole team or organization.\n</Note>\n\n| Variable | Purpose |\n| :-------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| `ANTHROPIC_API_KEY` | API key sent as `X-Api-Key` header, typically for the Claude SDK (for interactive usage, run `/login`) |\n| `ANTHROPIC_AUTH_TOKEN` | Custom value for the `Authorization` header (the value you set here will be prefixed with `Bearer `) |\n| `ANTHROPIC_CUSTOM_HEADERS` | Custom headers you want to add to the request (in `Name: Value` format) |\n| `ANTHROPIC_DEFAULT_HAIKU_MODEL` | See [Model configuration](/en/model-config#environment-variables) |\n| `ANTHROPIC_DEFAULT_OPUS_MODEL` | See [Model configuration](/en/model-config#environment-variables) |\n| `ANTHROPIC_DEFAULT_SONNET_MODEL` | See [Model configuration](/en/model-config#environment-variables) |\n| `ANTHROPIC_FOUNDRY_API_KEY` | API key for Microsoft Foundry authentication (see [Microsoft Foundry](/en/microsoft-foundry)) |\n| `ANTHROPIC_MODEL` | Name of the model setting to use (see [Model Configuration](/en/model-config#environment-variables)) |\n| `ANTHROPIC_SMALL_FAST_MODEL` | \\[DEPRECATED] Name of [Haiku-class model for background tasks](/en/costs) |\n| `ANTHROPIC_SMALL_FAST_MODEL_AWS_REGION` | Override AWS region for the Haiku-class model when using Bedrock |\n| `AWS_BEARER_TOKEN_BEDROCK` | Bedrock API key for authentication (see [Bedrock API keys](https://aws.amazon.com/blogs/machine-learning/accelerate-ai-development-with-amazon-bedrock-api-keys/)) |\n| `BASH_DEFAULT_TIMEOUT_MS` | Default timeout for long-running bash commands |\n| `BASH_MAX_OUTPUT_LENGTH` | Maximum number of characters in bash outputs before they are middle-truncated |\n| `BASH_MAX_TIMEOUT_MS` | Maximum timeout the model can set for long-running bash commands |\n| `CLAUDE_BASH_MAINTAIN_PROJECT_WORKING_DIR` | Return to the original working directory after each Bash command |\n| `CLAUDE_CODE_API_KEY_HELPER_TTL_MS` | Interval in milliseconds at which credentials should be refreshed (when using `apiKeyHelper`) |\n| `CLAUDE_CODE_CLIENT_CERT` | Path to client certificate file for mTLS authentication |\n| `CLAUDE_CODE_CLIENT_KEY_PASSPHRASE` | Passphrase for encrypted CLAUDE\\_CODE\\_CLIENT\\_KEY (optional) |\n| `CLAUDE_CODE_CLIENT_KEY` | Path to client private key file for mTLS authentication |\n| `CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS` | Set to `1` to disable Anthropic API-specific `anthropic-beta` headers. Use this if experiencing issues like \"Unexpected value(s) for the `anthropic-beta` header\" when using an LLM gateway with third-party providers |\n| `CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC` | Equivalent of setting `DISABLE_AUTOUPDATER`, `DISABLE_BUG_COMMAND`, `DISABLE_ERROR_REPORTING`, and `DISABLE_TELEMETRY` |\n| `CLAUDE_CODE_DISABLE_TERMINAL_TITLE` | Set to `1` to disable automatic terminal title updates based on conversation context |\n| `CLAUDE_CODE_FILE_READ_MAX_OUTPUT_TOKENS` | Override the default token limit for file reads. Useful when you need to read larger files in full |\n| `CLAUDE_CODE_HIDE_ACCOUNT_INFO` | Set to `1` to hide your email address and organization name from the Claude Code UI. Useful when streaming or recording |\n| `CLAUDE_CODE_IDE_SKIP_AUTO_INSTALL` | Skip auto-installation of IDE extensions |\n| `CLAUDE_CODE_MAX_OUTPUT_TOKENS` | Set the maximum number of output tokens for most requests |\n| `CLAUDE_CODE_OTEL_HEADERS_HELPER_DEBOUNCE_MS` | Interval for refreshing dynamic OpenTelemetry headers in milliseconds (default: 1740000 / 29 minutes). See [Dynamic headers](/en/monitoring-usage#dynamic-headers) |\n| `CLAUDE_CODE_SHELL` | Override automatic shell detection. Useful when your login shell differs from your preferred working shell (for example, `bash` vs `zsh`) |\n| `CLAUDE_CODE_SHELL_PREFIX` | Command prefix to wrap all bash commands (for example, for logging or auditing). Example: `/path/to/logger.sh` will execute `/path/to/logger.sh <command>` |\n| `CLAUDE_CODE_SKIP_BEDROCK_AUTH` | Skip AWS authentication for Bedrock (for example, when using an LLM gateway) |\n| `CLAUDE_CODE_SKIP_FOUNDRY_AUTH` | Skip Azure authentication for Microsoft Foundry (for example, when using an LLM gateway) |\n| `CLAUDE_CODE_SKIP_VERTEX_AUTH` | Skip Google authentication for Vertex (for example, when using an LLM gateway) |\n| `CLAUDE_CODE_SUBAGENT_MODEL` | See [Model configuration](/en/model-config) |\n| `CLAUDE_CODE_USE_BEDROCK` | Use [Bedrock](/en/amazon-bedrock) |\n| `CLAUDE_CODE_USE_FOUNDRY` | Use [Microsoft Foundry](/en/microsoft-foundry) |\n| `CLAUDE_CODE_USE_VERTEX` | Use [Vertex](/en/google-vertex-ai) |\n| `CLAUDE_CONFIG_DIR` | Customize where Claude Code stores its configuration and data files |\n| `DISABLE_AUTOUPDATER` | Set to `1` to disable automatic updates. |\n| `DISABLE_BUG_COMMAND` | Set to `1` to disable the `/bug` command |\n| `DISABLE_COST_WARNINGS` | Set to `1` to disable cost warning messages |\n| `DISABLE_ERROR_REPORTING` | Set to `1` to opt out of Sentry error reporting |\n| `DISABLE_NON_ESSENTIAL_MODEL_CALLS` | Set to `1` to disable model calls for non-critical paths like flavor text |\n| `DISABLE_PROMPT_CACHING` | Set to `1` to disable prompt caching for all models (takes precedence over per-model settings) |\n| `DISABLE_PROMPT_CACHING_HAIKU` | Set to `1` to disable prompt caching for Haiku models |\n| `DISABLE_PROMPT_CACHING_OPUS` | Set to `1` to disable prompt caching for Opus models |\n| `DISABLE_PROMPT_CACHING_SONNET` | Set to `1` to disable prompt caching for Sonnet models |\n| `DISABLE_TELEMETRY` | Set to `1` to opt out of Statsig telemetry (note that Statsig events do not include user data like code, file paths, or bash commands) |\n| `HTTP_PROXY` | Specify HTTP proxy server for network connections |\n| `HTTPS_PROXY` | Specify HTTPS proxy server for network connections |\n| `MAX_MCP_OUTPUT_TOKENS` | Maximum number of tokens allowed in MCP tool responses. Claude Code displays a warning when output exceeds 10,000 tokens (default: 25000) |\n| `MAX_THINKING_TOKENS` | Enable [extended thinking](https://docs.claude.com/en/docs/build-with-claude/extended-thinking) and set the token budget for the thinking process. Extended thinking improves performance on complex reasoning and coding tasks but impacts [prompt caching efficiency](https://docs.claude.com/en/docs/build-with-claude/prompt-caching#caching-with-thinking-blocks). Disabled by default. |\n| `MCP_TIMEOUT` | Timeout in milliseconds for MCP server startup |\n| `MCP_TOOL_TIMEOUT` | Timeout in milliseconds for MCP tool execution |\n| `NO_PROXY` | List of domains and IPs to which requests will be directly issued, bypassing proxy |\n| `SLASH_COMMAND_TOOL_CHAR_BUDGET` | Maximum number of characters for slash command metadata shown to [SlashCommand tool](/en/slash-commands#slashcommand-tool) (default: 15000) |\n| `USE_BUILTIN_RIPGREP` | Set to `0` to use system-installed `rg` instead of `rg` included with Claude Code |\n| `VERTEX_REGION_CLAUDE_3_5_HAIKU` | Override region for Claude 3.5 Haiku when using Vertex AI |\n| `VERTEX_REGION_CLAUDE_3_7_SONNET` | Override region for Claude 3.7 Sonnet when using Vertex AI |\n| `VERTEX_REGION_CLAUDE_4_0_OPUS` | Override region for Claude 4.0 Opus when using Vertex AI |\n| `VERTEX_REGION_CLAUDE_4_0_SONNET` | Override region for Claude 4.0 Sonnet when using Vertex AI |\n| `VERTEX_REGION_CLAUDE_4_1_OPUS` | Override region for Claude 4.1 Opus when using Vertex AI |\n\n## Tools available to Claude\n\nClaude Code has access to a set of powerful tools that help it understand and modify your codebase:\n\n| Tool | Description | Permission Required |\n| :------------------ | :------------------------------------------------------------------------------------------------ | :------------------ |\n| **AskUserQuestion** | Asks the user multiple choice questions to gather information or clarify ambiguity | No |\n| **Bash** | Executes shell commands in your environment (see [Bash tool behavior](#bash-tool-behavior) below) | Yes |\n| **BashOutput** | Retrieves output from a background bash shell | No |\n| **Edit** | Makes targeted edits to specific files | Yes |\n| **ExitPlanMode** | Prompts the user to exit plan mode and start coding | Yes |\n| **Glob** | Finds files based on pattern matching | No |\n| **Grep** | Searches for patterns in file contents | No |\n| **KillShell** | Kills a running background bash shell by its ID | No |\n| **NotebookEdit** | Modifies Jupyter notebook cells | Yes |\n| **Read** | Reads the contents of files | No |\n| **Skill** | Executes a skill within the main conversation | Yes |\n| **SlashCommand** | Runs a [custom slash command](/en/slash-commands#slashcommand-tool) | Yes |\n| **Task** | Runs a sub-agent to handle complex, multi-step tasks | No |\n| **TodoWrite** | Creates and manages structured task lists | No |\n| **WebFetch** | Fetches content from a specified URL | Yes |\n| **WebSearch** | Performs web searches with domain filtering | Yes |\n| **Write** | Creates or overwrites files | Yes |\n\nPermission rules can be configured using `/allowed-tools` or in [permission settings](/en/settings#available-settings). Also see [Tool-specific permission rules](/en/iam#tool-specific-permission-rules).\n\n### Bash tool behavior\n\nThe Bash tool executes shell commands with the following persistence behavior:\n\n* **Working directory persists**: When Claude changes the working directory (for example, `cd /path/to/dir`), subsequent Bash commands will execute in that directory. You can use `CLAUDE_BASH_MAINTAIN_PROJECT_WORKING_DIR=1` to reset to the project directory after each command.\n* **Environment variables do NOT persist**: Environment variables set in one Bash command (for example, `export MY_VAR=value`) are **not** available in subsequent Bash commands. Each Bash command runs in a fresh shell environment.\n\nTo make environment variables available in Bash commands, you have **three options**:\n\n**Option 1: Activate environment before starting Claude Code** (simplest approach)\n\nActivate your virtual environment in your terminal before launching Claude Code:\n\n```bash theme={null}\nconda activate myenv\n# or: source /path/to/venv/bin/activate\nclaude\n```\n\nThis works for shell environments but environment variables set within Claude's Bash commands will not persist between commands.\n\n**Option 2: Set CLAUDE\\_ENV\\_FILE before starting Claude Code** (persistent environment setup)\n\nExport the path to a shell script containing your environment setup:\n\n```bash theme={null}\nexport CLAUDE_ENV_FILE=/path/to/env-setup.sh\nclaude\n```\n\nWhere `/path/to/env-setup.sh` contains:\n\n```bash theme={null}\nconda activate myenv\n# or: source /path/to/venv/bin/activate\n# or: export MY_VAR=value\n```\n\nClaude Code will source this file before each Bash command, making the environment persistent across all commands.\n\n**Option 3: Use a SessionStart hook** (project-specific configuration)\n\nConfigure in `.claude/settings.json`:\n\n```json theme={null}\n{\n \"hooks\": {\n \"SessionStart\": [{\n \"matcher\": \"startup\",\n \"hooks\": [{\n \"type\": \"command\",\n \"command\": \"echo 'conda activate myenv' >> \\\"$CLAUDE_ENV_FILE\\\"\"\n }]\n }]\n }\n}\n```\n\nThe hook writes to `$CLAUDE_ENV_FILE`, which is then sourced before each Bash command. This is ideal for team-shared project configurations.\n\nSee [SessionStart hooks](/en/hooks#persisting-environment-variables) for more details on Option 3.\n\n### Extending tools with hooks\n\nYou can run custom commands before or after any tool executes using\n[Claude Code hooks](/en/hooks-guide).\n\nFor example, you could automatically run a Python formatter after Claude\nmodifies Python files, or prevent modifications to production configuration\nfiles by blocking Write operations to certain paths.\n\n## See also\n\n* [Identity and Access Management](/en/iam#configuring-permissions) - Learn about Claude Code's permission system\n* [IAM and access control](/en/iam#managed-settings) - Managed policy configuration\n* [Troubleshooting](/en/troubleshooting#auto-updater-issues) - Solutions for common configuration issues\n\n\n---\n\n> To find navigation and other pages in this documentation, fetch the llms.txt file at: https://code.claude.com/docs/llms.txt","durationMs":230,"url":"https://code.claude.com/docs/en/settings.md"},"sourceToolAssistantUUID":"50c19581-736c-4b8b-9382-aa4345841587"}
{"parentUuid":"53e072e3-fd84-4ce3-9006-720a283d0e73","isSidechain":true,"userType":"external","cwd":"C:\\Users\\MikeSwanson\\claude-projects","sessionId":"80ae4b0b-7fe1-4f71-a1fb-cfb90e991a13","version":"2.1.1","gitBranch":"main","agentId":"abceac8","type":"user","message":{"role":"user","content":[{"tool_use_id":"toolu_01AXGMM7gPKd3ruSQwJKpr8C","type":"tool_result","content":"# Identity and Access Management\n\n> Learn how to configure user authentication, authorization, and access controls for Claude Code in your organization.\n\n## Authentication methods\n\nSetting up Claude Code requires access to Anthropic models. For teams, you can set up Claude Code access in one of four ways:\n\n* Claude API via the Claude Console\n* Amazon Bedrock\n* Microsoft Foundry\n* Google Vertex AI\n\n### Claude API authentication\n\n**To set up Claude Code access for your team via Claude API:**\n\n1. Use your existing Claude Console account or create a new Claude Console account\n2. You can add users through either method below:\n * Bulk invite users from within the Console (Console -> Settings -> Members -> Invite)\n * [Set up SSO](https://support.claude.com/en/articles/10280258-setting-up-single-sign-on-on-the-api-console)\n3. When inviting users, they need one of the following roles:\n * \"Claude Code\" role means users can only create Claude Code API keys\n * \"Developer\" role means users can create any kind of API key\n4. Each invited user needs to complete these steps:\n * Accept the Console invite\n * [Check system requirements](/en/setup#system-requirements)\n * [Install Claude Code](/en/setup#installation)\n * Login with Console account credentials\n\n### Cloud provider authentication\n\n**To set up Claude Code access for your team via Bedrock, Vertex, or Azure:**\n\n1. Follow the [Bedrock docs](/en/amazon-bedrock), [Vertex docs](/en/google-vertex-ai), or [Microsoft Foundry docs](/en/microsoft-foundry)\n2. Distribute the environment variables and instructions for generating cloud credentials to your users. Read more about how to [manage configuration here](/en/settings).\n3. Users can [install Claude Code](/en/setup#installation)\n\n## Access control and permissions\n\nWe support fine-grained permissions so that you're able to specify exactly what the agent is allowed to do (e.g. run tests, run linter) and what it is not allowed to do (e.g. update cloud infrastructure). These permission settings can be checked into version control and distributed to all developers in your organization, as well as customized by individual developers.\n\n### Permission system\n\nClaude Code uses a tiered permission system to balance power and safety:\n\n| Tool Type | Example | Approval Required | \"Yes, don't ask again\" Behavior |\n| :---------------- | :------------------- | :---------------- | :-------------------------------------------- |\n| Read-only | File reads, LS, Grep | No | N/A |\n| Bash Commands | Shell execution | Yes | Permanently per project directory and command |\n| File Modification | Edit/write files | Yes | Until session end |\n\n### Configuring permissions\n\nYou can view & manage Claude Code's tool permissions with `/permissions`. This UI lists all permission rules and the settings.json file they are sourced from.\n\n* **Allow** rules will allow Claude Code to use the specified tool without further manual approval.\n* **Ask** rules will ask the user for confirmation whenever Claude Code tries to use the specified tool. Ask rules take precedence over allow rules.\n* **Deny** rules will prevent Claude Code from using the specified tool. Deny rules take precedence over allow and ask rules.\n* **Additional directories** extend Claude's file access to directories beyond the initial working directory.\n* **Default mode** controls Claude's permission behavior when encountering new requests.\n\nPermission rules use the format: `Tool` or `Tool(optional-specifier)`\n\nA rule that is just the tool name matches any use of that tool. For example, adding `Bash` to the list of allow rules would allow Claude Code to use the Bash tool without requiring user approval.\n\n#### Permission modes\n\nClaude Code supports several permission modes that can be set as the `defaultMode` in [settings files](/en/settings#settings-files):\n\n| Mode | Description |\n| :------------------ | :------------------------------------------------------------------------------------------------------------------------ |\n| `default` | Standard behavior - prompts for permission on first use of each tool |\n| `acceptEdits` | Automatically accepts file edit permissions for the session |\n| `plan` | Plan Mode - Claude can analyze but not modify files or execute commands |\n| `dontAsk` | Auto-denies tools unless pre-approved via `/permissions` or [`permissions.allow`](/en/settings#permission-settings) rules |\n| `bypassPermissions` | Skips all permission prompts (requires safe environment - see warning below) |\n\n#### Working directories\n\nBy default, Claude has access to files in the directory where it was launched. You can extend this access:\n\n* **During startup**: Use `--add-dir <path>` CLI argument\n* **During session**: Use `/add-dir` slash command\n* **Persistent configuration**: Add to `additionalDirectories` in [settings files](/en/settings#settings-files)\n\nFiles in additional directories follow the same permission rules as the original working directory - they become readable without prompts, and file editing permissions follow the current permission mode.\n\n#### Tool-specific permission rules\n\nSome tools support more fine-grained permission controls:\n\n**Bash**\n\nBash permission rules support both prefix matching with `:*` and wildcard matching with `*`:\n\n* `Bash(npm run build)` Matches the exact Bash command `npm run build`\n* `Bash(npm run test:*)` Matches Bash commands starting with `npm run test`\n* `Bash(npm *)` Matches any command starting with `npm ` (e.g., `npm install`, `npm run build`)\n* `Bash(* install)` Matches any command ending with ` install` (e.g., `npm install`, `yarn install`)\n* `Bash(git * main)` Matches commands like `git checkout main`, `git merge main`\n\n<Tip>\n Claude Code is aware of shell operators (like `&&`) so a prefix match rule like `Bash(safe-cmd:*)` won't give it permission to run the command `safe-cmd && other-cmd`\n</Tip>\n\n<Warning>\n Important limitations of Bash permission patterns:\n\n 1. The `:*` wildcard only works at the end of a pattern for prefix matching\n 2. The `*` wildcard can appear at any position and matches any sequence of characters\n 3. Patterns like `Bash(curl http://github.com/:*)` can be bypassed in many ways:\n * Options before URL: `curl -X GET http://github.com/...` won't match\n * Different protocol: `curl https://github.com/...` won't match\n * Redirects: `curl -L http://bit.ly/xyz` (redirects to github)\n * Variables: `URL=http://github.com && curl $URL` won't match\n * Extra spaces: `curl http://github.com` won't match\n\n For more reliable URL filtering, consider:\n\n * Using the WebFetch tool with `WebFetch(domain:github.com)` permission\n * Instructing Claude Code about your allowed curl patterns via CLAUDE.md\n * Using hooks for custom permission validation\n</Warning>\n\n**Read & Edit**\n\n`Edit` rules apply to all built-in tools that edit files. Claude will make a best-effort attempt to apply `Read` rules to all built-in tools that read files like Grep, Glob, and LS.\n\nRead & Edit rules both follow the [gitignore](https://git-scm.com/docs/gitignore) specification with four distinct pattern types:\n\n| Pattern | Meaning | Example | Matches |\n| ------------------ | -------------------------------------- | -------------------------------- | ---------------------------------- |\n| `//path` | **Absolute** path from filesystem root | `Read(//Users/alice/secrets/**)` | `/Users/alice/secrets/**` |\n| `~/path` | Path from **home** directory | `Read(~/Documents/*.pdf)` | `/Users/alice/Documents/*.pdf` |\n| `/path` | Path **relative to settings file** | `Edit(/src/**/*.ts)` | `<settings file path>/src/**/*.ts` |\n| `path` or `./path` | Path **relative to current directory** | `Read(*.env)` | `<cwd>/*.env` |\n\n<Warning>\n A pattern like `/Users/alice/file` is NOT an absolute path - it's relative to your settings file! Use `//Users/alice/file` for absolute paths.\n</Warning>\n\n* `Edit(/docs/**)` - Edits in `<project>/docs/` (NOT `/docs/`!)\n* `Read(~/.zshrc)` - Reads your home directory's `.zshrc`\n* `Edit(//tmp/scratch.txt)` - Edits the absolute path `/tmp/scratch.txt`\n* `Read(src/**)` - Reads from `<current-directory>/src/`\n\n**WebFetch**\n\n* `WebFetch(domain:example.com)` Matches fetch requests to example.com\n\n**MCP**\n\n* `mcp__puppeteer` Matches any tool provided by the `puppeteer` server (name configured in Claude Code)\n* `mcp__puppeteer__*` Wildcard syntax that also matches all tools from the `puppeteer` server\n* `mcp__puppeteer__puppeteer_navigate` Matches the `puppeteer_navigate` tool provided by the `puppeteer` server\n\n**Task (Subagents)**\n\nUse `Task(AgentName)` rules to control which [subagents](/en/sub-agents) Claude can use:\n\n* `Task(Explore)` Matches the Explore subagent\n* `Task(Plan)` Matches the Plan subagent\n* `Task(Verify)` Matches the Verify subagent\n\nAdd these rules to the `deny` array in your [settings](/en/settings#permission-settings) or use the `--disallowedTools` CLI flag to disable specific agents. For example, to disable the Explore agent:\n\n```json theme={null}\n{\n \"permissions\": {\n \"deny\": [\"Task(Explore)\"]\n }\n}\n```\n\n### Additional permission control with hooks\n\n[Claude Code hooks](/en/hooks-guide) provide a way to register custom shell commands to perform permission evaluation at runtime. When Claude Code makes a tool call, PreToolUse hooks run before the permission system runs, and the hook output can determine whether to approve or deny the tool call in place of the permission system.\n\n### Managed settings\n\nFor organizations that need centralized control over Claude Code configuration, administrators can deploy `managed-settings.json` files to [system directories](/en/settings#settings-files). These policy files follow the same format as regular settings files and cannot be overridden by user or project settings.\n\n### Settings precedence\n\nWhen multiple settings sources exist, they are applied in the following order (highest to lowest precedence):\n\n1. Managed settings (`managed-settings.json`)\n2. Command line arguments\n3. Local project settings (`.claude/settings.local.json`)\n4. Shared project settings (`.claude/settings.json`)\n5. User settings (`~/.claude/settings.json`)\n\nThis hierarchy ensures that organizational policies are always enforced while still allowing flexibility at the project and user levels where appropriate.\n\n## Credential management\n\nClaude Code securely manages your authentication credentials:\n\n* **Storage location**: On macOS, API keys, OAuth tokens, and other credentials are stored in the encrypted macOS Keychain.\n* **Supported authentication types**: Claude.ai credentials, Claude API credentials, Azure Auth, Bedrock Auth, and Vertex Auth.\n* **Custom credential scripts**: The [`apiKeyHelper`](/en/settings#available-settings) setting can be configured to run a shell script that returns an API key.\n* **Refresh intervals**: By default, `apiKeyHelper` is called after 5 minutes or on HTTP 401 response. Set `CLAUDE_CODE_API_KEY_HELPER_TTL_MS` environment variable for custom refresh intervals.\n\n\n---\n\n> To find navigation and other pages in this documentation, fetch the llms.txt file at: https://code.claude.com/docs/llms.txt"}]},"uuid":"e4d1eddd-577b-4612-9d7b-61ce9d721244","timestamp":"2026-01-08T16:23:01.792Z","toolUseResult":{"bytes":11898,"code":200,"codeText":"OK","result":"# Identity and Access Management\n\n> Learn how to configure user authentication, authorization, and access controls for Claude Code in your organization.\n\n## Authentication methods\n\nSetting up Claude Code requires access to Anthropic models. For teams, you can set up Claude Code access in one of four ways:\n\n* Claude API via the Claude Console\n* Amazon Bedrock\n* Microsoft Foundry\n* Google Vertex AI\n\n### Claude API authentication\n\n**To set up Claude Code access for your team via Claude API:**\n\n1. Use your existing Claude Console account or create a new Claude Console account\n2. You can add users through either method below:\n * Bulk invite users from within the Console (Console -> Settings -> Members -> Invite)\n * [Set up SSO](https://support.claude.com/en/articles/10280258-setting-up-single-sign-on-on-the-api-console)\n3. When inviting users, they need one of the following roles:\n * \"Claude Code\" role means users can only create Claude Code API keys\n * \"Developer\" role means users can create any kind of API key\n4. Each invited user needs to complete these steps:\n * Accept the Console invite\n * [Check system requirements](/en/setup#system-requirements)\n * [Install Claude Code](/en/setup#installation)\n * Login with Console account credentials\n\n### Cloud provider authentication\n\n**To set up Claude Code access for your team via Bedrock, Vertex, or Azure:**\n\n1. Follow the [Bedrock docs](/en/amazon-bedrock), [Vertex docs](/en/google-vertex-ai), or [Microsoft Foundry docs](/en/microsoft-foundry)\n2. Distribute the environment variables and instructions for generating cloud credentials to your users. Read more about how to [manage configuration here](/en/settings).\n3. Users can [install Claude Code](/en/setup#installation)\n\n## Access control and permissions\n\nWe support fine-grained permissions so that you're able to specify exactly what the agent is allowed to do (e.g. run tests, run linter) and what it is not allowed to do (e.g. update cloud infrastructure). These permission settings can be checked into version control and distributed to all developers in your organization, as well as customized by individual developers.\n\n### Permission system\n\nClaude Code uses a tiered permission system to balance power and safety:\n\n| Tool Type | Example | Approval Required | \"Yes, don't ask again\" Behavior |\n| :---------------- | :------------------- | :---------------- | :-------------------------------------------- |\n| Read-only | File reads, LS, Grep | No | N/A |\n| Bash Commands | Shell execution | Yes | Permanently per project directory and command |\n| File Modification | Edit/write files | Yes | Until session end |\n\n### Configuring permissions\n\nYou can view & manage Claude Code's tool permissions with `/permissions`. This UI lists all permission rules and the settings.json file they are sourced from.\n\n* **Allow** rules will allow Claude Code to use the specified tool without further manual approval.\n* **Ask** rules will ask the user for confirmation whenever Claude Code tries to use the specified tool. Ask rules take precedence over allow rules.\n* **Deny** rules will prevent Claude Code from using the specified tool. Deny rules take precedence over allow and ask rules.\n* **Additional directories** extend Claude's file access to directories beyond the initial working directory.\n* **Default mode** controls Claude's permission behavior when encountering new requests.\n\nPermission rules use the format: `Tool` or `Tool(optional-specifier)`\n\nA rule that is just the tool name matches any use of that tool. For example, adding `Bash` to the list of allow rules would allow Claude Code to use the Bash tool without requiring user approval.\n\n#### Permission modes\n\nClaude Code supports several permission modes that can be set as the `defaultMode` in [settings files](/en/settings#settings-files):\n\n| Mode | Description |\n| :------------------ | :------------------------------------------------------------------------------------------------------------------------ |\n| `default` | Standard behavior - prompts for permission on first use of each tool |\n| `acceptEdits` | Automatically accepts file edit permissions for the session |\n| `plan` | Plan Mode - Claude can analyze but not modify files or execute commands |\n| `dontAsk` | Auto-denies tools unless pre-approved via `/permissions` or [`permissions.allow`](/en/settings#permission-settings) rules |\n| `bypassPermissions` | Skips all permission prompts (requires safe environment - see warning below) |\n\n#### Working directories\n\nBy default, Claude has access to files in the directory where it was launched. You can extend this access:\n\n* **During startup**: Use `--add-dir <path>` CLI argument\n* **During session**: Use `/add-dir` slash command\n* **Persistent configuration**: Add to `additionalDirectories` in [settings files](/en/settings#settings-files)\n\nFiles in additional directories follow the same permission rules as the original working directory - they become readable without prompts, and file editing permissions follow the current permission mode.\n\n#### Tool-specific permission rules\n\nSome tools support more fine-grained permission controls:\n\n**Bash**\n\nBash permission rules support both prefix matching with `:*` and wildcard matching with `*`:\n\n* `Bash(npm run build)` Matches the exact Bash command `npm run build`\n* `Bash(npm run test:*)` Matches Bash commands starting with `npm run test`\n* `Bash(npm *)` Matches any command starting with `npm ` (e.g., `npm install`, `npm run build`)\n* `Bash(* install)` Matches any command ending with ` install` (e.g., `npm install`, `yarn install`)\n* `Bash(git * main)` Matches commands like `git checkout main`, `git merge main`\n\n<Tip>\n Claude Code is aware of shell operators (like `&&`) so a prefix match rule like `Bash(safe-cmd:*)` won't give it permission to run the command `safe-cmd && other-cmd`\n</Tip>\n\n<Warning>\n Important limitations of Bash permission patterns:\n\n 1. The `:*` wildcard only works at the end of a pattern for prefix matching\n 2. The `*` wildcard can appear at any position and matches any sequence of characters\n 3. Patterns like `Bash(curl http://github.com/:*)` can be bypassed in many ways:\n * Options before URL: `curl -X GET http://github.com/...` won't match\n * Different protocol: `curl https://github.com/...` won't match\n * Redirects: `curl -L http://bit.ly/xyz` (redirects to github)\n * Variables: `URL=http://github.com && curl $URL` won't match\n * Extra spaces: `curl http://github.com` won't match\n\n For more reliable URL filtering, consider:\n\n * Using the WebFetch tool with `WebFetch(domain:github.com)` permission\n * Instructing Claude Code about your allowed curl patterns via CLAUDE.md\n * Using hooks for custom permission validation\n</Warning>\n\n**Read & Edit**\n\n`Edit` rules apply to all built-in tools that edit files. Claude will make a best-effort attempt to apply `Read` rules to all built-in tools that read files like Grep, Glob, and LS.\n\nRead & Edit rules both follow the [gitignore](https://git-scm.com/docs/gitignore) specification with four distinct pattern types:\n\n| Pattern | Meaning | Example | Matches |\n| ------------------ | -------------------------------------- | -------------------------------- | ---------------------------------- |\n| `//path` | **Absolute** path from filesystem root | `Read(//Users/alice/secrets/**)` | `/Users/alice/secrets/**` |\n| `~/path` | Path from **home** directory | `Read(~/Documents/*.pdf)` | `/Users/alice/Documents/*.pdf` |\n| `/path` | Path **relative to settings file** | `Edit(/src/**/*.ts)` | `<settings file path>/src/**/*.ts` |\n| `path` or `./path` | Path **relative to current directory** | `Read(*.env)` | `<cwd>/*.env` |\n\n<Warning>\n A pattern like `/Users/alice/file` is NOT an absolute path - it's relative to your settings file! Use `//Users/alice/file` for absolute paths.\n</Warning>\n\n* `Edit(/docs/**)` - Edits in `<project>/docs/` (NOT `/docs/`!)\n* `Read(~/.zshrc)` - Reads your home directory's `.zshrc`\n* `Edit(//tmp/scratch.txt)` - Edits the absolute path `/tmp/scratch.txt`\n* `Read(src/**)` - Reads from `<current-directory>/src/`\n\n**WebFetch**\n\n* `WebFetch(domain:example.com)` Matches fetch requests to example.com\n\n**MCP**\n\n* `mcp__puppeteer` Matches any tool provided by the `puppeteer` server (name configured in Claude Code)\n* `mcp__puppeteer__*` Wildcard syntax that also matches all tools from the `puppeteer` server\n* `mcp__puppeteer__puppeteer_navigate` Matches the `puppeteer_navigate` tool provided by the `puppeteer` server\n\n**Task (Subagents)**\n\nUse `Task(AgentName)` rules to control which [subagents](/en/sub-agents) Claude can use:\n\n* `Task(Explore)` Matches the Explore subagent\n* `Task(Plan)` Matches the Plan subagent\n* `Task(Verify)` Matches the Verify subagent\n\nAdd these rules to the `deny` array in your [settings](/en/settings#permission-settings) or use the `--disallowedTools` CLI flag to disable specific agents. For example, to disable the Explore agent:\n\n```json theme={null}\n{\n \"permissions\": {\n \"deny\": [\"Task(Explore)\"]\n }\n}\n```\n\n### Additional permission control with hooks\n\n[Claude Code hooks](/en/hooks-guide) provide a way to register custom shell commands to perform permission evaluation at runtime. When Claude Code makes a tool call, PreToolUse hooks run before the permission system runs, and the hook output can determine whether to approve or deny the tool call in place of the permission system.\n\n### Managed settings\n\nFor organizations that need centralized control over Claude Code configuration, administrators can deploy `managed-settings.json` files to [system directories](/en/settings#settings-files). These policy files follow the same format as regular settings files and cannot be overridden by user or project settings.\n\n### Settings precedence\n\nWhen multiple settings sources exist, they are applied in the following order (highest to lowest precedence):\n\n1. Managed settings (`managed-settings.json`)\n2. Command line arguments\n3. Local project settings (`.claude/settings.local.json`)\n4. Shared project settings (`.claude/settings.json`)\n5. User settings (`~/.claude/settings.json`)\n\nThis hierarchy ensures that organizational policies are always enforced while still allowing flexibility at the project and user levels where appropriate.\n\n## Credential management\n\nClaude Code securely manages your authentication credentials:\n\n* **Storage location**: On macOS, API keys, OAuth tokens, and other credentials are stored in the encrypted macOS Keychain.\n* **Supported authentication types**: Claude.ai credentials, Claude API credentials, Azure Auth, Bedrock Auth, and Vertex Auth.\n* **Custom credential scripts**: The [`apiKeyHelper`](/en/settings#available-settings) setting can be configured to run a shell script that returns an API key.\n* **Refresh intervals**: By default, `apiKeyHelper` is called after 5 minutes or on HTTP 401 response. Set `CLAUDE_CODE_API_KEY_HELPER_TTL_MS` environment variable for custom refresh intervals.\n\n\n---\n\n> To find navigation and other pages in this documentation, fetch the llms.txt file at: https://code.claude.com/docs/llms.txt","durationMs":310,"url":"https://code.claude.com/docs/en/iam.md"},"sourceToolAssistantUUID":"53e072e3-fd84-4ce3-9006-720a283d0e73"}
{"parentUuid":"e4d1eddd-577b-4612-9d7b-61ce9d721244","isSidechain":true,"userType":"external","cwd":"C:\\Users\\MikeSwanson\\claude-projects","sessionId":"80ae4b0b-7fe1-4f71-a1fb-cfb90e991a13","version":"2.1.1","gitBranch":"main","agentId":"abceac8","message":{"model":"claude-haiku-4-5-20251001","id":"msg_01LnHQdzmx1XrHmBLFAmm16G","type":"message","role":"assistant","content":[{"type":"text","text":"Perfect! Now I have the comprehensive documentation about permissions. Let me provide you with clear, practical guidance on enabling permissions in Claude Code.\n\n## How to Enable Permissions in Claude Code\n\nClaude Code (not \"AutoCoder\") uses a permission system to control what tools it can access, including web searches and other operations. Here's how to configure permissions:\n\n### Quick Access: The `/permissions` Command\n\nThe easiest way to manage permissions is to run:\n\n```\n/permissions\n```\n\nThis opens a UI where you can:\n- View all permission rules\n- See which settings files they come from\n- Grant \"Always allow\" permissions for tools you use frequently\n- Manage allow, deny, and ask rules\n\n### Configuration Locations\n\nPermissions are stored in JSON settings files with this hierarchy (highest to lowest priority):\n\n1. **Managed settings** - System-wide (IT deployment, can't override)\n2. **Local project settings** - `.claude/settings.local.json` (your machine only)\n3. **Shared project settings** - `.claude/settings.json` (checked into git, team-wide)\n4. **User settings** - `~/.claude/settings.json` (your personal defaults)\n\n### Permission Formats for Common Tools\n\nHere are the exact formats for the tools you're likely interested in:\n\n**WebSearch (web searches)**\n```json\n\"allow\": [\"WebSearch\"]\n```\n\n**WebFetch (fetch page content)**\n```json\n\"allow\": [\"WebFetch(domain:github.com)\"]\n```\n\n**Bash commands**\n```json\n\"allow\": [\"Bash(npm run:*)\"]\n```\n\n**File operations**\n```json\n\"allow\": [\"Read(src/**)\", \"Edit(src/**)\"]\n```\n\n### Complete Example Configuration\n\nHere's a `.claude/settings.json` example for a project (notice I've already configured `WebSearch` in your user settings):\n\n```json\n{\n \"permissions\": {\n \"allow\": [\n \"WebSearch\",\n \"WebFetch(domain:github.com)\",\n \"WebFetch(domain:raw.githubusercontent.com)\",\n \"Bash(npm run:*)\",\n \"Bash(git:*)\"\n ],\n \"deny\": [\n \"Read(.env)\",\n \"Read(.env.*)\",\n \"Read(./secrets/**)\"\n ],\n \"ask\": [\n \"Bash(git push:*)\"\n ]\n }\n}\n```\n\n### Permission Modes\n\nYou can also set a default permission mode in settings:\n\n```json\n{\n \"permissions\": {\n \"defaultMode\": \"acceptEdits\"\n }\n}\n```\n\n**Available modes:**\n- `default` - Prompts for permission on first use\n- `acceptEdits` - Auto-accepts file edits for the session\n- `plan` - Analysis-only, no execution\n- `dontAsk` - Auto-denies unless pre-approved\n- `bypassPermissions` - Skips all prompts (risky, not recommended)\n\n### Permission Rules Syntax\n\n| Format | Matches |\n|--------|---------|\n| `WebSearch` | All web searches |\n| `WebFetch(domain:example.com)` | Fetches from example.com |\n| `Bash(npm:*)` | Any command starting with `npm` |\n| `Bash(npm run test:*)` | Commands like `npm run test:*` |\n| `Read(src/**)` | Reading files in src directory |\n| `Edit(/docs/**)` | Editing in docs folder |\n\n### What Permissions Do You Already Have?\n\nBased on your current `settings.json` file (in `C:\\Users\\MikeSwanson\\.claude\\`), you already have:\n\n- `WebSearch` enabled\n- `WebFetch` for multiple domains (github.com, raw.githubusercontent.com, deepwiki.com, etc.)\n- Extensive Bash permissions (git, ssh, docker, npm, python, etc.)\n- Read access to `.claude/` directory\n\n### \"Always Allow\" When Prompted\n\nWhen Claude Code asks for a permission you know you'll use often:\n\n1. Grant the permission in that prompt\n2. Select \"Always allow\" or \"Yes, don't ask again\"\n3. The permission is added to your appropriate settings file\n\n### Deny Rules (Protect Sensitive Files)\n\nAlways use deny rules to protect sensitive data:\n\n```json\n{\n \"permissions\": {\n \"deny\": [\n \"Read(.env)\",\n \"Read(.env.*)\",\n \"Read(./secrets/**)\",\n \"Read(~/.aws/**)\",\n \"Read(./config/credentials.json)\"\n ]\n }\n}\n```\n\n### Key Points\n\n- **Ask rules take precedence** over allow rules - if a tool is in both, Claude will ask\n- **Deny rules always win** - they block even if allowed elsewhere\n- **Bash patterns have limitations** - use WebFetch instead for URL filtering\n- **\"Always allow\" is session-specific** for file edits (until you close Claude Code), but permanent for bash commands in a project\n\n### Related Documentation\n\nFor more details, see the official Claude Code documentation:\n- [Settings and Permissions](https://code.claude.com/docs/en/settings.md)\n- [Identity and Access Management (IAM)](https://code.claude.com/docs/en/iam.md)\n- [Security Best Practices](https://code.claude.com/docs/en/security.md)\n\nWould you like help configuring specific permissions for your project, or do you have questions about any particular tool?"}],"stop_reason":null,"stop_sequence":null,"usage":{"input_tokens":7,"cache_creation_input_tokens":16885,"cache_read_input_tokens":14598,"cache_creation":{"ephemeral_5m_input_tokens":16885,"ephemeral_1h_input_tokens":0},"output_tokens":1296,"service_tier":"standard"}},"requestId":"req_011CWvDgNuhLzrJ23ioS3BoZ","type":"assistant","uuid":"b66bb96b-04ec-48e0-a52b-c1c4da47278a","timestamp":"2026-01-08T16:23:15.080Z"}
Reference in New Issue View Git Blame Copy Permalink