/config command in an interactive session, which opens a tabbed Settings interface where you can view status information and modify configuration options. From v2.1.181, you can change a single option without opening the interface by passing key=value to /config, for example /config verbose=true.
Configuration scopes
Claude Code uses a scope system to determine where configurations apply and who they’re shared with. Understanding scopes helps you decide how to configure Claude Code for personal use, team collaboration, or enterprise deployment.Available scopes
When to use each scope
Managed scope is for:- Security policies that must be enforced organization-wide
- Compliance requirements that can’t be overridden
- Standardized configurations deployed by IT/DevOps
- Personal preferences you want everywhere (themes, editor settings)
- Tools and plugins you use across all projects
- API keys and authentication (stored securely)
- Team-shared settings (permissions, hooks, MCP servers)
- Plugins the whole team should have
- Standardizing tooling across collaborators
- Personal overrides for a specific project
- Testing configurations before sharing with the team
- Machine-specific settings that won’t work for others
How scopes interact
When the same setting appears in multiple scopes, Claude Code applies them in priority order:- Managed (highest): can’t be overridden by anything
- Command line arguments: temporary session overrides
- Local: overrides project and user settings
- Project: overrides user settings
- User (lowest): applies when nothing else specifies the setting
spinnerTipsEnabled to true and project settings set it to false, the project value applies. Permission rules behave differently because they merge across scopes rather than override. See Settings precedence.
What uses scopes
Scopes apply to many Claude Code features:
On Windows, paths shown as
~/.claude resolve to %USERPROFILE%\.claude.
Settings files
Thesettings.json file is the official mechanism for configuring Claude
Code through hierarchical settings:
-
User settings are defined in
~/.claude/settings.jsonand apply to all projects. -
Project settings are saved in your project directory:
-
.claude/settings.jsonfor settings that are checked into source control and shared with your team -
.claude/settings.local.jsonfor settings that are not checked in, useful for personal preferences and experimentation. When Claude Code creates.claude/settings.local.json, it configures git to ignore the file. If you create the file yourself, add it to your gitignore manually. Claude Code reads and writes this file at the root of the git repository, resolved through worktrees to the main checkout, so one file covers sessions started in any subdirectory or worktree of the repository. The file stays in the directory you start Claude Code from in three cases: outside a git repository, when the repository root is your home directory, and in Agent SDK sessions.Claude Code also saves permanent “don’t ask again” permission approvals, such as Bash command approvals, to this file. Because this file is yours rather than the repository’s, its permissionBefore v2.1.211, the file always lived in the starting directory. Claude Code still reads a.claude/settings.local.jsonthat an earlier version left there. When both files set the same key, the repository root’s value wins, except that permission rules from both files stay in effect.allowrules take effect without the workspace trust step that.claude/settings.jsonallow rules require. If the repository supplies the file, for example by committing it, workspace trust still applies.
-
-
Managed settings: For organizations that need centralized control, Claude Code supports multiple delivery mechanisms for managed settings. All use the same JSON format and cannot be overridden by user or project settings:
- Server-managed settings: delivered remotely at sign-in, either from Anthropic’s servers via the claude.ai admin console or from a self-hosted Claude apps gateway. See server-managed settings.
-
MDM/OS-level policies: delivered through native device management on macOS and Windows:
- macOS:
com.anthropic.claudecodemanaged preferences domain. The plist’s top-level keys mirrormanaged-settings.json, with nested settings as dictionaries and arrays as plist arrays. Deploy via configuration profiles in Jamf, Iru (Kandji), or similar MDM tools. - Windows:
HKLM\SOFTWARE\Policies\ClaudeCoderegistry key with aSettingsvalue (REG_SZ or REG_EXPAND_SZ) containing JSON (deployed via Group Policy or Intune) - Windows (user-level):
HKCU\SOFTWARE\Policies\ClaudeCode(lowest policy priority, only used when no admin-level source exists)
- macOS:
-
File-based:
managed-settings.jsonandmanaged-mcp.jsondeployed to system directories:- macOS:
/Library/Application Support/ClaudeCode/ - Linux and WSL:
/etc/claude-code/ - Windows:
C:\Program Files\ClaudeCode\
managed-settings.d/in the same system directory alongsidemanaged-settings.json. This lets separate teams deploy independent policy fragments without coordinating edits to a single file. Following the systemd convention,managed-settings.jsonis merged first as the base, then all*.jsonfiles in the drop-in directory are sorted alphabetically and merged on top. Later files override earlier ones for scalar values, arrays are concatenated and de-duplicated, and objects are deep-merged. Hidden files starting with.are ignored. Use numeric prefixes to control merge order, for example10-telemetry.jsonand20-security.json. - macOS:
Managed deployments can also restrict plugin marketplace additions usingstrictKnownMarketplaces. For more information, see Managed marketplace restrictions. -
Other configuration is stored in
~/.claude.json. This file contains your OAuth session, MCP server configurations for user and local scopes, per-project state (allowed tools, trust settings), and various caches. Project-scoped MCP servers are stored separately in.mcp.json.
Claude Code automatically creates timestamped backups of configuration files and retains the five most recent backups to prevent data loss.
- To apply it to all of your projects, save it as
~/.claude/settings.json. This file lives in your home directory rather than in any project, so Claude Code reads it in every session regardless of which project you open. - To share it with collaborators on one project, save it as
.claude/settings.jsonin that project. Claude Code reads this file from the directory the session runs in, so it applies only to that project, and checking it into source control gives every collaborator the same settings.
Example settings.json
$schema line in the example above points to the official JSON schema for Claude Code settings. Adding it to your settings.json enables autocomplete and inline validation in VS Code, Cursor, and any other editor that supports JSON schema validation.
The published schema is updated periodically and may not include settings added in the most recent CLI releases, so a validation warning on a recently documented field does not necessarily mean your configuration is invalid.
When edits take effect
Claude Code watches your settings files and reloads them when they change, so edits to most keys apply to the running session without a restart. This includespermissions, hooks, and credential helpers like apiKeyHelper. The reload covers user, project, local, and managed settings, and the ConfigChange hook fires for each detected change.
A few keys are read once at session start and apply on the next restart instead:
model: use/modelto switch mid-sessionoutputStyle: part of the system prompt, which is rebuilt on/clearor restart
Invalid entries in managed settings
Managed settings parse tolerantly. When a managed configuration contains an entry that fails schema validation, Claude Code strips that entry, records a warning, and enforces every remaining valid policy. A single typo cannot disable the rest of your organization’s policy. Run/doctor to list stripped entries with their source file and field.
This behavior is consistent across all three delivery mechanisms: server-managed settings, plist and registry policies deployed through MDM, and managed-settings.json files. Requires Claude Code v2.1.169 or later.
Security-enforcement fields are handled per field instead of being stripped wholesale when they are present but invalid:
requiredMinimumVersion and requiredMaximumVersion fail open by design: an invalid value is stripped rather than enforced, so a bad policy push cannot prevent Claude Code from starting.
Validation errors surface in three places:
- Interactive sessions show a dialog at startup listing the invalid entries.
- Headless runs with
-pprint a summary to stderr. claude doctorlists each invalid entry with its source and field.
claude doctor on a test machine before deploying them fleet-wide.
This tolerance applies only to managed settings. User, project, and local settings files remain strict: a file that fails validation is rejected as a whole and reported.
Available settings
settings.json supports a number of options:
Global config settings
These settings are stored in~/.claude.json rather than settings.json. If you add these keys to settings.json, Claude Code silently ignores them at startup, so double-check the table below for which file each key belongs in.
Versions before v2.1.119 also store a number of
/config preference keys here instead of in settings.json, including theme, verbose, editorMode, autoCompactEnabled, and preferredNotifChannel.Worktree settings
Configure how--worktree creates and manages git worktrees.
To copy gitignored files like
.env into new worktrees, use a .worktreeinclude file in your project root instead of a setting.
Permission settings
Permission rule syntax
Permission rules follow the formatTool or Tool(specifier). Rules are evaluated in order: deny rules first, then ask, then allow. The first match determines the outcome regardless of rule specificity. See the permission rule evaluation order for details.
Quick examples:
For the complete rule syntax reference, including wildcard behavior, tool-specific patterns for Read, Edit, WebFetch, MCP, and Agent rules, and security limitations of Bash patterns, see Permission rule syntax.
Sandbox settings
Configure advanced sandboxing behavior. Sandboxing isolates bash commands from your filesystem and network. See Sandboxing for details.Sandbox path prefixes
Paths infilesystem.allowWrite, filesystem.denyWrite, filesystem.denyRead, filesystem.allowRead, and credentials.files support these prefixes:
The older
//path prefix for absolute paths still works. If you previously used single-slash /path expecting project-relative resolution, switch to ./path.
This syntax differs from Read and Edit permission rules, which use //path for absolute and /path for project-relative. Sandbox filesystem paths use standard conventions: /tmp/build is an absolute path.
Configuration example:
sandbox.filesystemsettings (shown above): Control paths at the OS-level sandbox boundary. These restrictions apply to all subprocess commands (e.g.,kubectl,terraform,npm), not just Claude’s file tools.- Permission rules: Use
Editallow/deny rules to control Claude’s file tool access,Readdeny rules to block reads (aReaddeny rule also blocks the Edit tool on the matching paths), andWebFetchallow/deny rules to control network domains. Paths from these rules are also merged into the sandbox configuration.
Attribution settings
Claude Code adds attribution to git commits and pull requests. These are configured separately:- Commits use git trailers (like
Co-Authored-By) by default, which can be customized or disabled - Pull request descriptions are plain text
Default commit attribution:
The
attribution setting takes precedence over the deprecated includeCoAuthoredBy setting. To hide all attribution, set commit and pr to empty strings and sessionUrl to false.File suggestion settings
Configure a custom command for@ file path autocomplete. The built-in file suggestion uses fast filesystem traversal, but large monorepos may benefit from project-specific indexing such as a pre-built file index or custom tooling.
CLAUDE_PROJECT_DIR. It receives JSON via stdin with a query field:
Footer link badges
ThefooterLinksRegexes setting renders extra clickable badges in the footer below the input box. Use it to turn IDs printed by project CLIs, such as review tools and issue trackers, into session links.
Each entry’s pattern regex is matched against turn output: tool results, including file contents and fetched pages, and Claude’s own responses. {name} placeholders in url and label are filled from named capture groups in the pattern.
The following example renders a badge whenever an issue key like PROJ-1234 appears in turn output. The (?<key>...) named group captures the key, and {key} substitutes it into the URL and label:
~/.claude/settings.json
PROJ-1234 appears in a tool result or in Claude’s reply, a PROJ-1234 badge appears in the footer linking to https://issues.example.com/browse/PROJ-1234.
The following constraints apply to each entry:
When a turn completes, Claude Code matches each entry’s
pattern regex against the turn output on the main thread, so a slow regex blocks the UI until it finishes. Nested quantifiers such as (a+)+$ can take exponentially long against certain inputs and freeze the session, so keep each pattern linear and avoid nesting + or *.
Footer badges render alongside a custom status line when one is configured; neither replaces the other. Use a status line for a script-driven row that computes its own content from session data, and footer badges to turn IDs from the conversation into links without a script.
Hook configuration
These settings control which hooks are allowed to run and what HTTP hooks can access. TheallowManagedHooksOnly setting can only be configured in managed settings. The URL and env var allowlists can be set at any settings level and merge across sources.
Behavior when allowManagedHooksOnly is true:
- Managed hooks and SDK hooks are loaded
- Hooks from plugins force-enabled in managed settings
enabledPluginsare loaded. This lets administrators distribute vetted hooks through an organization marketplace while blocking everything else. Trust is granted by fullplugin@marketplaceID, so a plugin with the same name from a different marketplace stays blocked - User hooks, project hooks, and all other plugin hooks are blocked
* as a wildcard for matching. When the array is defined, HTTP hooks targeting non-matching URLs are silently blocked. Hostname matching is case-insensitive and ignores a trailing FQDN dot, matching DNS semantics.
allowedEnvVars is the intersection of its own list and this setting.
Compute managed settings with a policy helper
ThepolicyHelper setting points at an executable that computes managed settings at startup, so admins can derive policy from device posture, identity, or a remote service instead of a static file. Configure it from MDM or a system managed-settings.json file. Claude Code ignores policyHelper when it appears in any other scope, including user settings, project settings, the HKCU registry hive, and server-managed settings.
The setting accepts these keys:
The helper writes a JSON envelope to stdout. Put the settings under a
managedSettings key rather than at the top level, since a bare settings object parses with managedSettings undefined and applies nothing:
managedSettings, that object becomes the only managed settings source for the run, taking precedence over remote, MDM, and file-based sources. When the helper exits non-zero at startup, Claude Code prints the error and refuses to start, so a helper that needs outage resilience should serve from its own cache and exit 0.
Settings precedence
Settings apply in order of precedence. From highest to lowest:-
Managed settings (server-managed, MDM/OS-level policies, or managed settings)
- Policies deployed by IT through server delivery, MDM configuration profiles, registry policies, or managed settings files
- Cannot be overridden by any other level, including command line arguments
- Within the managed tier, only one source is used and the others are ignored rather than merged. Precedence, highest first:
policyHelperoutput: when configured, this is the only managed source used- Remote (claude.ai server-managed or Claude apps gateway-delivered)
- MDM/OS-level policies
- File-based (
managed-settings.d/*.jsonandmanaged-settings.json, merged together) - HKCU registry (Windows only)
- A few keys are exceptions, honored when any admin-controlled managed source sets them rather than only the winning source. The user-writable HKCU registry source is excluded. The exception keys are:
- the sandbox lock keys
sandbox.network.allowManagedDomainsOnlyandsandbox.filesystem.allowManagedReadPathsOnly, with their associated allowlists allowAllClaudeAiMcps- the sandbox binary paths
sandbox.bwrapPathandsandbox.socatPath forceRemoteSettingsRefresh
- the sandbox lock keys
- Embedding hosts such as Claude Desktop can supply policy via the SDK
managedSettingsoption. By default this is ignored when an admin-deployed managed source is present: server-managed settings, an MDM or OS-level policy, or a managed settings file. The user-writable HKCU registry fallback does not count as an admin-deployed source. Administrators can opt in by settingparentSettingsBehaviorto"merge". The embedder’s values are filtered so they can tighten managed policy but not loosen it.
-
Command line arguments
- Temporary overrides for a specific session. JSON passed via
--settings <file-or-json>merges with file-based settings using the same rules as the other layers: a key set here overrides the same key in local, project, or user settings, and omitting a key leaves the lower-layer value in place
- Temporary overrides for a specific session. JSON passed via
-
Local project settings (
.claude/settings.local.json)- Personal project-specific settings
-
Shared project settings (
.claude/settings.json)- Team-shared project settings in source control
-
User settings (
~/.claude/settings.json)- Personal global settings
permissions.defaultMode to acceptEdits and a project’s shared settings set it to default, the project value applies. The example below covers how array-valued settings such as permission rules combine instead.
Array settings merge across scopes. When the same array-valued setting (such as
sandbox.filesystem.allowWrite or permissions.allow) appears in multiple scopes, the arrays are concatenated and deduplicated, not replaced. This means lower-priority scopes can add entries without overriding those set by higher-priority scopes, and vice versa. For example, if managed settings set allowWrite to ["/opt/company-tools"] and a user adds ["~/.kube"], both paths are included in the final configuration.Two array settings do not merge this way:fallbackModelis an ordered chain where position carries meaning: the highest-precedence file that defines it supplies the entire value.availableModels: when the highest-precedence managed source defines it, that list applies as-is and user, project, and local entries cannot extend it. Across non-managed scopes the arrays merge as usual. See Merge behavior.
Verify active settings
Run/status inside Claude Code to see which settings sources are active. Inside the menu, the Status tab includes a Setting sources line that lists each layer Claude Code loaded for the current session, such as User settings or Project local settings. When managed settings are in effect, the entry shows the delivery channel in parentheses, for example Enterprise managed settings (remote), (plist), (HKLM), (HKCU), or (file). The remote channel covers both claude.ai server-managed settings and Claude apps gateway-delivered policies. A layer appears in the list only when that source is loaded with at least one key, so an empty list means no settings sources were found.
The Setting sources line confirms which sources are being read. It does not show which layer supplied each individual key. The Config tab in the same dialog is an editor for a fixed set of toggles such as theme and verbose output, not a view of your settings.json contents.
If a user, project, or local settings file contains errors, such as invalid JSON or a value that fails validation, an interactive session shows a Settings Error dialog at startup. The dialog lets you fix the file with Claude’s help, exit, or continue without the broken settings.
After you continue, /status lists the affected files. Run claude doctor to see the details for each error.
Managed settings entries that fail validation follow the more tolerant flow described in Invalid entries in managed settings: the file isn’t rejected as a whole, and the remaining valid policies stay enforced.
Key points about the configuration system
- Memory files (
CLAUDE.md): Contain instructions and context that Claude loads at startup - Settings files (JSON): Configure permissions, environment variables, and tool behavior
- Skills: Custom prompts that can be invoked with
/skill-nameor loaded by Claude automatically - MCP servers: Extend Claude Code with additional tools and integrations
- Precedence: Higher-level configurations (Managed) override lower-level ones (User/Project)
- Inheritance: Settings merge across scopes; scalar values from higher-priority scopes override, and arrays concatenate, with two exceptions described in the array-merge Note
System prompt
Claude Code’s internal system prompt is not published. To add custom instructions, useCLAUDE.md files or the --append-system-prompt flag.
Exclude sensitive files
To prevent Claude Code from accessing files containing sensitive information like API keys, secrets, and environment files, use thepermissions.deny setting in your .claude/settings.json file:
ignorePatterns configuration. Files matching these patterns are excluded from file discovery and search results, and read operations on these files are denied.
Subagent configuration
Claude Code supports custom AI subagents that can be configured at both user and project levels. These subagents are stored as Markdown files with YAML frontmatter:- User subagents:
~/.claude/agents/, available across all your projects - Project subagents:
.claude/agents/, specific to your project and shareable with your team
Plugin configuration
Claude Code supports a plugin system that lets you extend functionality with skills, agents, hooks, and MCP servers. Plugins are distributed through marketplaces and can be configured at both user and repository levels.Plugin settings
Plugin-related settings insettings.json:
enabledPlugins
Controls which plugins are enabled. Format: "plugin-name@marketplace-name": true/false. A plugin with no entry at any scope falls back to its defaultEnabled value.
Scopes:
- User settings (
~/.claude/settings.json): Personal plugin preferences - Project settings (
.claude/settings.json): Project-specific plugins shared with team - Local settings (
.claude/settings.local.json): Per-machine overrides, gitignored when Claude Code creates it - Managed settings (
managed-settings.json): Organization-wide policy overrides that block installation at all scopes and hide the plugin from the marketplace
Project settings take precedence over user settings, so setting a plugin to
false in ~/.claude/settings.json does not disable a plugin that the project’s .claude/settings.json enables. To opt out of a project-enabled plugin on your machine, set it to false in .claude/settings.local.json instead.Plugins force-enabled by managed settings cannot be disabled this way, since managed settings override local settings.Enabling a plugin from an external source such as a GitHub repository or npm package in a project’s .claude/settings.json doesn’t install it for other people. As of Claude Code v2.1.195, every path that loads plugins asks each user to install and trust the plugin before it runs.pluginConfigs
Stores the non-sensitive option values a plugin’s userConfig prompt collects, keyed by plugin ID. Claude Code writes this key to user settings when you fill in the plugin’s configuration dialog, so you don’t need to edit it by hand. Sensitive options are stored in the macOS Keychain instead, or in ~/.claude/.credentials.json on platforms without a supported keychain.
This example stores one option for a plugin installed from the acme-tools marketplace:
pluginConfigs is read from user settings, the --settings flag, and managed settings only. Entries in a project’s .claude/settings.json or .claude/settings.local.json are ignored, because these values are substituted into plugin hook, MCP, and LSP configurations, and a cloned repository must not be able to supply them. Before v2.1.207, project and local settings were also read.
extraKnownMarketplaces
Defines additional marketplaces that should be made available for the repository. Typically used in repository-level settings to ensure team members have access to required plugin sources.
When a repository includes extraKnownMarketplaces:
- Team members are prompted to install the marketplace when they trust the folder
- Team members are then prompted to install plugins from that marketplace
- Users can skip unwanted marketplaces or plugins (stored in user settings)
- Installation respects trust boundaries and requires explicit consent
github: GitHub repository (usesrepo)git: Any git URL (usesurl)directory: Local filesystem path (usespath, for development only)hostPattern: regex pattern to match marketplace hosts (useshostPattern)settings: inline marketplace declared directly in settings.json without a separate hosted repository (usesnameandplugins)
git source type works with any git hosting service, including self-hosted GitLab and Bitbucket. Claude Code clones the repository with the same authentication that git clone would use on that machine: configured credential helpers or SSH keys. A provider token such as GITHUB_TOKEN takes effect only through a credential helper that reads it. See Private repositories for setup details.
For github and git sources, set "skipLfs": true inside the source object (alongside repo or url) to skip Git LFS downloads when Claude Code clones or updates the marketplace repository. LFS pointer files remain as pointers instead of downloading their content. Use this when the repository contains large LFS objects unrelated to plugin content. Requires Claude Code v2.1.153 or later.
Each marketplace entry also accepts an optional autoUpdate Boolean. Set "autoUpdate": true alongside source to make Claude Code refresh that marketplace and update its installed plugins in the background after startup. When omitted, official Anthropic marketplaces default to true and all other marketplaces default to false. See Configure auto-updates.
Use source: 'settings' to declare a small set of plugins inline without setting up a hosted marketplace repository. Plugins listed here must reference external sources such as GitHub or npm. You still need to enable each plugin separately in enabledPlugins.
strictKnownMarketplaces
Managed settings only: Controls which plugin marketplaces users are allowed to add and install plugins from. This setting can only be configured in managed settings and provides administrators with strict control over marketplace sources.
Managed settings file locations:
- macOS:
/Library/Application Support/ClaudeCode/managed-settings.json - Linux and WSL:
/etc/claude-code/managed-settings.json - Windows:
C:\Program Files\ClaudeCode\managed-settings.json
- Only available in managed settings (
managed-settings.json) - Cannot be overridden by user or project settings (highest precedence)
- Enforced before network and filesystem operations, so blocked sources never run
- Uses exact matching for source specifications (including
ref,pathfor git sources), excepthostPatternandpathPattern, which use regex matching
undefined(default): no restrictions, so users can add any marketplace- Empty array
[]: complete lockdown, so users can’t add any new marketplaces - List of sources: users can only add marketplaces that match exactly
hostPattern and pathPattern use regex matching against the marketplace host and filesystem path respectively.
- GitHub repositories:
repo (required), ref (optional: branch or tag), path (optional: subdirectory)
- Git repositories:
url (required), ref (optional: branch or tag), path (optional: subdirectory)
- URL-based marketplaces:
url (required), headers (optional: HTTP headers for authenticated access)
URL-based marketplaces only download the
marketplace.json file. They do not download plugin files from the server. Plugins in URL-based marketplaces must use external sources (GitHub, npm, or git URLs) rather than relative paths. For plugins with relative paths, use a Git-based marketplace instead. See Troubleshooting for details.- NPM packages:
package (required, supports scoped packages)
- File paths:
path (required: absolute path to marketplace.json file)
- Directory paths:
path (required: absolute path to directory containing .claude-plugin/marketplace.json)
- Host pattern matching:
hostPattern (required: regex pattern to match against the marketplace host)
Use host pattern matching when you want to allow all marketplaces from a specific host without enumerating each repository individually. This is useful for organizations with internal GitHub Enterprise or GitLab servers where developers create their own marketplaces.
Host extraction by source type:
github: always matches againstgithub.comgit: extracts hostname from the URL (supports both HTTPS and SSH formats)url: extracts hostname from the URLnpm,file,directory: not supported for host pattern matching
- Path pattern matching:
pathPattern (required: regex pattern matched against the path field of file and directory sources)
Use path pattern matching to allow filesystem-based marketplaces alongside hostPattern restrictions for network sources. Set ".*" to allow all local paths, or a narrower pattern to restrict to specific directories.
Configuration examples:
Example: allow specific marketplaces only:
github and git), this includes all optional fields:
- The
repoorurlmust match exactly - The
reffield must match exactly (or both be undefined) - The
pathfield must match exactly (or both be undefined)
extraKnownMarketplaces:
Format difference:
strictKnownMarketplaces uses direct source objects:
extraKnownMarketplaces requires named marketplaces:
strictKnownMarketplaces is a policy gate: it controls what users may add but does not register any marketplaces. To both restrict and pre-register a marketplace for all users, set both in managed-settings.json:
strictKnownMarketplaces set, users can still add the allowed marketplace manually via /plugin marketplace add, but it is not available automatically.
Important notes:
- Restrictions are checked before any network requests or filesystem operations
- When blocked, users see clear error messages indicating the source is blocked by managed policy
- The restriction is enforced on marketplace add and on plugin install, update, refresh, and auto-update. A marketplace added before the policy was set cannot be used to install or update plugins once its source no longer matches the allowlist
- Managed settings have the highest precedence and cannot be overridden
strictPluginOnlyCustomization
Managed settings only: blocks skills, agents, hooks, and MCP servers from user and project sources, so they can only come from plugins or managed settings. Combine it with strictKnownMarketplaces to control the full customization supply chain: the marketplace allowlist controls which plugins users can install, and this setting blocks everything that doesn’t come from a plugin or from managed settings.
The value is either true to lock all four surfaces, or an array naming the surfaces to lock:
Surface names that a Claude Code version doesn’t recognize are ignored rather than failing the settings file, so you can add new surface names before all clients have updated.
Manage plugins
Use the/plugin command to manage plugins interactively:
- Browse available plugins from marketplaces
- Install/uninstall plugins
- Enable/disable plugins
- View plugin details (skills, agents, hooks provided)
- Add/remove marketplaces
Environment variables
Environment variables let you control Claude Code behavior without editing settings files. Any variable can also be configured insettings.json under the env key to apply it to every session or roll it out to your team.
See the environment variables reference for the full list.
Tools available to Claude
Claude Code has access to a set of tools for reading, editing, searching, running commands, and orchestrating subagents. Tool names are the exact strings you use in permission rules and hook matchers. See the tools reference for the full list and Bash tool behavior details.See also
- Permissions: permission system, rule syntax, tool-specific patterns, and managed policies
- Authentication: set up user access to Claude Code
- Debug your configuration: diagnose why a setting, hook, or MCP server isn’t taking effect
- Troubleshoot installation and login: installation, authentication, and platform issues