Skip to main content
Claude Code offers a variety of settings to configure its behavior to meet your needs. You can configure Claude Code by running the /config command in an interactive session, which opens a tabbed Settings interface where you can view status information and modify configuration options. From v2.1.181, you can change a single option without opening the interface by passing key=value to /config, for example /config verbose=true.

Configuration scopes

Claude Code uses a scope system to determine where configurations apply and who they’re shared with. Understanding scopes helps you decide how to configure Claude Code for personal use, team collaboration, or enterprise deployment.

Available scopes

When to use each scope

Managed scope is for:
  • Security policies that must be enforced organization-wide
  • Compliance requirements that can’t be overridden
  • Standardized configurations deployed by IT/DevOps
User scope is best for:
  • Personal preferences you want everywhere (themes, editor settings)
  • Tools and plugins you use across all projects
  • API keys and authentication (stored securely)
Project scope is best for:
  • Team-shared settings (permissions, hooks, MCP servers)
  • Plugins the whole team should have
  • Standardizing tooling across collaborators
Local scope is best for:
  • Personal overrides for a specific project
  • Testing configurations before sharing with the team
  • Machine-specific settings that won’t work for others

How scopes interact

When the same setting appears in multiple scopes, Claude Code applies them in priority order:
  1. Managed (highest): can’t be overridden by anything
  2. Command line arguments: temporary session overrides
  3. Local: overrides project and user settings
  4. Project: overrides user settings
  5. User (lowest): applies when nothing else specifies the setting
For example, if your user settings set spinnerTipsEnabled to true and project settings set it to false, the project value applies. Permission rules behave differently because they merge across scopes rather than override. See Settings precedence.

What uses scopes

Scopes apply to many Claude Code features: On Windows, paths shown as ~/.claude resolve to %USERPROFILE%\.claude.

Settings files

The settings.json file is the official mechanism for configuring Claude Code through hierarchical settings:
  • User settings are defined in ~/.claude/settings.json and apply to all projects.
  • Project settings are saved in your project directory:
    • .claude/settings.json for settings that are checked into source control and shared with your team
    • .claude/settings.local.json for settings that are not checked in, useful for personal preferences and experimentation. When Claude Code creates .claude/settings.local.json, it configures git to ignore the file. If you create the file yourself, add it to your gitignore manually. Claude Code reads and writes this file at the root of the git repository, resolved through worktrees to the main checkout, so one file covers sessions started in any subdirectory or worktree of the repository. The file stays in the directory you start Claude Code from in three cases: outside a git repository, when the repository root is your home directory, and in Agent SDK sessions.
      Before v2.1.211, the file always lived in the starting directory. Claude Code still reads a .claude/settings.local.json that an earlier version left there. When both files set the same key, the repository root’s value wins, except that permission rules from both files stay in effect.
      Claude Code also saves permanent “don’t ask again” permission approvals, such as Bash command approvals, to this file. Because this file is yours rather than the repository’s, its permission allow rules take effect without the workspace trust step that .claude/settings.json allow rules require. If the repository supplies the file, for example by committing it, workspace trust still applies.
  • Managed settings: For organizations that need centralized control, Claude Code supports multiple delivery mechanisms for managed settings. All use the same JSON format and cannot be overridden by user or project settings:
    • Server-managed settings: delivered remotely at sign-in, either from Anthropic’s servers via the claude.ai admin console or from a self-hosted Claude apps gateway. See server-managed settings.
    • MDM/OS-level policies: delivered through native device management on macOS and Windows:
      • macOS: com.anthropic.claudecode managed preferences domain. The plist’s top-level keys mirror managed-settings.json, with nested settings as dictionaries and arrays as plist arrays. Deploy via configuration profiles in Jamf, Iru (Kandji), or similar MDM tools.
      • Windows: HKLM\SOFTWARE\Policies\ClaudeCode registry key with a Settings value (REG_SZ or REG_EXPAND_SZ) containing JSON (deployed via Group Policy or Intune)
      • Windows (user-level): HKCU\SOFTWARE\Policies\ClaudeCode (lowest policy priority, only used when no admin-level source exists)
    • File-based: managed-settings.json and managed-mcp.json deployed to system directories:
      • macOS: /Library/Application Support/ClaudeCode/
      • Linux and WSL: /etc/claude-code/
      • Windows: C:\Program Files\ClaudeCode\
      The legacy Windows path C:\ProgramData\ClaudeCode\managed-settings.json is no longer supported as of v2.1.75. Administrators who deployed settings to that location must migrate files to C:\Program Files\ClaudeCode\managed-settings.json.
      File-based managed settings also support a drop-in directory at managed-settings.d/ in the same system directory alongside managed-settings.json. This lets separate teams deploy independent policy fragments without coordinating edits to a single file. Following the systemd convention, managed-settings.json is merged first as the base, then all *.json files in the drop-in directory are sorted alphabetically and merged on top. Later files override earlier ones for scalar values, arrays are concatenated and de-duplicated, and objects are deep-merged. Hidden files starting with . are ignored. Use numeric prefixes to control merge order, for example 10-telemetry.json and 20-security.json.
    See managed settings and Managed MCP configuration for details. This repository includes starter deployment templates for Jamf, Iru (Kandji), Intune, and Group Policy. Use these as starting points and adjust them to fit your needs.
    Managed deployments can also restrict plugin marketplace additions using strictKnownMarketplaces. For more information, see Managed marketplace restrictions.
  • Other configuration is stored in ~/.claude.json. This file contains your OAuth session, MCP server configurations for user and local scopes, per-project state (allowed tools, trust settings), and various caches. Project-scoped MCP servers are stored separately in .mcp.json.
Claude Code automatically creates timestamped backups of configuration files and retains the five most recent backups to prevent data loss.
The following example works in any of the settings file locations above. Where you save the file determines where it applies:
  • To apply it to all of your projects, save it as ~/.claude/settings.json. This file lives in your home directory rather than in any project, so Claude Code reads it in every session regardless of which project you open.
  • To share it with collaborators on one project, save it as .claude/settings.json in that project. Claude Code reads this file from the directory the session runs in, so it applies only to that project, and checking it into source control gives every collaborator the same settings.
Example settings.json
The $schema line in the example above points to the official JSON schema for Claude Code settings. Adding it to your settings.json enables autocomplete and inline validation in VS Code, Cursor, and any other editor that supports JSON schema validation. The published schema is updated periodically and may not include settings added in the most recent CLI releases, so a validation warning on a recently documented field does not necessarily mean your configuration is invalid.
After you edit a settings file, run /status inside Claude Code to confirm it was loaded. The Setting sources line lists each settings source loaded for the current session; a source appears once it loads with at least one setting, so a file with broken JSON doesn’t appear even if it contains settings. See Verify active settings.

When edits take effect

Claude Code watches your settings files and reloads them when they change, so edits to most keys apply to the running session without a restart. This includes permissions, hooks, and credential helpers like apiKeyHelper. The reload covers user, project, local, and managed settings, and the ConfigChange hook fires for each detected change. A few keys are read once at session start and apply on the next restart instead:
  • model: use /model to switch mid-session
  • outputStyle: part of the system prompt, which is rebuilt on /clear or restart

Invalid entries in managed settings

Managed settings parse tolerantly. When a managed configuration contains an entry that fails schema validation, Claude Code strips that entry, records a warning, and enforces every remaining valid policy. A single typo cannot disable the rest of your organization’s policy. Run /doctor to list stripped entries with their source file and field. This behavior is consistent across all three delivery mechanisms: server-managed settings, plist and registry policies deployed through MDM, and managed-settings.json files. Requires Claude Code v2.1.169 or later. Security-enforcement fields are handled per field instead of being stripped wholesale when they are present but invalid: requiredMinimumVersion and requiredMaximumVersion fail open by design: an invalid value is stripped rather than enforced, so a bad policy push cannot prevent Claude Code from starting. Validation errors surface in three places:
  • Interactive sessions show a dialog at startup listing the invalid entries.
  • Headless runs with -p print a summary to stderr.
  • claude doctor lists each invalid entry with its source and field.
Validate policy changes by running claude doctor on a test machine before deploying them fleet-wide. This tolerance applies only to managed settings. User, project, and local settings files remain strict: a file that fails validation is rejected as a whole and reported.

Available settings

settings.json supports a number of options:

Global config settings

These settings are stored in ~/.claude.json rather than settings.json. If you add these keys to settings.json, Claude Code silently ignores them at startup, so double-check the table below for which file each key belongs in.
Versions before v2.1.119 also store a number of /config preference keys here instead of in settings.json, including theme, verbose, editorMode, autoCompactEnabled, and preferredNotifChannel.

Worktree settings

Configure how --worktree creates and manages git worktrees. To copy gitignored files like .env into new worktrees, use a .worktreeinclude file in your project root instead of a setting.

Permission settings

Permission rule syntax

Permission rules follow the format Tool or Tool(specifier). Rules are evaluated in order: deny rules first, then ask, then allow. The first match determines the outcome regardless of rule specificity. See the permission rule evaluation order for details. Quick examples: For the complete rule syntax reference, including wildcard behavior, tool-specific patterns for Read, Edit, WebFetch, MCP, and Agent rules, and security limitations of Bash patterns, see Permission rule syntax.

Sandbox settings

Configure advanced sandboxing behavior. Sandboxing isolates bash commands from your filesystem and network. See Sandboxing for details.

Sandbox path prefixes

Paths in filesystem.allowWrite, filesystem.denyWrite, filesystem.denyRead, filesystem.allowRead, and credentials.files support these prefixes: The older //path prefix for absolute paths still works. If you previously used single-slash /path expecting project-relative resolution, switch to ./path. This syntax differs from Read and Edit permission rules, which use //path for absolute and /path for project-relative. Sandbox filesystem paths use standard conventions: /tmp/build is an absolute path. Configuration example:
Filesystem and network restrictions can be configured in two ways that are merged together:
  • sandbox.filesystem settings (shown above): Control paths at the OS-level sandbox boundary. These restrictions apply to all subprocess commands (e.g., kubectl, terraform, npm), not just Claude’s file tools.
  • Permission rules: Use Edit allow/deny rules to control Claude’s file tool access, Read deny rules to block reads (a Read deny rule also blocks the Edit tool on the matching paths), and WebFetch allow/deny rules to control network domains. Paths from these rules are also merged into the sandbox configuration.

Attribution settings

Claude Code adds attribution to git commits and pull requests. These are configured separately:
  • Commits use git trailers (like Co-Authored-By) by default, which can be customized or disabled
  • Pull request descriptions are plain text
Default commit attribution:
The model name in the trailer reflects the active model for the session. Default pull request attribution:
Example:
The attribution setting takes precedence over the deprecated includeCoAuthoredBy setting. To hide all attribution, set commit and pr to empty strings and sessionUrl to false.

File suggestion settings

Configure a custom command for @ file path autocomplete. The built-in file suggestion uses fast filesystem traversal, but large monorepos may benefit from project-specific indexing such as a pre-built file index or custom tooling.
The command runs with the same environment variables as hooks, including CLAUDE_PROJECT_DIR. It receives JSON via stdin with a query field:
Output newline-separated file paths to stdout (currently limited to 15):
Example:
The footerLinksRegexes setting renders extra clickable badges in the footer below the input box. Use it to turn IDs printed by project CLIs, such as review tools and issue trackers, into session links. Each entry’s pattern regex is matched against turn output: tool results, including file contents and fetched pages, and Claude’s own responses. {name} placeholders in url and label are filled from named capture groups in the pattern. The following example renders a badge whenever an issue key like PROJ-1234 appears in turn output. The (?<key>...) named group captures the key, and {key} substitutes it into the URL and label:
~/.claude/settings.json
With this configured, when PROJ-1234 appears in a tool result or in Claude’s reply, a PROJ-1234 badge appears in the footer linking to https://issues.example.com/browse/PROJ-1234. The following constraints apply to each entry: When a turn completes, Claude Code matches each entry’s pattern regex against the turn output on the main thread, so a slow regex blocks the UI until it finishes. Nested quantifiers such as (a+)+$ can take exponentially long against certain inputs and freeze the session, so keep each pattern linear and avoid nesting + or *. Footer badges render alongside a custom status line when one is configured; neither replaces the other. Use a status line for a script-driven row that computes its own content from session data, and footer badges to turn IDs from the conversation into links without a script.

Hook configuration

These settings control which hooks are allowed to run and what HTTP hooks can access. The allowManagedHooksOnly setting can only be configured in managed settings. The URL and env var allowlists can be set at any settings level and merge across sources. Behavior when allowManagedHooksOnly is true:
  • Managed hooks and SDK hooks are loaded
  • Hooks from plugins force-enabled in managed settings enabledPlugins are loaded. This lets administrators distribute vetted hooks through an organization marketplace while blocking everything else. Trust is granted by full plugin@marketplace ID, so a plugin with the same name from a different marketplace stays blocked
  • User hooks, project hooks, and all other plugin hooks are blocked
Restrict HTTP hook URLs: Limit which URLs HTTP hooks can target. Supports * as a wildcard for matching. When the array is defined, HTTP hooks targeting non-matching URLs are silently blocked. Hostname matching is case-insensitive and ignores a trailing FQDN dot, matching DNS semantics.
Restrict HTTP hook environment variables: Limit which environment variable names HTTP hooks can interpolate into header values. Each hook’s effective allowedEnvVars is the intersection of its own list and this setting.

Compute managed settings with a policy helper

The policyHelper setting points at an executable that computes managed settings at startup, so admins can derive policy from device posture, identity, or a remote service instead of a static file. Configure it from MDM or a system managed-settings.json file. Claude Code ignores policyHelper when it appears in any other scope, including user settings, project settings, the HKCU registry hive, and server-managed settings. The setting accepts these keys: The helper writes a JSON envelope to stdout. Put the settings under a managedSettings key rather than at the top level, since a bare settings object parses with managedSettings undefined and applies nothing:
When the helper emits managedSettings, that object becomes the only managed settings source for the run, taking precedence over remote, MDM, and file-based sources. When the helper exits non-zero at startup, Claude Code prints the error and refuses to start, so a helper that needs outage resilience should serve from its own cache and exit 0.

Settings precedence

Settings apply in order of precedence. From highest to lowest:
  1. Managed settings (server-managed, MDM/OS-level policies, or managed settings)
    • Policies deployed by IT through server delivery, MDM configuration profiles, registry policies, or managed settings files
    • Cannot be overridden by any other level, including command line arguments
    • Within the managed tier, only one source is used and the others are ignored rather than merged. Precedence, highest first:
      • policyHelper output: when configured, this is the only managed source used
      • Remote (claude.ai server-managed or Claude apps gateway-delivered)
      • MDM/OS-level policies
      • File-based (managed-settings.d/*.json and managed-settings.json, merged together)
      • HKCU registry (Windows only)
    • A few keys are exceptions, honored when any admin-controlled managed source sets them rather than only the winning source. The user-writable HKCU registry source is excluded. The exception keys are:
      • the sandbox lock keys sandbox.network.allowManagedDomainsOnly and sandbox.filesystem.allowManagedReadPathsOnly, with their associated allowlists
      • allowAllClaudeAiMcps
      • the sandbox binary paths sandbox.bwrapPath and sandbox.socatPath
      • forceRemoteSettingsRefresh
    • Embedding hosts such as Claude Desktop can supply policy via the SDK managedSettings option. By default this is ignored when an admin-deployed managed source is present: server-managed settings, an MDM or OS-level policy, or a managed settings file. The user-writable HKCU registry fallback does not count as an admin-deployed source. Administrators can opt in by setting parentSettingsBehavior to "merge". The embedder’s values are filtered so they can tighten managed policy but not loosen it.
  2. Command line arguments
    • Temporary overrides for a specific session. JSON passed via --settings <file-or-json> merges with file-based settings using the same rules as the other layers: a key set here overrides the same key in local, project, or user settings, and omitting a key leaves the lower-layer value in place
  3. Local project settings (.claude/settings.local.json)
    • Personal project-specific settings
  4. Shared project settings (.claude/settings.json)
    • Team-shared project settings in source control
  5. User settings (~/.claude/settings.json)
    • Personal global settings
This hierarchy ensures that organizational policies are always enforced while still allowing teams and individuals to customize their experience. The same precedence applies whether you run Claude Code from the CLI, the VS Code extension, or a JetBrains IDE. For example, if your user settings set permissions.defaultMode to acceptEdits and a project’s shared settings set it to default, the project value applies. The example below covers how array-valued settings such as permission rules combine instead.
Array settings merge across scopes. When the same array-valued setting (such as sandbox.filesystem.allowWrite or permissions.allow) appears in multiple scopes, the arrays are concatenated and deduplicated, not replaced. This means lower-priority scopes can add entries without overriding those set by higher-priority scopes, and vice versa. For example, if managed settings set allowWrite to ["/opt/company-tools"] and a user adds ["~/.kube"], both paths are included in the final configuration.Two array settings do not merge this way:

Verify active settings

Run /status inside Claude Code to see which settings sources are active. Inside the menu, the Status tab includes a Setting sources line that lists each layer Claude Code loaded for the current session, such as User settings or Project local settings. When managed settings are in effect, the entry shows the delivery channel in parentheses, for example Enterprise managed settings (remote), (plist), (HKLM), (HKCU), or (file). The remote channel covers both claude.ai server-managed settings and Claude apps gateway-delivered policies. A layer appears in the list only when that source is loaded with at least one key, so an empty list means no settings sources were found. The Setting sources line confirms which sources are being read. It does not show which layer supplied each individual key. The Config tab in the same dialog is an editor for a fixed set of toggles such as theme and verbose output, not a view of your settings.json contents. If a user, project, or local settings file contains errors, such as invalid JSON or a value that fails validation, an interactive session shows a Settings Error dialog at startup. The dialog lets you fix the file with Claude’s help, exit, or continue without the broken settings. After you continue, /status lists the affected files. Run claude doctor to see the details for each error. Managed settings entries that fail validation follow the more tolerant flow described in Invalid entries in managed settings: the file isn’t rejected as a whole, and the remaining valid policies stay enforced.

Key points about the configuration system

  • Memory files (CLAUDE.md): Contain instructions and context that Claude loads at startup
  • Settings files (JSON): Configure permissions, environment variables, and tool behavior
  • Skills: Custom prompts that can be invoked with /skill-name or loaded by Claude automatically
  • MCP servers: Extend Claude Code with additional tools and integrations
  • Precedence: Higher-level configurations (Managed) override lower-level ones (User/Project)
  • Inheritance: Settings merge across scopes; scalar values from higher-priority scopes override, and arrays concatenate, with two exceptions described in the array-merge Note

System prompt

Claude Code’s internal system prompt is not published. To add custom instructions, use CLAUDE.md files or the --append-system-prompt flag.

Exclude sensitive files

To prevent Claude Code from accessing files containing sensitive information like API keys, secrets, and environment files, use the permissions.deny setting in your .claude/settings.json file:
This replaces the deprecated ignorePatterns configuration. Files matching these patterns are excluded from file discovery and search results, and read operations on these files are denied.

Subagent configuration

Claude Code supports custom AI subagents that can be configured at both user and project levels. These subagents are stored as Markdown files with YAML frontmatter:
  • User subagents: ~/.claude/agents/, available across all your projects
  • Project subagents: .claude/agents/, specific to your project and shareable with your team
Subagent files define specialized AI assistants with custom prompts and tool permissions. Learn more about creating and using subagents in the subagents documentation.

Plugin configuration

Claude Code supports a plugin system that lets you extend functionality with skills, agents, hooks, and MCP servers. Plugins are distributed through marketplaces and can be configured at both user and repository levels.

Plugin settings

Plugin-related settings in settings.json:

enabledPlugins

Controls which plugins are enabled. Format: "plugin-name@marketplace-name": true/false. A plugin with no entry at any scope falls back to its defaultEnabled value. Scopes:
  • User settings (~/.claude/settings.json): Personal plugin preferences
  • Project settings (.claude/settings.json): Project-specific plugins shared with team
  • Local settings (.claude/settings.local.json): Per-machine overrides, gitignored when Claude Code creates it
  • Managed settings (managed-settings.json): Organization-wide policy overrides that block installation at all scopes and hide the plugin from the marketplace
Project settings take precedence over user settings, so setting a plugin to false in ~/.claude/settings.json does not disable a plugin that the project’s .claude/settings.json enables. To opt out of a project-enabled plugin on your machine, set it to false in .claude/settings.local.json instead.Plugins force-enabled by managed settings cannot be disabled this way, since managed settings override local settings.Enabling a plugin from an external source such as a GitHub repository or npm package in a project’s .claude/settings.json doesn’t install it for other people. As of Claude Code v2.1.195, every path that loads plugins asks each user to install and trust the plugin before it runs.
Example:

pluginConfigs

Stores the non-sensitive option values a plugin’s userConfig prompt collects, keyed by plugin ID. Claude Code writes this key to user settings when you fill in the plugin’s configuration dialog, so you don’t need to edit it by hand. Sensitive options are stored in the macOS Keychain instead, or in ~/.claude/.credentials.json on platforms without a supported keychain. This example stores one option for a plugin installed from the acme-tools marketplace:
pluginConfigs is read from user settings, the --settings flag, and managed settings only. Entries in a project’s .claude/settings.json or .claude/settings.local.json are ignored, because these values are substituted into plugin hook, MCP, and LSP configurations, and a cloned repository must not be able to supply them. Before v2.1.207, project and local settings were also read.

extraKnownMarketplaces

Defines additional marketplaces that should be made available for the repository. Typically used in repository-level settings to ensure team members have access to required plugin sources. When a repository includes extraKnownMarketplaces:
  1. Team members are prompted to install the marketplace when they trust the folder
  2. Team members are then prompted to install plugins from that marketplace
  3. Users can skip unwanted marketplaces or plugins (stored in user settings)
  4. Installation respects trust boundaries and requires explicit consent
Example:
Marketplace source types:
  • github: GitHub repository (uses repo)
  • git: Any git URL (uses url)
  • directory: Local filesystem path (uses path, for development only)
  • hostPattern: regex pattern to match marketplace hosts (uses hostPattern)
  • settings: inline marketplace declared directly in settings.json without a separate hosted repository (uses name and plugins)
The git source type works with any git hosting service, including self-hosted GitLab and Bitbucket. Claude Code clones the repository with the same authentication that git clone would use on that machine: configured credential helpers or SSH keys. A provider token such as GITHUB_TOKEN takes effect only through a credential helper that reads it. See Private repositories for setup details. For github and git sources, set "skipLfs": true inside the source object (alongside repo or url) to skip Git LFS downloads when Claude Code clones or updates the marketplace repository. LFS pointer files remain as pointers instead of downloading their content. Use this when the repository contains large LFS objects unrelated to plugin content. Requires Claude Code v2.1.153 or later. Each marketplace entry also accepts an optional autoUpdate Boolean. Set "autoUpdate": true alongside source to make Claude Code refresh that marketplace and update its installed plugins in the background after startup. When omitted, official Anthropic marketplaces default to true and all other marketplaces default to false. See Configure auto-updates. Use source: 'settings' to declare a small set of plugins inline without setting up a hosted marketplace repository. Plugins listed here must reference external sources such as GitHub or npm. You still need to enable each plugin separately in enabledPlugins.

strictKnownMarketplaces

Managed settings only: Controls which plugin marketplaces users are allowed to add and install plugins from. This setting can only be configured in managed settings and provides administrators with strict control over marketplace sources. Managed settings file locations:
  • macOS: /Library/Application Support/ClaudeCode/managed-settings.json
  • Linux and WSL: /etc/claude-code/managed-settings.json
  • Windows: C:\Program Files\ClaudeCode\managed-settings.json
Key characteristics:
  • Only available in managed settings (managed-settings.json)
  • Cannot be overridden by user or project settings (highest precedence)
  • Enforced before network and filesystem operations, so blocked sources never run
  • Uses exact matching for source specifications (including ref, path for git sources), except hostPattern and pathPattern, which use regex matching
Allowlist behavior:
  • undefined (default): no restrictions, so users can add any marketplace
  • Empty array []: complete lockdown, so users can’t add any new marketplaces
  • List of sources: users can only add marketplaces that match exactly
All supported source types: The allowlist supports multiple marketplace source types. Most sources use exact matching, while hostPattern and pathPattern use regex matching against the marketplace host and filesystem path respectively.
  1. GitHub repositories:
Fields: repo (required), ref (optional: branch or tag), path (optional: subdirectory)
  1. Git repositories:
Fields: url (required), ref (optional: branch or tag), path (optional: subdirectory)
  1. URL-based marketplaces:
Fields: url (required), headers (optional: HTTP headers for authenticated access)
URL-based marketplaces only download the marketplace.json file. They do not download plugin files from the server. Plugins in URL-based marketplaces must use external sources (GitHub, npm, or git URLs) rather than relative paths. For plugins with relative paths, use a Git-based marketplace instead. See Troubleshooting for details.
  1. NPM packages:
Fields: package (required, supports scoped packages)
  1. File paths:
Fields: path (required: absolute path to marketplace.json file)
  1. Directory paths:
Fields: path (required: absolute path to directory containing .claude-plugin/marketplace.json)
  1. Host pattern matching:
Fields: hostPattern (required: regex pattern to match against the marketplace host) Use host pattern matching when you want to allow all marketplaces from a specific host without enumerating each repository individually. This is useful for organizations with internal GitHub Enterprise or GitLab servers where developers create their own marketplaces. Host extraction by source type:
  • github: always matches against github.com
  • git: extracts hostname from the URL (supports both HTTPS and SSH formats)
  • url: extracts hostname from the URL
  • npm, file, directory: not supported for host pattern matching
  1. Path pattern matching:
Fields: pathPattern (required: regex pattern matched against the path field of file and directory sources) Use path pattern matching to allow filesystem-based marketplaces alongside hostPattern restrictions for network sources. Set ".*" to allow all local paths, or a narrower pattern to restrict to specific directories. Configuration examples: Example: allow specific marketplaces only:
Example: disable all marketplace additions:
Example: allow all marketplaces from an internal git server:
Exact matching requirements: Marketplace sources must match exactly for a user’s addition to be allowed. For git-based sources (github and git), this includes all optional fields:
  • The repo or url must match exactly
  • The ref field must match exactly (or both be undefined)
  • The path field must match exactly (or both be undefined)
Examples of sources that don’t match:
Comparison with extraKnownMarketplaces: Format difference: strictKnownMarketplaces uses direct source objects:
extraKnownMarketplaces requires named marketplaces:
Using both together: strictKnownMarketplaces is a policy gate: it controls what users may add but does not register any marketplaces. To both restrict and pre-register a marketplace for all users, set both in managed-settings.json:
With only strictKnownMarketplaces set, users can still add the allowed marketplace manually via /plugin marketplace add, but it is not available automatically. Important notes:
  • Restrictions are checked before any network requests or filesystem operations
  • When blocked, users see clear error messages indicating the source is blocked by managed policy
  • The restriction is enforced on marketplace add and on plugin install, update, refresh, and auto-update. A marketplace added before the policy was set cannot be used to install or update plugins once its source no longer matches the allowlist
  • Managed settings have the highest precedence and cannot be overridden
See Managed marketplace restrictions for user-facing documentation.

strictPluginOnlyCustomization

Managed settings only: blocks skills, agents, hooks, and MCP servers from user and project sources, so they can only come from plugins or managed settings. Combine it with strictKnownMarketplaces to control the full customization supply chain: the marketplace allowlist controls which plugins users can install, and this setting blocks everything that doesn’t come from a plugin or from managed settings. The value is either true to lock all four surfaces, or an array naming the surfaces to lock:
For each locked surface, Claude Code skips user-level and project-level sources and loads only plugin-provided and managed sources: Surface names that a Claude Code version doesn’t recognize are ignored rather than failing the settings file, so you can add new surface names before all clients have updated.

Manage plugins

Use the /plugin command to manage plugins interactively:
  • Browse available plugins from marketplaces
  • Install/uninstall plugins
  • Enable/disable plugins
  • View plugin details (skills, agents, hooks provided)
  • Add/remove marketplaces
Learn more about the plugin system in the plugins documentation.

Environment variables

Environment variables let you control Claude Code behavior without editing settings files. Any variable can also be configured in settings.json under the env key to apply it to every session or roll it out to your team. See the environment variables reference for the full list.

Tools available to Claude

Claude Code has access to a set of tools for reading, editing, searching, running commands, and orchestrating subagents. Tool names are the exact strings you use in permission rules and hook matchers. See the tools reference for the full list and Bash tool behavior details.

See also