118 KiB
Settings Best Practice
A comprehensive guide to all available configuration options in Claude Code's settings.json files. As of v2.1.207, Claude Code exposes 80+ settings and 200+ environment variables (use the "env" field in settings.json to avoid wrapper scripts).
| ← Back to Claude Code Best Practice |
Table of Contents
- Settings Hierarchy
- Core Configuration
- Permissions
- Hooks
- MCP Servers
- Sandbox
- Plugins
- Model Configuration
- Display & UX
- AWS & Cloud Credentials
- Environment Variables
- Useful Commands
Settings Hierarchy
Settings apply in order of precedence (highest to lowest):
| Priority | Location | Scope | Shared? | Purpose |
|---|---|---|---|---|
| 1 | Managed settings | Organization | Yes (deployed by IT) | Security policies that cannot be overridden |
| 2 | Command line arguments | Session | N/A | Temporary single-session overrides |
| 3 | .claude/settings.local.json |
Project | No (git-ignored) | Personal project-specific |
| 4 | .claude/settings.json |
Project | Yes (committed) | Team-shared settings |
| 5 | ~/.claude/settings.json |
User | N/A | Global personal defaults |
Managed settings are organization-enforced and cannot be overridden by any other level, including command line arguments. Delivery methods:
- Server-managed settings (remote delivery)
- MDM profiles — macOS plist at
com.anthropic.claudecode - Registry policies — Windows
HKLM\SOFTWARE\Policies\ClaudeCode(admin) andHKCU\SOFTWARE\Policies\ClaudeCode(user-level, lowest policy priority) - File —
managed-settings.jsonandmanaged-mcp.json(macOS:/Library/Application Support/ClaudeCode/, Linux/WSL:/etc/claude-code/, Windows:C:\Program Files\ClaudeCode\) - Drop-in directory —
managed-settings.d/alongsidemanaged-settings.jsonfor independent policy fragments (v2.1.83). Following the systemd convention,managed-settings.jsonis merged first as the base, then all*.jsonfiles in the drop-in directory are sorted alphabetically and merged on top. Later files override earlier ones for scalar values; arrays are concatenated and de-duplicated; objects are deep-merged. Hidden files starting with.are ignored. Use numeric prefixes to control merge order (e.g.,10-telemetry.json,20-security.json)
Within the managed tier, precedence is: server-managed > MDM/OS-level policies > file-based (managed-settings.d/*.json + managed-settings.json) > HKCU registry (Windows only). Only one managed source is used; sources do not merge across tiers. Within the file-based tier, drop-in files and the base file are merged together.
Note: As of v2.1.75, the deprecated Windows fallback path
C:\ProgramData\ClaudeCode\managed-settings.jsonhas been removed. UseC:\Program Files\ClaudeCode\managed-settings.jsoninstead.
Note (v2.1.126):
/confignow persists changes to~/.claude/settings.jsoninstead of holding them in memory only. Edits made through the interactive Config UI survive restarts.
Managed-only policy keys:
| Key | Type | Default | Description |
|---|---|---|---|
parentSettingsBehavior |
string | "first-wins" |
Controls whether managed settings supplied programmatically by an embedding host process (SDK parent) apply when an admin-deployed managed tier is also present. "first-wins": parent-supplied settings are dropped and only the admin tier applies. "merge": parent-supplied settings apply under the admin tier and are filtered so they can tighten policy but not loosen it. Requires v2.1.133+ |
policyHelper |
object | - | Admin-deployed executable that computes managed settings dynamically at startup. Object shape: {path: string} pointing at the helper binary. Only honored from MDM or a system managed-settings.json file (never from user/project settings). Helper output is merged into the managed tier on every startup. Requires v2.1.136+ |
requiredMinimumVersion |
string | - | (Managed only) Prevents Claude Code from starting if the installed version is below this floor. CLI exits with an error prompting the user to upgrade. Complements minimumVersion (which controls auto-update floor) — this one enforces at startup. Example: "2.1.163" |
requiredMaximumVersion |
string | - | (Managed only) Prevents Claude Code from starting if the installed version exceeds this ceiling. CLI exits with an error if the version is too new. Use alongside requiredMinimumVersion to pin a specific version range in managed environments. Example: "2.1.165" |
browserExternalPageTools |
string | - | (Managed only) Set to "disabled" to prevent Claude from using tools to read or act on external pages in the desktop app's Browser pane. Users can still navigate to external sites themselves, and local dev server previews are unaffected |
Important:
denyrules have highest safety precedence and cannot be overridden by lower-priority allow/ask rules.- Managed settings may lock or override local behavior even if local files specify different values.
- Array settings (e.g.,
permissions.allow) are concatenated and deduplicated across scopes — entries from all levels are combined, not replaced.
Core Configuration
General Settings
| Key | Type | Default | Description |
|---|---|---|---|
$schema |
string | - | JSON Schema URL for IDE validation and autocompletion (e.g., "https://json.schemastore.org/claude-code-settings.json") |
model |
string | "default" |
Override default model. Accepts aliases (sonnet, opus, haiku) or full model IDs |
agent |
string | - | Set the default agent for the main conversation. Value is the agent name from .claude/agents/. Also available via --agent CLI flag |
language |
string | "english" |
Claude's preferred response language. Also sets the voice dictation language and the terminal tab title (v2.1.121) |
claudeMdExcludes |
array | - | Glob patterns or absolute paths of CLAUDE.md files to skip when loading memory. Patterns match against absolute file paths. Only applies to user, project, and local memory; managed policy files cannot be excluded. Example: ["**/vendor/**/CLAUDE.md"] |
claudeMd |
string | - | (Managed only) CLAUDE.md-style instructions injected as organization-managed memory. Only honored when set in managed or policy settings; ignored in user, project, and local settings. Example: "Always run make lint before committing." |
cleanupPeriodDays |
number | 30 |
Age cutoff for the startup cleanup sweep (minimum 1). Inactive session transcripts and orphaned subagent worktrees are deleted; as of v2.1.117 the sweep also covers ~/.claude/tasks/, ~/.claude/shell-snapshots/, and ~/.claude/backups/. Setting to 0 is rejected with a validation error. To disable transcript writes in non-interactive mode (-p), use --no-session-persistence or persistSession: false SDK option |
autoUpdatesChannel |
string | "latest" |
Release channel: "stable" or "latest" |
minimumVersion |
string | - | Prevent the auto-updater from downgrading below a specific version. Automatically set when switching to the stable channel and choosing to stay on the current version until stable catches up. Used with autoUpdatesChannel |
alwaysThinkingEnabled |
boolean | false |
Enable extended thinking by default for all sessions |
thinkingBudgetTokens |
number | - | Set a fixed token budget for extended thinking per response. When set, limits the number of thinking tokens to the specified value. If unset, Claude Code uses a dynamic budget based on the model and effort level. Works alongside alwaysThinkingEnabled |
skipWebFetchPreflight |
boolean | false |
Skip the WebFetch domain safety check that sends each requested hostname to api.anthropic.com before fetching. Set to true in environments that block outbound traffic to Anthropic, such as Bedrock, Vertex AI, or Foundry deployments with restrictive egress |
availableModels |
array | - | Restrict which models users can select via /model, --model, Config tool, or ANTHROPIC_MODEL. Does not affect the Default option. As of v2.1.172, also constrains the model picker for subagent dispatching and the advisorModel picker. Use enforceAvailableModels: true to additionally constrain the Default model option. Example: ["sonnet", "haiku"] |
enforceAvailableModels |
boolean | false |
(Managed only) When true, the availableModels allowlist also constrains the Default model option — users cannot select a model outside the allowlist even via the Default slot. Without this flag, availableModels leaves the Default option unrestricted. Pair with availableModels for full model lockdown (v2.1.175) |
fastModePerSessionOptIn |
boolean | false |
Require users to opt in to fast mode each session |
defaultShell |
string | "bash" |
Default shell for input-box ! commands. Accepts "bash" (default) or "powershell". Setting "powershell" routes interactive ! commands through PowerShell on Windows. Requires CLAUDE_CODE_USE_POWERSHELL_TOOL=1 (v2.1.84). v2.1.120: When PowerShell is available, it is used as the fallback shell on Windows even without Git for Windows installed. v2.1.126: When PowerShell is enabled, it is treated as the primary shell instead of defaulting to Bash. PowerShell 7 detection now also covers Microsoft Store installs, MSI installs not on PATH, and .NET global tool installs |
includeGitInstructions |
boolean | true |
Include built-in commit and PR workflow instructions and the git status snapshot in Claude's system prompt. The CLAUDE_CODE_DISABLE_GIT_INSTRUCTIONS environment variable takes precedence over this setting when set |
voice |
object | - | Voice dictation configuration. Object with three fields: enabled (boolean — push-to-talk on/off), mode (string — "hold" for hold-to-talk or "tap" for tap-to-toggle), and autoSubmit (boolean — submit transcript immediately when dictation ends). Written automatically when you run /voice. Requires a Claude.ai account (v2.1.118 expanded structure) |
voiceEnabled |
boolean | - | DEPRECATED — legacy alias for voice.enabled. Use the voice object instead to get mode and autoSubmit controls |
showClearContextOnPlanAccept |
boolean | false |
Show the "clear context" option on the plan accept screen. Set to true to restore the option (hidden by default since v2.1.81) |
viewMode |
string | - | Default transcript view mode on startup: "default", "verbose", or "focus". Overrides the sticky Ctrl+O selection when set |
disableDeepLinkRegistration |
string | - | Set to "disable" to prevent Claude Code from registering the claude-cli:// protocol handler with the operating system on startup. Deep links let external tools open a Claude Code session with a pre-filled prompt via claude-cli://open?q=.... The q parameter supports multi-line prompts using URL-encoded newlines (%0A). Useful in environments where protocol handler registration is restricted or managed separately |
showThinkingSummaries |
boolean | false |
Show extended thinking summaries in interactive sessions. When unset or false (default in interactive mode), thinking blocks are redacted by the API and shown as a collapsed stub. Redaction only changes what you see, not what the model generates — to reduce thinking spend, lower the budget or disable thinking instead. Non-interactive mode (-p) and SDK callers always receive summaries regardless of this setting |
disableSkillShellExecution |
boolean | false |
Disable inline shell execution for !`...` and ```! blocks in skills and custom commands from user, project, plugin, or additional-directory sources. Commands are replaced with [shell command execution disabled by policy] instead of being run. Bundled and managed skills are not affected (v2.1.91) |
maxSkillDescriptionChars |
number | 1536 |
Per-skill character cap on the combined description and when_to_use text in the skill listing Claude sees each turn. Text longer than this is truncated (v2.1.105) |
skillListingBudgetFraction |
number | 0.01 |
Fraction of the model's context window reserved for the skill listing Claude sees each turn (0.01 = 1%). When the listing exceeds the budget, descriptions for the least-used skills are collapsed to bare names so Claude can still invoke them but won't see why (v2.1.105) |
forceRemoteSettingsRefresh |
boolean | false |
(Managed only) Block CLI startup until remote managed settings are freshly fetched. If the fetch fails, the CLI exits (fail-closed). Use in enterprise environments where policy enforcement must be up-to-date before any session begins (v2.1.92) |
wslInheritsWindowsSettings |
boolean | false |
(Windows managed settings only) When true, Claude Code on WSL reads managed settings from the Windows policy chain (HKLM registry + C:\Program Files\ClaudeCode\managed-settings.json) in addition to /etc/claude-code, with Windows sources taking priority. Only honored when set in the HKLM registry key or C:\Program Files\ClaudeCode\managed-settings.json, both of which require Windows admin to write. For HKCU policy to also apply on WSL, the flag must additionally be set in HKCU itself. Has no effect on native Windows (v2.1.118) |
tui |
string | "default" |
Rendering mode: "fullscreen" or "default". Set via /tui fullscreen for flicker-free alt-screen rendering (v2.1.110) |
awaySummaryEnabled |
boolean | true |
Generate an "away summary" (idle-session recap) when the user returns after being away. Set to false to opt out. Pairs with the CLAUDE_CODE_ENABLE_AWAY_SUMMARY env var (v2.1.110) |
autoCompactEnabled |
boolean | true |
Auto-compact the conversation when context approaches the model's limit. Set to false to disable automatic compaction and manage context manually. Also disableable via the DISABLE_AUTO_COMPACT env var |
skillOverrides |
object | - | Per-skill visibility overrides keyed by skill name. Value is "on" (full), "name-only" (visible but not auto-described), "user-invocable-only" (hidden from model discovery but still slash-invocable), or "off" (fully hidden). Example: {"legacy-context": "name-only", "deploy": "off"} (v2.1.129) |
disableRemoteControl |
boolean | false |
Disable Remote Control: blocks claude remote-control, the --remote-control flag, auto-start, and the in-session toggle. Typically placed in managed settings for per-device MDM enforcement, but works from any scope (v2.1.128) |
agentPushNotifEnabled |
boolean | false |
Send proactive push notifications to Remote Control when Claude decides to push (e.g., task complete). Appears in /config as Push when Claude decides |
inputNeededNotifEnabled |
boolean | false |
Send a push notification to Remote Control when a permission prompt or question awaits user input. Appears in /config as Push when actions required |
remoteControlAtStartup |
boolean/null | - | Auto-connect Remote Control on startup. true always auto-connects, false never auto-connects, unset uses the organization default. Can be set at any scope (v2.1.119+) |
disableAgentView |
boolean | false |
Set to true to turn off background agents and agent view: claude agents, --bg, /background, and the on-demand supervisor. Can be set at any scope but typically placed in managed settings. Equivalent to setting the CLAUDE_CODE_DISABLE_AGENT_VIEW env var to 1 |
disableWorkflows |
boolean | false |
Set to true to disable dynamic workflows (/workflows) and the bundled workflow slash commands. Can be set at any scope. Equivalent to the CLAUDE_CODE_DISABLE_WORKFLOWS env var. Workflows were introduced in v2.1.154 |
workflowKeywordTriggerEnabled |
boolean | true |
Whether typing the word "ultracode" in a prompt triggers a dynamic workflow. Set to false to require explicit /workflows invocation. Ultracode, /workflows, and saved workflow commands are unaffected by this setting. Appears in /config as Workflow keyword trigger (v2.1.157; trigger keyword renamed workflow→ultracode in v2.1.160) |
ultracode |
boolean | - | (Session-only — not persisted) When true, the harness authors and runs a workflow for every substantive task by default, maximizing thoroughness regardless of token cost. Appears in the official "Available settings" list but is session-scoped: set via /effort ultracode, --settings, or the SDK rather than written to settings.json (v2.1.154) |
dynamicWorkflowSize |
string | - | Advisory guideline for the number of agents spawned in a dynamic workflow. Values: "small", "medium", "large". When set, the workflow harness uses this as the default fleet size before scaling up or down based on the task. Set via /config as Workflow size (v2.1.202; values formalized in v2.1.205) |
disableBundledSkills |
boolean | false |
Conceal Claude Code's built-in capabilities (bundled skills) from the model. When true, the model cannot invoke built-in skills. Paired with the CLAUDE_CODE_DISABLE_BUNDLED_SKILLS env var. Useful when strict plugin-only customization is required (v2.1.169) |
disableArtifact |
boolean | false |
Disable the Artifact web publishing tool. When true, Claude cannot create or publish web artifacts. Can be set at any scope |
enableArtifact |
boolean | - | (v2.1.196+) User-level opt-in for the Artifact web publishing tool. When set to true, enables Artifact for the user even when no organization policy requires it. disableArtifact: true takes precedence and overrides this setting |
feedbackSurveyRate |
number | - | Probability (0–1) that the session quality survey appears when eligible. Enterprise admins can control how often the survey is shown. Example: 0.05 = 5% of eligible sessions |
advisorModel |
string | - | Model for the server-side advisor tool. Accepts a model alias (opus, sonnet, fable) or a full model ID. When unset, the advisor uses the session model. Requires v2.1.98+ |
respondToBashCommands |
boolean | true |
Whether Claude automatically responds after a ! shell command completes. Set to false to disable the automatic follow-up response when a ! bash command finishes (v2.1.186) |
askUserQuestionTimeout |
string | "never" |
How long to wait before an unanswered AskUserQuestion dialog auto-continues without the user. Values: "60s", "5m", "10m", "never" (no auto-continue — the default). Set via /config as Ask user question timeout. Pairs with the CLAUDE_AFK_TIMEOUT_MS env var; the env var applies only when this setting is set to a duration. (v2.1.200) |
Example:
{
"model": "opus",
"agent": "code-reviewer",
"language": "japanese",
"cleanupPeriodDays": 60,
"autoUpdatesChannel": "stable",
"alwaysThinkingEnabled": true
}
Plans & Memory Directories
Store plan and auto-memory files in custom locations.
| Key | Type | Default | Description |
|---|---|---|---|
plansDirectory |
string | ~/.claude/plans |
Directory where /plan outputs are stored |
autoMemoryDirectory |
string | - | Custom directory for auto-memory storage. Accepts ~/-expanded paths. Not accepted in project settings (.claude/settings.json) to prevent redirecting memory writes to sensitive locations; accepted from policy, local, and user settings |
autoMemoryEnabled |
boolean | true |
Enable auto memory. When false, Claude does not read from or write to the auto-memory directory. Can also be toggled with /memory during a session, or disabled via the CLAUDE_CODE_DISABLE_AUTO_MEMORY env var |
fileCheckpointingEnabled |
boolean | true |
Snapshot files before each edit so you can restore them with /rewind. Set to false to skip checkpointing and save disk space. Also disableable via the CLAUDE_CODE_DISABLE_FILE_CHECKPOINTING env var |
Example:
{
"plansDirectory": "./my-plans"
}
Use Case: Useful for organizing planning artifacts separately from Claude's internal files, or for keeping plans in a shared team location.
Worktree Settings
Configure how --worktree creates and manages git worktrees. Useful for reducing disk usage and startup time in large monorepos.
| Key | Type | Default | Description |
|---|---|---|---|
worktree.symlinkDirectories |
array | [] |
Directories to symlink from the main repository into each worktree to avoid duplicating large directories on disk |
worktree.sparsePaths |
array | [] |
Directories to check out in each worktree via git sparse-checkout (cone mode). Only the listed paths are written to disk |
worktree.baseRef |
string | "fresh" |
Which ref new worktrees branch from. "fresh" branches from origin/<default-branch> for a clean tree matching the remote. "head" branches from your current local HEAD, including uncommitted-but-tracked changes (v2.1.133) |
worktree.bgIsolation |
string | "worktree" |
Isolation mode for background sessions. "worktree" (default) blocks Edit/Write in the main checkout until EnterWorktree is called; "none" lets background jobs edit the working copy directly (v2.1.143) |
Example:
{
"worktree": {
"symlinkDirectories": ["node_modules", ".cache"],
"sparsePaths": ["packages/my-app", "shared/utils"]
}
}
Attribution Settings
Customize attribution messages for git commits and pull requests.
| Key | Type | Default | Description |
|---|---|---|---|
attribution.commit |
string | Co-authored-by | Git commit attribution (supports trailers) |
attribution.pr |
string | Generated message | Pull request description attribution |
attribution.sessionUrl |
boolean | true |
Include a link to the claude.ai session URL in commits and PRs generated in web sessions or Remote Control sessions. Set to false to omit the link. Has no effect in local CLI sessions (v2.1.183) |
prUrlTemplate |
string | - | URL template that controls how the "PR" badge in commit attribution links to the pull request UI. Supports placeholders for the repo host, owner, repo, and PR number. Useful for self-hosted GitLab/Bitbucket/GitHub Enterprise instances where the default https://github.com/... URL does not apply (v2.1.119) |
includeCoAuthoredBy |
boolean | true |
DEPRECATED - Use attribution instead |
Example:
{
"attribution": {
"commit": "Generated with AI\n\nCo-Authored-By: Claude <noreply@anthropic.com>",
"pr": "Generated with Claude Code"
}
}
Note: Set to empty string ("") to hide attribution entirely.
Authentication Helpers
Scripts for dynamic authentication token generation.
| Key | Type | Description |
|---|---|---|
apiKeyHelper |
string | Shell script path that outputs auth token (sent as both X-Api-Key and Authorization: Bearer headers) |
forceLoginMethod |
string | Restrict login to "claudeai", "console", or "gateway" accounts. Use "gateway" for organization-managed Claude gateway deployments. (Managed only) |
forceLoginOrgUUID |
string | array | Require login to belong to a specific organization. Accepts a single UUID string (which also pre-selects that organization during login) or an array of UUIDs where any listed organization is accepted without pre-selection. When set in managed settings, login fails if the authenticated account does not belong to a listed organization; an empty array fails closed and blocks login with a misconfiguration message |
forceLoginGatewayUrl |
string | (Managed only) Pre-fill the Claude gateway URL on the login screen when forceLoginMethod is "gateway". Avoids requiring users to manually enter the gateway URL. Typically set alongside forceLoginMethod: "gateway" |
gcpAuthRefresh |
string | Custom script that refreshes GCP Application Default Credentials when they expire or cannot be loaded. Run by Claude Code before retrying authentication. Useful when ADC are short-lived and require an org-specific helper to renew. Example: "gcloud auth application-default login" |
Example:
{
"apiKeyHelper": "/bin/generate_temp_api_key.sh",
"forceLoginMethod": "console",
"forceLoginOrgUUID": ["xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy"]
}
Company Announcements
Display custom announcements to users at startup (cycled randomly).
| Key | Type | Description |
|---|---|---|
companyAnnouncements |
array | Array of strings displayed at startup |
Example:
{
"companyAnnouncements": [
"Welcome to Acme Corp!",
"Remember to run tests before committing!",
"Check the wiki for coding standards"
]
}
Permissions
Control what tools and operations Claude can perform.
Permission Structure
{
"permissions": {
"allow": [],
"ask": [],
"deny": [],
"additionalDirectories": [],
"defaultMode": "acceptEdits",
"disableBypassPermissionsMode": "disable"
}
}
Permission Keys
| Key | Type | Description |
|---|---|---|
permissions.allow |
array | Rules allowing tool use without prompting |
permissions.ask |
array | Rules requiring user confirmation |
permissions.deny |
array | Rules blocking tool use (highest precedence) |
permissions.additionalDirectories |
array | Extra directories Claude can access |
permissions.defaultMode |
string | Default permission mode. Valid values: "default", "manual" (alias for "default", v2.1.200), "acceptEdits", "dontAsk", "bypassPermissions", "auto", "plan". In Remote environments, only acceptEdits and plan are honored (v2.1.70+) |
permissions.disableBypassPermissionsMode |
string | Prevent bypass mode activation |
permissions.skipDangerousModePermissionPrompt |
boolean | Skip the confirmation prompt shown before entering bypass permissions mode via --dangerously-skip-permissions or defaultMode: "bypassPermissions". Ignored when set in project settings (.claude/settings.json) to prevent untrusted repositories from auto-bypassing the prompt |
allowManagedPermissionRulesOnly |
boolean | (Managed only) Only managed permission rules apply; user/project allow, ask, deny rules are ignored |
autoMode |
object | Customize what the auto mode classifier blocks and allows. Contains environment (trusted infrastructure descriptions), allow (exceptions to block rules), soft_deny (block rules), and hard_deny (unconditional block rules — cannot be overridden by allow exceptions or the $defaults sentinel, v2.1.136) — all arrays of prose strings. Also accepts classifyAllShell (boolean, default false): when true, routes all Bash/PowerShell commands through the auto-mode classifier instead of only arbitrary-code-execution patterns, giving stricter coverage at the cost of more classifier calls (v2.1.193). Not read from shared project settings (.claude/settings.json) or local settings (.claude/settings.local.json) to prevent repo injection (v2.1.207 removed local-settings scope). Available in user and managed settings only; configure in ~/.claude/settings.json. Setting allow or soft_deny replaces the entire default list for that section unless you include the literal string "$defaults" in the array — the sentinel inherits the built-in rules at that position so custom entries are added alongside them (v2.1.118). Run claude auto-mode defaults to see built-in rules before customizing |
disableAutoMode |
string | Set to "disable" to prevent auto mode from being activated. Removes auto from the Shift+Tab cycle and rejects --permission-mode auto at startup. Can be set at any settings level; most useful in managed settings where users cannot override it |
useAutoModeDuringPlan |
boolean | Whether plan mode uses auto mode semantics when auto mode is available. Default: true. Not read from shared project settings (.claude/settings.json). Appears in /config as "Use auto mode during plan" |
Permission Modes
| Mode | Behavior |
|---|---|
"default" |
Standard permission checking with prompts |
"manual" |
Alias for "default" introduced in v2.1.200 — same standard permission checking with prompts. The rename improves clarity across the CLI, VS Code, and JetBrains UIs. Accepted wherever "default" is accepted |
"acceptEdits" |
Automatically accepts file edits and common filesystem commands (mkdir, touch, mv, cp, etc.) for paths in the working directory or additionalDirectories. v2.1.160: Always prompts before writing build-tool config files that grant code execution (.npmrc, .yarnrc*, bunfig.toml, .bazelrc, .pre-commit-config.yaml, .devcontainer/, etc.) and before writing to shell startup files (.zshenv, .zlogin, .bash_login) and ~/.config/git/ |
"dontAsk" |
Auto-denies tools unless pre-approved via /permissions or permissions.allow rules |
"bypassPermissions" |
Skip all permission checks (dangerous). All path-based prompts are skipped — writes to .git, .config/git, .claude, .vscode, .idea, .husky, .cargo, .devcontainer, .yarn, and .mvn no longer prompt (v2.1.121 exempted .claude/commands/, .claude/agents/, .claude/skills/, and .claude/worktrees/; v2.1.126 removed all remaining path-based prompts). Only removals targeting the filesystem root or home directory (rm -rf /, rm -rf ~) still prompt as a circuit breaker against model error |
"auto" |
Auto-approves tool calls with background safety checks that verify actions align with your request. Research preview. Classifier auto-approves read-only and file edits; sends everything else through a safety check. Falls back to prompting after 3 consecutive or 20 total blocks. In the default Shift+Tab permission-mode cycle since v2.1.111 (the --enable-auto-mode flag was removed in v2.1.111 — start in this mode with --permission-mode auto). Configure with the autoMode setting |
"plan" |
Read-only exploration mode. As of v2.1.136, file writes are blocked even when a matching Edit(...) allow rule exists — plan mode now overrides explicit allow rules to maintain its read-only guarantee |
Tool Permission Syntax
| Tool | Syntax | Examples |
|---|---|---|
Bash |
Bash(command pattern) |
Bash(npm run *), Bash(* install), Bash(git * main) |
PowerShell |
PowerShell(cmd *) |
PowerShell(Get-ChildItem *), PowerShell(git commit *) — same shape as Bash; common aliases are canonicalized (gci/ls/dir → Get-ChildItem) and the PowerShell AST is parsed so each subcommand of a ` |
Read |
Read(path pattern) |
Read(.env), Read(./secrets/**) |
Edit |
Edit(path pattern) |
Edit(src/**), Edit(*.ts) |
Write |
Write(path pattern) |
Write(*.md), Write(./docs/**) |
NotebookEdit |
NotebookEdit(pattern) |
NotebookEdit(*) |
WebFetch |
WebFetch(domain:pattern) |
WebFetch(domain:example.com) |
WebSearch |
WebSearch |
Global web search |
Task |
Task(agent-name) |
Task(Explore), Task(my-agent) |
Agent |
Agent(name) |
Agent(researcher), Agent(*) — permission scoped to subagent spawning |
Skill |
Skill(skill-name) or Skill(prefix *) |
Skill(weather-fetcher), Skill(weather *) matches weather-fetcher/weather-svg-creator (v2.1.139) |
MCP |
mcp__server__tool or MCP(server:tool) |
mcp__memory__*, MCP(github:*) |
Tool |
Tool(param:value) |
Agent(model:opus), Bash(cmd:npm run *) — match permission rules against a tool's input parameters; supports * wildcards in the value position (v2.1.178) |
Cd |
Cd(path pattern) |
Cd(/home/*), Cd(~/projects/*) — controls which directories the /cd command may navigate to |
Evaluation order: Rules are evaluated in order: deny rules first, then ask, then allow. The first matching rule wins.
Deny rule glob patterns (v2.1.166): In a deny rule, using "*" in the tool-name position matches ALL tools — equivalent to a global deny. For example, "*" in the deny array blocks every tool call. This makes it possible to lock down access completely and carve out specific allow/ask exceptions.
Read/Edit path patterns: Permission rules for Read, Edit, and Write support gitignore-style patterns with four prefix types:
| Prefix | Meaning | Example |
|---|---|---|
// |
Absolute path from filesystem root | Read(//Users/alice/file) |
~/ |
Relative to home directory | Read(~/.zshrc) |
/ |
Relative to project root | Edit(/src/**) |
./ or none |
Relative path (current directory) | Read(.env), Read(*.ts) |
Symlink resolution: Permission rules check both the symlink path and its resolved target. Allow rules apply only when both the symlink and its target match — a symlink inside an allowed directory that points outside it still prompts. Deny rules apply when either the symlink or its target matches — a symlink to a denied file is itself denied.
Bash wildcard notes:
*can appear at any position: prefix (Bash(* install)), suffix (Bash(npm *)), or middle (Bash(git * main))- Word boundary:
Bash(ls *)(space before*) matchesls -labut NOTlsof;Bash(ls*)(no space) matches both Bash(*)is treated as equivalent toBash(matches all bash commands)- Permission rules support output redirections:
Bash(python:*)matchespython script.py > output.txt - The legacy
:*suffix syntax (e.g.,Bash(npm:*)) is equivalent to*but is deprecated - Compound commands: shell operators (
&&,||,;,|,|&,&, and newlines) split a command and each subcommand must match independently —Bash(safe-cmd *)does not authorizesafe-cmd && other-cmd - Process wrappers:
timeout,time,nice,nohup, andstdbufare stripped before matching (soBash(npm test *)also matchestimeout 30 npm test); barexargs(no flags) is stripped too. Exec wrapperswatch,setsid,ionice,flock, andfindwith-exec/-deletealways prompt and cannot be approved by a prefix rule
Example:
{
"permissions": {
"allow": [
"Edit(*)",
"Write(*)",
"Bash(npm run *)",
"Bash(git *)",
"WebFetch(domain:*)",
"mcp__*"
],
"ask": [
"Bash(rm *)",
"Bash(git push *)"
],
"deny": [
"Read(.env)",
"Read(./secrets/**)",
"Bash(curl *)"
],
"additionalDirectories": ["../shared-libs/"]
}
}
Hooks
Hook configuration (events, properties, matchers, exit codes, environment variables, and HTTP hooks) is maintained in a dedicated repository:
claude-code-hooks — Complete hook reference with sound notification system, all 25 hook events, HTTP hooks, matcher patterns, exit codes, and environment variables.
Hook-related settings keys (hooks, disableAllHooks (also disables any custom status line), allowManagedHooksOnly, allowedHttpHookUrls, httpHookAllowedEnvVars) are documented there.
For the official hooks reference, see the Claude Code Hooks Documentation.
MCP Servers
Configure Model Context Protocol servers for extended capabilities.
OAuth (v2.1.111): MCP servers that authenticate via OAuth follow RFC 9728 for protected-resource metadata discovery. Compliant servers expose authorization endpoints under
/.well-known/oauth-protected-resource, and Claude Code completes the OAuth flow automatically — no manualapiKeyHelperorheadersHelperscript required for spec-conformant servers.
Reserved server names (v2.1.128+):
workspace,Claude Browser, andClaude Previeware reserved MCP server names. User-defined servers with these names are skipped at load time with a warning logged to the session log. Rename any pre-existing servers using these names to avoid the collision.
.mcp.jsonhot-reload (v2.1.139): The/mcpReconnect action now re-reads.mcp.jsonfrom disk before reconnecting, so adding or editing a server no longer requires a session restart. Claude Code also injectsCLAUDE_PROJECT_DIRinto stdio-launched MCP server environments (v2.1.139) so servers can resolve paths relative to the project root.
Per-server timeout floor (v2.1.162): Per-server
timeoutvalues less than 1000ms are ignored and the globalMCP_TOOL_TIMEOUTdefault applies instead. Values ≥ 1000ms are honored as before.
MCP Settings
| Key | Type | Scope | Description |
|---|---|---|---|
enableAllProjectMcpServers |
boolean | Any | Auto-approve all .mcp.json servers. Security note (v2.1.196): .mcp.json servers no longer self-approve — explicit opt-in via enableAllProjectMcpServers: true or enabledMcpjsonServers is now required |
enabledMcpjsonServers |
array | Any | Allowlist specific server names |
disabledMcpjsonServers |
array | Any | Blocklist specific server names |
allowedMcpServers |
array | Managed only | Allowlist with name/command/URL matching |
deniedMcpServers |
array | Managed only | Blocklist with matching |
allowManagedMcpServersOnly |
boolean | Managed only | Only allow MCP servers explicitly listed in managed allowlist |
channelsEnabled |
boolean | Managed only | Allow channels for Team and Enterprise users. When unset or false, channel message delivery is blocked regardless of --channels flag |
allowedChannelPlugins |
array | Managed only | Allowlist of channel plugins that may push messages. Replaces the default Anthropic allowlist when set. Undefined = fall back to the default, empty array = block all channel plugins. Requires channelsEnabled: true. Each entry is an object with marketplace and plugin fields (v2.1.84) |
allowAllClaudeAiMcps |
boolean | Managed only | Load claude.ai cloud MCP connectors alongside managed-mcp.json. When enabled, claude.ai-hosted MCP connectors are made available in addition to admin-deployed managed MCP servers |
disableClaudeAiConnectors |
boolean | Any | Disable auto-fetching of claude.ai MCP connectors. When true, claude.ai cloud connectors are not loaded regardless of any allowAllClaudeAiMcps policy (v2.1.182) |
MCP Server Matching (Managed Settings)
{
"allowedMcpServers": [
{ "serverName": "github" },
{ "serverCommand": "npx @modelcontextprotocol/*" },
{ "serverUrl": "https://mcp.company.com/*" }
],
"deniedMcpServers": [
{ "serverName": "dangerous-server" }
]
}
Per-Server Tool Loading (alwaysLoad, v2.1.121)
By default, MCP tool definitions are deferred (loaded into context on demand via tool search). Set alwaysLoad: true on an individual MCP server entry in .mcp.json (or inline mcpServers) to exempt that server from deferral — every tool from that server then loads upfront at session start regardless of ENABLE_TOOL_SEARCH. Available on all server types; requires Claude Code v2.1.121+. Use this only for a small set of tools needed every turn — each upfront tool consumes context that would otherwise be available for conversation.
{
"mcpServers": {
"always-on-server": {
"type": "http",
"url": "https://mcp.example.com",
"alwaysLoad": true
}
}
}
An MCP server can also mark individual tools as always-loaded by including "anthropic/alwaysLoad": true in the tool's _meta object — useful when only a subset of a server's tools should bypass deferral.
Example:
{
"enableAllProjectMcpServers": true,
"enabledMcpjsonServers": ["memory", "github", "filesystem"],
"disabledMcpjsonServers": ["experimental-server"]
}
Sandbox
Configure bash command sandboxing for security.
Sandbox Settings
| Key | Type | Default | Description |
|---|---|---|---|
sandbox.enabled |
boolean | false |
Enable bash sandboxing |
sandbox.failIfUnavailable |
boolean | false |
Exit with error when sandbox is enabled but cannot start, instead of running unsandboxed. Useful for enterprise policies that require strict sandboxing (v2.1.83) |
sandbox.autoAllowBashIfSandboxed |
boolean | true |
Auto-approve bash when sandboxed. As of v2.1.139, shell-expansion forms ($VAR, $(cmd)) are correctly recognized so commands containing variable substitution no longer fall back to a prompt when sandbox auto-approval is enabled |
sandbox.excludedCommands |
array | [] |
Commands to run outside sandbox |
sandbox.allowUnsandboxedCommands |
boolean | true |
Allow dangerouslyDisableSandbox. When set to false, the escape hatch is completely disabled and all commands must run sandboxed (or be in excludedCommands). Useful for enterprise policies that require strict sandboxing |
sandbox.ignoreViolations |
object | {} |
Map of command patterns to path arrays — suppress violation warnings (in JSON schema, not on official settings page) |
sandbox.enableWeakerNestedSandbox |
boolean | false |
(Linux and WSL2 only) Enable weaker sandbox for unprivileged Docker environments (reduces security) |
sandbox.network.allowUnixSockets |
array | [] |
(macOS only) Specific Unix socket paths accessible in sandbox. Ignored on Linux and WSL2, where the seccomp filter cannot inspect socket paths; use allowAllUnixSockets instead |
sandbox.network.allowAllUnixSockets |
boolean | false |
Allow all Unix sockets (overrides allowUnixSockets). On Linux and WSL2 this is the only way to permit Unix sockets, since it skips the seccomp filter that otherwise blocks socket(AF_UNIX, ...) calls |
sandbox.network.allowLocalBinding |
boolean | false |
Allow binding to localhost ports (macOS) |
sandbox.network.allowedDomains |
array | [] |
Network domain allowlist for sandbox |
sandbox.network.deniedDomains |
array | [] |
Network domain denylist for bash sandbox. Takes precedence over wildcards in allowedDomains. Supports glob patterns (e.g., "*.example.com") (v2.1.113) |
sandbox.network.httpProxyPort |
number | - | HTTP proxy port 1-65535 (custom proxy) |
sandbox.network.socksProxyPort |
number | - | SOCKS5 proxy port 1-65535 (custom proxy) |
sandbox.network.allowManagedDomainsOnly |
boolean | false |
Only allow domains in managed allowlist (managed settings) |
sandbox.network.allowMachLookup |
array | [] |
(macOS only) Additional XPC/Mach service names the sandbox may look up. Supports a single trailing * for prefix matching. Needed for tools that communicate via XPC such as the iOS Simulator or Playwright. Example: ["com.apple.coresimulator.*"] |
sandbox.filesystem.allowWrite |
array | [] |
Additional paths where sandboxed commands can write. Arrays are merged across all settings scopes. Also merged with paths from Edit(...) allow permission rules. Prefix: / (absolute), ~/ (home), ./ or none (project-relative in project settings, ~/.claude-relative in user settings). The older // prefix for absolute paths still works. Note: This differs from Read/Edit permission rules, which use // for absolute and / for project-relative |
sandbox.filesystem.denyWrite |
array | [] |
Paths where sandboxed commands cannot write. Arrays are merged across all settings scopes. Also merged with paths from Edit(...) deny permission rules. Same path prefix conventions as allowWrite |
sandbox.filesystem.denyRead |
array | [] |
Paths where sandboxed commands cannot read. Arrays are merged across all settings scopes. Also merged with paths from Read(...) deny permission rules. Same path prefix conventions as allowWrite |
sandbox.filesystem.allowRead |
array | [] |
Paths to re-allow read access within denyRead regions. Takes precedence over denyRead. Arrays are merged across all settings scopes. Same path prefix conventions as allowWrite |
sandbox.filesystem.allowManagedReadPathsOnly |
boolean | false |
(Managed only) Only allowRead paths from managed settings are respected. allowRead entries from user, project, and local settings are ignored |
sandbox.enableWeakerNetworkIsolation |
boolean | false |
(macOS only) Allow access to system TLS trust (com.apple.trustd.agent); reduces security |
sandbox.bwrapPath |
string | - | (Managed only, Linux/WSL2) Absolute path to the bubblewrap (bwrap) binary. Overrides automatic PATH detection. Only honored from managed settings, not user or project settings. Example: /opt/admin/bwrap (v2.1.133) |
sandbox.socatPath |
string | - | (Managed only, Linux/WSL2) Absolute path to the socat binary used for the sandbox network proxy. Overrides automatic PATH detection. Only honored from managed settings. Example: /opt/admin/socat (v2.1.133) |
sandbox.allowAppleEvents |
boolean | false |
(macOS only) Opt-in for sandboxed commands to send Apple Events. Required for tools that use open, osascript, or browser authentication flows that depend on Apple Events IPC (v2.1.181) |
sandbox.credentials |
object | — | Fine-grained control over which credential files and environment variables are blocked from sandboxed subprocess environments. Contains files (array of file paths to block from sandboxed reads) and envVars (array of env var names to strip from the subprocess environment). An individual invalid entry in files or envVars is stripped with a warning and the valid subset is enforced (v2.1.187; extended to object with sub-arrays in v2.1.191+) |
Example:
{
"sandbox": {
"enabled": true,
"autoAllowBashIfSandboxed": true,
"excludedCommands": ["git", "docker", "gh"],
"allowUnsandboxedCommands": false,
"network": {
"allowUnixSockets": ["/var/run/docker.sock"],
"allowLocalBinding": true
}
}
}
Plugins
Configure Claude Code plugins and marketplaces.
Plugin Settings
| Key | Type | Scope | Description |
|---|---|---|---|
enabledPlugins |
object | Any | Enable/disable specific plugins |
extraKnownMarketplaces |
object | Project | Add custom plugin marketplaces (team sharing via .claude/settings.json) |
strictKnownMarketplaces |
array | Managed only | Allowlist of permitted marketplaces |
strictPluginOnlyCustomization |
boolean | array | Managed only | Block skills, agents, hooks, and MCP servers from user and project sources, so they can only come from plugins or managed settings. true locks all four surfaces; an array such as ["skills", "hooks"] locks only the named ones |
pluginSuggestionMarketplaces |
array | Managed only | Allowlist of marketplace names whose plugins may appear as contextual install suggestions during a session. Restricts which marketplaces can surface "you might want this plugin" prompts (v2.1.152) |
skippedMarketplaces |
array | Any | Marketplaces user declined to install (in JSON schema, not on official settings page) |
skippedPlugins |
array | Any | Plugins user declined to install (in JSON schema, not on official settings page) |
pluginConfigs |
object | Any | Per-plugin MCP server configs (keyed by plugin@marketplace). As of v2.1.207, no longer read from project-level .claude/settings.json or .claude/settings.local.json; only user, --settings, and managed settings are honored (in JSON schema, not on official settings page) |
blockedMarketplaces |
array | Managed only | Block specific plugin marketplaces. Each entry can match by source string, hostPattern, or pathPattern — as of v2.1.119 the hostPattern and pathPattern matchers are correctly enforced before any download touches the filesystem, so blocked marketplaces never reach disk |
pluginTrustMessage |
string | Managed only | Custom message displayed when prompting users to trust plugins |
disableSideloadFlags |
boolean | Managed only | Reject the --plugin-dir, --plugin-url, --agents, and --mcp-config startup flags. When true, users cannot bypass strictKnownMarketplaces by passing sideload flags at launch. Use in managed environments to enforce marketplace-only plugin distribution (v2.1.193) |
Marketplace source types: github, git, directory, hostPattern, settings, url, npm, file. Use source: 'settings' to declare a small set of plugins inline without setting up a hosted marketplace repository.
Example:
{
"enabledPlugins": {
"formatter@acme-tools": true,
"deployer@acme-tools": true,
"experimental@acme-tools": false
},
"extraKnownMarketplaces": {
"acme-tools": {
"source": {
"source": "github",
"repo": "acme-corp/claude-plugins"
}
},
"inline-tools": {
"source": {
"source": "settings",
"name": "inline-tools",
"plugins": [
{
"name": "code-formatter",
"source": { "source": "github", "repo": "acme-corp/code-formatter" }
}
]
}
}
}
}
Model Configuration
Model Aliases
| Alias | Description |
|---|---|
"default" |
Recommended for your account type |
"sonnet" |
Latest Sonnet model (Claude Sonnet 5 on the Anthropic API — native 1M-token context, introduced v2.1.197; Claude Sonnet 4.6 on Bedrock/Vertex/Foundry) |
"opus" |
Latest Opus model (Claude Opus 4.8 on the Anthropic API as of v2.1.154; Opus 4.8 also now default on Bedrock, Vertex, and Claude Platform on AWS as of v2.1.207 — was 4.6 before). Also the fast-mode default since v2.1.142. Opus 4.8 defaults to high effort and supports /effort xhigh |
"haiku" |
Fast Haiku model |
"sonnet[1m]" |
Sonnet with 1M token context |
"opus[1m]" |
Opus with 1M token context (default on Max, Team, and Enterprise since v2.1.75) |
"opusplan" |
Opus for planning, Sonnet for execution |
"fable" |
Claude Fable 5 — long-horizon reasoning model. Anthropic API only (v2.1.170+). Fable 5 includes 1M context by default; the [1m] suffix is auto-stripped, so fable[1m] is redundant (v2.1.173) |
Example:
{
"model": "opus"
}
Note (v2.1.144):
/modelchanges the model for the current session only. Pressdin the/modelpicker to also set the selection as your default. Themodelsetting andANTHROPIC_MODELcontinue to control the persistent default.
Model Overrides
Map Anthropic model IDs to provider-specific model IDs for Bedrock, Vertex, or Foundry deployments.
| Key | Type | Default | Description |
|---|---|---|---|
effortLevel |
string | - | Persist the effort level across sessions. Accepts "low", "medium", "high", or "xhigh" (Opus 4.7 and 4.8, v2.1.111). Written automatically when you run /effort low, /effort medium, /effort high, or /effort xhigh. Supported on Opus 4.6, Sonnet 4.6, Opus 4.7, and Opus 4.8 (defaults to high). Unsupported levels fall back to the highest supported level on the active model |
fallbackModel |
array | - | Up to 3 fallback model IDs tried sequentially when the primary model is unavailable (e.g., rate-limited or capacity issue). Each entry is a model ID or alias. Claude Code attempts the primary model first; if it fails, each fallback is tried in order. Stops at the first successful response (v2.1.166) |
modelOverrides |
object | - | Map model picker entries to provider-specific IDs (e.g., Bedrock inference profile ARNs). Each key is a model picker entry name, each value is the provider model ID |
Example:
{
"modelOverrides": {
"claude-opus-4-6": "arn:aws:bedrock:us-east-1:123456789:inference-profile/anthropic.claude-opus-4-6-v1:0",
"claude-sonnet-4-6": "arn:aws:bedrock:us-east-1:123456789:inference-profile/anthropic.claude-sonnet-4-6-v1:0"
}
}
Effort Level
The /model command exposes an effort level control that adjusts how much reasoning the model applies per response. Use the ← → arrow keys in the /model UI to cycle through effort levels.
| Effort Level | Description |
|---|---|
| Max | Maximum reasoning depth, Opus 4.6 only |
| XHigh | Extended high reasoning depth, Opus 4.7 and 4.8 (default on Opus 4.7 across all plans, v2.1.111; on Opus 4.8 it is available but the default is high, v2.1.154) |
| High (default on Opus 4.6/Sonnet 4.6) | Full reasoning depth, best for complex tasks |
| Medium | Balanced reasoning, good for everyday tasks |
| Low | Minimal reasoning, fastest responses |
How to use:
- Run
/effort low,/effort medium, or/effort highto set directly (v2.1.76+) - Or run
/model→ select a model → use ← → arrow keys to adjust - The setting persists via the
effortLevelkey insettings.json
Note: Effort level is available for Opus 4.6, Sonnet 4.6, Opus 4.7, and Opus 4.8 on Max and Team plans. The default was changed from High to Medium in v2.1.68, then changed back to High for API-key, Bedrock/Vertex/Foundry, Team, and Enterprise users in v2.1.94. In v2.1.117, the default was also raised from medium to high for Pro/Max subscribers on Opus 4.6 and Sonnet 4.6, bringing all tiers into alignment on high. v2.1.111 introduced xhigh (Opus 4.7 only at the time) and made it the default effort level on Opus 4.7 across all plans. v2.1.154 added Opus 4.8 as the latest Opus on the Anthropic API; it supports xhigh but defaults to high. As of v2.1.75, 1M context window for Opus 4.6 is available by default on Max, Team, and Enterprise plans.
Effort env propagation: Inside skill files, use ${CLAUDE_EFFORT} to reference the current effort level (v2.1.120). As of v2.1.133, the same $CLAUDE_EFFORT variable is also injected into the environment of Bash tool subprocesses and hook handlers, so shell scripts and hook commands can adapt their behavior based on the active effort tier without reading a separate config file.
Model Environment Variables
Configure via env key:
{
"env": {
"ANTHROPIC_MODEL": "sonnet",
"ANTHROPIC_DEFAULT_HAIKU_MODEL": "custom-haiku-model",
"ANTHROPIC_DEFAULT_SONNET_MODEL": "custom-sonnet-model",
"ANTHROPIC_DEFAULT_OPUS_MODEL": "custom-opus-model",
"CLAUDE_CODE_SUBAGENT_MODEL": "haiku",
"MAX_THINKING_TOKENS": "10000"
}
}
Display & UX
Display Settings
| Key | Type | Default | Description |
|---|---|---|---|
statusLine |
object | - | Custom status line configuration |
outputStyle |
string | "default" |
Output style (e.g., "Explanatory") |
spinnerTipsEnabled |
boolean | true |
Show tips while waiting |
spinnerVerbs |
object | - | Custom spinner verbs with mode ("append" or "replace") and verbs array |
spinnerTipsOverride |
object | - | Custom spinner tips with tips (string array) and optional excludeDefault (boolean). When excludeDefault is true, only custom tips show; when false or absent, custom tips merge with built-in tips. As of v2.1.121, excludeDefault: true also suppresses time-based spinner tips |
respectGitignore |
boolean | true |
Respect .gitignore in file picker |
prefersReducedMotion |
boolean | false |
Reduce animations and motion effects in the UI |
axScreenReader |
boolean | false |
Enable screen-reader-friendly output mode. When true, Claude outputs flat text without decorative box-drawing characters, color, and other terminal UI elements. Appears in /config as Screen reader mode. Only applies at the User scope — does not read from project or managed settings. Also available via the --ax-screen-reader CLI flag (v2.1.181) |
syntaxHighlightingDisabled |
boolean | false |
Disable syntax highlighting in diffs, code blocks, and file previews. Distinct from the CLAUDE_CODE_SYNTAX_HIGHLIGHT env var, which only governs diff output |
fileSuggestion |
object | - | Custom file suggestion command (see File Suggestion Configuration below) |
autoScrollEnabled |
boolean | true |
Auto-scroll the conversation in fullscreen mode. Set to false to disable automatic scrolling (v2.1.110). Versions before v2.1.119 stored this in ~/.claude.json |
editorMode |
string | "normal" |
Key binding mode for the input prompt: "normal" or "vim". Appears in /config as Editor mode. Versions before v2.1.119 stored this in ~/.claude.json |
showTurnDuration |
boolean | true |
Show turn duration messages after responses (e.g., "Cooked for 1m 6s"). Versions before v2.1.119 stored this in ~/.claude.json |
teammateMode |
string | "in-process" |
How agent team teammates display: "auto" (picks split panes in tmux or iTerm2, in-process otherwise), "in-process" (default since v2.1.179), "tmux", or "iterm2" (force iTerm2 split panes regardless of auto-detection, v2.1.186). See choose a display mode. Versions before v2.1.119 stored this in ~/.claude.json |
terminalProgressBarEnabled |
boolean | true |
Show the terminal progress bar in supported terminals (ConEmu, Ghostty 1.2.0+, and iTerm2 3.6.6+). Appears in /config as Terminal progress bar. Versions before v2.1.119 stored this in ~/.claude.json |
preferredNotifChannel |
string | "auto" |
Method for task-complete and permission-prompt notifications. Values: "auto", "terminal_bell", "iterm2", "iterm2_with_bell", "kitty", "ghostty", "notifications_disabled". Default "auto" sends a desktop notification in iTerm2, Ghostty, and Kitty and does nothing in other terminals. Set "terminal_bell" to ring the bell character in any terminal. Appears in /config as Notifications. See Get a terminal bell or notification |
wheelScrollAccelerationEnabled |
boolean | true |
Disable mouse-wheel scroll acceleration in fullscreen mode. Set to false to use fixed per-tick scroll steps instead of the OS-level acceleration curve (v2.1.174) |
footerLinksRegexes |
array | - | Regex patterns matched against URLs to display as link badges in the footer row. Each matching URL produces a clickable badge at the bottom of the chat UI (v2.1.176) |
Global Config Settings (~/.claude.json)
These IDE-related preferences are stored in ~/.claude.json, not settings.json.
v2.1.119 migration note: As of v2.1.119,
autoScrollEnabled,editorMode,showTurnDuration,teammateMode, andterminalProgressBarEnabledmoved intosettings.jsonand are documented in the Display Settings table above. Earlier versions stored them here.
| Key | Type | Default | Description |
|---|---|---|---|
autoConnectIde |
boolean | false |
Automatically connect to a running IDE when Claude Code starts from an external terminal. Appears in /config as Auto-connect to IDE (external terminal) when running outside a VS Code or JetBrains terminal |
autoInstallIdeExtension |
boolean | true |
Automatically install the Claude Code IDE extension when running from a VS Code terminal. Appears in /config as Auto-install IDE extension. Can also be disabled via CLAUDE_CODE_IDE_SKIP_AUTO_INSTALL env var |
externalEditorContext |
boolean | false |
Prepend Claude's previous response as #-commented context when you open the external editor with Ctrl+G. Set to true to enable |
teammateDefaultModel |
string | null |
Default model for agent-team teammates when the lead dispatches them. null inherits the lead's model. Listed under "Global config settings" on the official settings page |
Workspace & Teams
| Key | Type | Description |
|---|---|---|
sshConfigs |
object[] | SSH connection definitions surfaced as a dropdown in Desktop. Each entry must include id, name, and sshHost; optionally sshPort, sshIdentityFile, and startDirectory |
Field reference:
| Field | Required | Description |
|---|---|---|
id |
yes | Unique identifier for the SSH connection entry |
name |
yes | Display name shown in the Desktop dropdown |
sshHost |
yes | SSH host (e.g., user@dev.example.com or dev.example.com) |
sshPort |
no | SSH port number |
sshIdentityFile |
no | Path to the SSH identity file (private key) |
startDirectory |
no | Initial working directory after connecting |
Example:
{
"sshConfigs": [
{
"id": "dev-vm",
"name": "Dev VM",
"sshHost": "user@dev.example.com",
"sshPort": 22,
"sshIdentityFile": "~/.ssh/id_ed25519",
"startDirectory": "/home/user/project"
}
]
}
Status Line Configuration
{
"statusLine": {
"type": "command",
"command": "~/.claude/statusline.sh",
"padding": 2,
"refreshInterval": 5
}
}
| Field | Description |
|---|---|
type |
Set to "command" to run a shell script |
command |
Shell command or script path that generates the status line output |
padding |
Extra horizontal spacing (in characters) added to status line content. Defaults to 0. Controls relative indentation beyond the interface's built-in spacing |
refreshInterval |
Re-run the command every N seconds in addition to event-driven updates. Minimum is 1. Useful when the status line shows time-based data (e.g., a clock) or when background subagents change git state while the main session is idle. Leave unset to run only on events (v2.1.97) |
Status Line Input Fields:
The status line command receives a JSON object on stdin. For the full JSON schema and examples, see the Status Line Documentation.
| Field | Description |
|---|---|
model.id, model.display_name |
Current model identifier and display name |
cwd, workspace.current_dir |
Current working directory (both contain the same value; workspace.current_dir preferred) |
workspace.project_dir |
Directory where Claude Code was launched (may differ from cwd if working directory changes) |
workspace.added_dirs |
Additional directories added via /add-dir or --add-dir |
workspace.git_worktree |
Git worktree name when inside a linked worktree created with git worktree add. Absent in the main working tree (v2.1.97) |
cost.total_cost_usd |
Total session cost in USD |
cost.total_duration_ms |
Total wall-clock time since session started, in milliseconds |
cost.total_api_duration_ms |
Total time spent waiting for API responses, in milliseconds |
cost.total_lines_added, cost.total_lines_removed |
Lines of code changed during the session |
context_window.total_input_tokens, context_window.total_output_tokens |
Cumulative token counts across the session |
context_window.context_window_size |
Maximum context window size in tokens (200000 default, 1000000 for extended context) |
context_window.used_percentage |
Pre-calculated percentage of context window used |
context_window.remaining_percentage |
Pre-calculated percentage of context window remaining |
context_window.current_usage |
Token counts from the last API call (input, output, cache tokens) |
exceeds_200k_tokens |
Whether total tokens from the most recent API response exceeds 200k (fixed threshold) |
rate_limits.five_hour.used_percentage |
Five-hour rate limit usage percentage (v2.1.80+) |
rate_limits.five_hour.resets_at |
Five-hour rate limit reset timestamp (Unix epoch seconds) |
rate_limits.seven_day.used_percentage |
Seven-day rate limit usage percentage |
rate_limits.seven_day.resets_at |
Seven-day rate limit reset timestamp (Unix epoch seconds) |
session_id |
Unique session identifier |
session_name |
Custom session name set with --name or /rename. Absent if no custom name set |
transcript_path |
Path to conversation transcript file |
version |
Claude Code version |
output_style.name |
Name of the current output style |
vim.mode |
Current vim mode (NORMAL or INSERT) when vim mode is enabled |
agent.name |
Agent name when running with --agent flag or agent settings |
effort.level |
Current reasoning effort (low, medium, high, xhigh, or max). Reflects the live session value, including mid-session /effort changes. Absent when the current model does not support the effort parameter (v2.1.121) |
thinking.enabled |
Whether extended thinking is enabled for the session (v2.1.121) |
worktree.name |
Name of the active worktree (present only during --worktree sessions) |
worktree.path |
Absolute path to the worktree directory |
worktree.branch |
Git branch name for the worktree. Absent for hook-based worktrees |
worktree.original_cwd |
Directory before entering the worktree |
worktree.original_branch |
Git branch checked out before entering the worktree. Absent for hook-based worktrees |
github |
GitHub repository and pull-request information for the current branch when detected — repo identity and the associated PR (v2.1.145) |
File Suggestion Configuration
The file suggestion script receives a JSON object on stdin (e.g., {"query": "src/comp"}) and must output up to 15 file paths (one per line).
{
"fileSuggestion": {
"type": "command",
"command": "~/.claude/file-suggestion.sh"
},
"respectGitignore": true
}
Example:
{
"statusLine": {
"type": "command",
"command": "git branch --show-current 2>/dev/null || echo 'no-branch'"
},
"spinnerTipsEnabled": true,
"spinnerVerbs": {
"mode": "replace",
"verbs": ["Cooking", "Brewing", "Crafting", "Conjuring"]
},
"spinnerTipsOverride": {
"tips": ["Use /compact at ~50% context", "Start with plan mode for complex tasks"],
"excludeDefault": true
}
}
AWS & Cloud Credentials
AWS Settings
| Key | Type | Description |
|---|---|---|
awsAuthRefresh |
string | Script to refresh AWS auth (modifies .aws dir) |
awsCredentialExport |
string | Script outputting JSON with AWS credentials |
Example:
{
"awsAuthRefresh": "aws sso login --profile myprofile",
"awsCredentialExport": "/bin/generate_aws_grant.sh"
}
OpenTelemetry
| Key | Type | Description |
|---|---|---|
otelHeadersHelper |
string | Script to generate dynamic OpenTelemetry headers |
Example:
{
"otelHeadersHelper": "/bin/generate_otel_headers.sh"
}
Environment Variables (via env)
Set environment variables for all Claude Code sessions.
{
"env": {
"ANTHROPIC_API_KEY": "...",
"NODE_ENV": "development",
"DEBUG": "true"
}
}
Common Environment Variables
| Variable | Description |
|---|---|
ANTHROPIC_API_KEY |
API key for authentication |
ANTHROPIC_AUTH_TOKEN |
OAuth token |
CLAUDE_CODE_OAUTH_TOKEN |
OAuth access token for Claude.ai authentication. Alternative to /login for SDK and automated environments. Takes precedence over keychain-stored credentials |
CLAUDE_CODE_OAUTH_REFRESH_TOKEN |
OAuth refresh token for Claude.ai authentication. When set, claude auth login exchanges this token directly instead of opening a browser. Requires CLAUDE_CODE_OAUTH_SCOPES |
CLAUDE_CODE_OAUTH_SCOPES |
Space-separated OAuth scopes the refresh token was issued with (e.g., "user:profile user:inference user:sessions:claude_code"). Required when CLAUDE_CODE_OAUTH_REFRESH_TOKEN is set |
ANTHROPIC_WORKSPACE_ID |
Workspace ID for workload identity federation. Set when your federation rule is scoped to more than one workspace so the token exchange knows which workspace to target (v2.1.141) |
ANTHROPIC_BASE_URL |
Custom API endpoint |
ANTHROPIC_BEDROCK_BASE_URL |
Override Bedrock endpoint URL |
ANTHROPIC_BEDROCK_MANTLE_BASE_URL |
Override the Bedrock Mantle endpoint URL. See Mantle endpoint |
ANTHROPIC_BEDROCK_SERVICE_TIER |
Bedrock service tier: default, flex, or priority. Sent as the X-Amzn-Bedrock-Service-Tier header on every request. See Amazon Bedrock service tiers (v2.1.122) |
ANTHROPIC_AWS_API_KEY |
Workspace API key for Claude Platform on AWS |
ANTHROPIC_AWS_BASE_URL |
Override Claude Platform on AWS endpoint URL |
ANTHROPIC_AWS_WORKSPACE_ID |
Required workspace ID for Claude Platform on AWS |
CLAUDE_CODE_PROVIDER_MANAGED_BY_HOST |
Set by host platforms that embed Claude Code and manage model provider routing on the user's behalf. When set, provider-selection / endpoint / authentication env vars in settings.json (e.g., CLAUDE_CODE_USE_BEDROCK, ANTHROPIC_BASE_URL, ANTHROPIC_API_KEY) are ignored so user settings cannot override the host's routing. The automatic telemetry opt-out for Bedrock/Vertex/Foundry is also skipped, so telemetry follows the standard DISABLE_TELEMETRY opt-out (v2.1.126) |
ANTHROPIC_VERTEX_BASE_URL |
Override Vertex AI endpoint URL |
ANTHROPIC_BETAS |
Comma-separated Anthropic beta header values |
ANTHROPIC_VERTEX_PROJECT_ID |
GCP project ID for Vertex AI |
GCLOUD_PROJECT |
GCP project ID for Vertex AI requests (overrides ANTHROPIC_VERTEX_PROJECT_ID) |
GOOGLE_APPLICATION_CREDENTIALS |
Path to GCP service account credential file for Vertex AI authentication |
GOOGLE_CLOUD_PROJECT |
GCP project ID for Vertex AI requests (overrides ANTHROPIC_VERTEX_PROJECT_ID) |
ANTHROPIC_CUSTOM_MODEL_OPTION |
Model ID to add as a custom entry in the /model picker. Use to make a non-standard or gateway-specific model selectable without replacing built-in aliases |
ANTHROPIC_CUSTOM_MODEL_OPTION_NAME |
Display name for the custom model entry in the /model picker. Defaults to the model ID when not set |
ANTHROPIC_CUSTOM_MODEL_OPTION_DESCRIPTION |
Display description for the custom model entry in the /model picker. Defaults to Custom model (<model-id>) when not set |
ANTHROPIC_CUSTOM_MODEL_OPTION_SUPPORTED_CAPABILITIES |
Override capability detection for the custom model entry. Comma-separated values (e.g., effort,thinking). Required when the custom model supports features the auto-detection cannot confirm. See model configuration |
ANTHROPIC_MODEL |
Name of the model to use. Accepts aliases (sonnet, opus, haiku) or full model IDs. Overrides the model setting |
INIT_PROMPT |
Custom system prompt injected at session initialization |
ANTHROPIC_DEFAULT_HAIKU_MODEL |
Override the Haiku model alias with a custom model ID (e.g., for third-party deployments) |
ANTHROPIC_DEFAULT_HAIKU_MODEL_NAME |
Customize the Haiku entry label in the /model picker when using a pinned model on Bedrock/Vertex/Foundry. Defaults to the model ID |
ANTHROPIC_DEFAULT_HAIKU_MODEL_DESCRIPTION |
Customize the Haiku entry description in the /model picker. Defaults to Custom model (<model-id>) |
ANTHROPIC_DEFAULT_HAIKU_MODEL_SUPPORTED_CAPABILITIES |
Override capability detection for a pinned Haiku model. Comma-separated values (e.g., effort,thinking). Required when the pinned model supports features the auto-detection cannot confirm |
CLAUDECODE |
Set to 1 in shell environments Claude Code spawns (Bash tool, tmux sessions). Not set in hooks or status line commands. Use to detect when a script is running inside a Claude Code shell |
CLAUDE_CODE_CHILD_SESSION |
Set to 1 in subprocesses Claude Code spawns via the Bash, PowerShell, and Monitor tools, hook commands, and status line commands. Not set for stdio MCP server subprocesses. Unlike CLAUDECODE, this is only set by Claude Code's own spawn path (not IDE extensions), so it reliably distinguishes a nested claude session from a top-level claude launched in an IDE-integrated terminal. Nested interactive TUI sessions are automatically excluded from --resume, --continue, up-arrow history, and claude agents. Non-interactive claude -p sessions still persist. Set CLAUDE_CODE_FORCE_SESSION_PERSISTENCE=1 to override this exclusion (v2.1.172) |
CLAUDE_CODE_FORCE_SESSION_PERSISTENCE |
Set to 1 to override the automatic exclusion of nested interactive TUI sessions from --resume, --continue, up-arrow history, and claude agents. By default, nested sessions (where CLAUDE_CODE_CHILD_SESSION=1) are excluded to prevent them from polluting history. Set this to force persistence when you want nested sessions tracked |
CLAUDE_CODE_SESSION_ID |
Read-only. Set automatically in Bash and PowerShell tool subprocesses to the current session ID. Matches the session_id field passed to hooks. Updated on /clear. Use to correlate scripts and external tools with the Claude Code session that launched them (v2.1.132). Also injected into stdio MCP server environments on --resume (v2.1.163 changelog) (in v2.1.163 changelog; not yet on official env-vars page — read-only) |
AI_AGENT |
Set automatically by Claude Code in subprocess environments (Bash tool, hooks, MCP stdio servers). Generic flag identifying the parent process as an AI agent — useful for tools that adapt behavior when invoked from any AI agent rather than checking each agent-specific variable like CLAUDECODE (in v2.1.120 changelog, not yet on official env-vars page) |
CLAUDE_CODE_SKIP_FAST_MODE_NETWORK_ERRORS |
Set to 1 to allow fast mode when the organization status check fails due to a network error. Useful when a corporate proxy blocks the status endpoint |
CLAUDE_CODE_USE_BEDROCK |
Use AWS Bedrock (1 to enable) |
CLAUDE_CODE_USE_VERTEX |
Use Google Vertex AI (1 to enable) |
CLAUDE_CODE_USE_FOUNDRY |
Use Microsoft Foundry (1 to enable) |
CLAUDE_CODE_USE_MANTLE |
Use the Bedrock Mantle endpoint (1 to enable) |
CLAUDE_CODE_USE_POWERSHELL_TOOL |
Set to 1 to enable the PowerShell tool on Windows (opt-in preview). When enabled, Claude can run PowerShell commands natively instead of routing through Git Bash. Only supported on native Windows, not WSL (v2.1.84) |
CLAUDE_CODE_POWERSHELL_RESPECT_EXECUTION_POLICY |
Set to 1 to stop Claude Code from passing -ExecutionPolicy Bypass when spawning PowerShell for tool calls, hooks, and status line commands, respecting the machine's effective execution policy instead. By default Claude Code bypasses execution policy at process scope so .ps1 scripts and module imports work on default-Restricted Windows. Never overrides Group Policy MachinePolicy/UserPolicy (v2.1.143) |
CLAUDE_CODE_REMOTE |
Read-only. Set automatically to true when Claude Code is running as a cloud session. Read this from a hook or setup script to detect whether you are in a cloud environment |
CLAUDE_CODE_REMOTE_SESSION_ID |
Read-only. Set automatically in cloud sessions to the current session's ID. Read this to construct a link back to the session transcript |
CLAUDE_CODE_BRIDGE_SESSION_ID |
Read-only. Set automatically in Bash tool and hook command subprocesses while the session has an active Remote Control connection. Value is the session ID in session_ form (same identifier in the session's claude.ai/code URL). Removed when the connection ends. Allows scripts to link back to the session that ran them. In cloud sessions, read CLAUDE_CODE_REMOTE_SESSION_ID instead (v2.1.199) |
CLAUDE_REMOTE_CONTROL_SESSION_NAME_PREFIX |
Prefix for auto-generated Remote Control session names. Defaults to the machine hostname |
CLAUDE_CLIENT_PRESENCE_FILE |
Path to a file that, when present, signals an active client and suppresses mobile push notifications from Remote Control. Useful in environments where a desktop client is always running and mobile pings are unwanted |
CLAUDE_CODE_DISABLE_NOTIFICATION_PRESENCE_CHECK |
Set to 1 to send push notifications even while the user is actively typing in the session. By default, notifications are suppressed when active user presence is detected (v2.1.193) |
CLAUDE_CODE_ENABLE_TELEMETRY |
Enable/disable telemetry (0 or 1) |
DISABLE_ERROR_REPORTING |
Disable error reporting (1 to disable) |
DISABLE_AUTOUPDATER |
Set to 1 to disable automatic update checks against the npm registry. Also configurable as a startup-only var — see CLI Startup Flags |
DISABLE_UPDATES |
Set to 1 to completely block all update paths — automatic checks, notifications, and manual claude update. Stricter than DISABLE_AUTOUPDATER, which only disables the background check. Use in environments where all updates must be blocked until explicitly re-enabled (in v2.1.118 changelog, not yet on official env-vars page) |
CLAUDE_CODE_PACKAGE_MANAGER_AUTO_UPDATE |
Set to 1 to let Claude Code run your package manager's upgrade command in the background when a new version is available. Applies to Homebrew and WinGet installations. Other package managers continue to show the upgrade command without running it. See Auto updates (v2.1.129) |
CLAUDE_CODE_ENABLE_GATEWAY_MODEL_DISCOVERY |
Set to 1 to populate the /model picker from your gateway's /v1/models endpoint when ANTHROPIC_BASE_URL points at an Anthropic-compatible gateway such as LiteLLM, Kong, or an internal proxy. Off by default because gateways backed by a shared API key would otherwise expose every model the key can access. Discovered models are still filtered by the availableModels allowlist (v2.1.129, opt-in change from prior auto-discovery) |
DISABLE_TELEMETRY |
Disable telemetry (1 to disable) |
DO_NOT_TRACK |
Standard opt-out variable; set to 1 to opt out of telemetry collection. Respected by DISABLE_TELEMETRY |
MCP_TIMEOUT |
MCP startup timeout in ms |
CLAUDE_CODE_MCP_ALLOWLIST_ENV |
Spawn stdio MCP servers with a safe baseline environment only, stripping most inherited env vars to prevent credential leakage into untrusted server processes |
MAX_MCP_OUTPUT_TOKENS |
Max MCP output tokens (default: 25000). Warning displayed when output exceeds 10,000 tokens |
API_TIMEOUT_MS |
Timeout in ms for API requests (default: 600000) |
API_FORCE_IDLE_TIMEOUT |
Override the 5-minute idle timeout for streaming connections. Set to 0 to disable the idle timeout entirely, 1 to enforce it on all connections, or leave unset for the default (auto-enabled on slow or unreliable gateways that frequently stall). Useful for slow API gateways (v2.1.169) |
CLAUDE_CODE_CONNECT_TIMEOUT_MS |
Timeout in milliseconds for the connect, TLS, and response-header phase of a streaming API request (default: 60000 / 60 seconds). If no response headers arrive within this window, the request is aborted and retried. Set to 0 to disable and rely on API_TIMEOUT_MS alone |
CLAUDE_AFK_TIMEOUT_MS |
How many milliseconds before an unanswered AskUserQuestion dialog auto-continues, when askUserQuestionTimeout is set to a duration. As of v2.1.200, the default is "never" (no auto-continue) controlled by askUserQuestionTimeout; this env var applies only when a timeout duration is active. Setting to 0 closes the dialog immediately. To keep questions open, prefer askUserQuestionTimeout: "never" (v2.1.198; default changed v2.1.200) |
CLAUDE_AFK_COUNTDOWN_MS |
How many milliseconds before auto-continue the on-screen countdown appears on an unanswered AskUserQuestion dialog (default: 20000 / 20 seconds) (v2.1.198) |
BASH_MAX_TIMEOUT_MS |
Bash command timeout |
BASH_MAX_OUTPUT_LENGTH |
Max bash output length |
CLAUDE_AUTOCOMPACT_PCT_OVERRIDE |
Auto-compact threshold percentage (1-100). Default is ~95%. Set lower (e.g., 50) to trigger compaction earlier. Values above 95% have no effect. Use /context to monitor current usage. Example: CLAUDE_AUTOCOMPACT_PCT_OVERRIDE=50 claude |
CLAUDE_CODE_MAX_CONTEXT_TOKENS |
Override the context window size Claude Code assumes for the active model. Only takes effect when DISABLE_COMPACT is also set. Use when routing to a model through ANTHROPIC_BASE_URL whose context window does not match the built-in size for its name |
CLAUDE_BASH_MAINTAIN_PROJECT_WORKING_DIR |
Keep cwd between bash calls (1 to enable) |
CLAUDE_CODE_DISABLE_BACKGROUND_TASKS |
Disable background tasks (1 to disable) |
CLAUDE_CODE_DISABLE_BG_SHELL_PRESSURE_REAP |
Set to 1 to disable automatic memory-pressure reaping of idle background shell commands. When unset, Claude Code automatically reaps idle background shells under memory pressure to free resources (v2.1.193 changelog, not yet on official env-vars page) |
CLAUDE_CODE_DISABLE_BG_EXIT_HANDOFF |
Set to 1 to stop a background session's running background shell commands, dynamic workflows, and background subagents when the supervisor stops, restarts, or updates that session's process. By default they are handed off to the session's next process (v2.1.198) |
CLAUDE_CODE_DISABLE_ADVISOR_TOOL |
Set to 1 to disable the advisor tool and the /advisor command. Env-var equivalent of omitting advisor usage. Pair with advisorModel for advisor configuration (min v2.1.98) |
CLAUDE_CODE_DISABLE_AGENT_VIEW |
Set to 1 to turn off background agents and agent view (claude agents, --bg, /background, on-demand supervisor). Env-var equivalent of the disableAgentView setting (referenced on official settings page; not listed on the env-vars page) |
CLAUDE_CODE_DISABLE_EXPLORE_PLAN_AGENTS |
Set to 1 to disable the built-in Explore and Plan subagents. Claude explores with search tools or the general-purpose subagent instead. Plan mode reads files directly rather than launching Explore and Plan agents (v2.1.198) |
CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS |
Enable the experimental agent teams feature (1 to enable). Allows spawning coordinated teams of subagents within a session. Also configurable as a startup-only var — see CLI Startup Flags |
CLAUDE_CODE_DISABLE_WORKFLOWS |
Set to 1 to disable dynamic workflows (/workflows) and the bundled workflow slash commands. Env-var equivalent of the disableWorkflows setting |
CLAUDE_CODE_ENABLE_AUTO_MODE |
As of v2.1.207, auto mode is available on Bedrock, Vertex AI, and Foundry by default — this opt-in is no longer required. Previously (v2.1.158–v2.1.206): set to 1 to make auto mode available on those providers. Use disableAutoMode: "disable" in settings to turn auto mode off |
CLAUDE_CODE_DISABLE_BUNDLED_SKILLS |
Set to 1 to conceal Claude Code's built-in capabilities (bundled skills) from the model. Env-var equivalent of the disableBundledSkills setting (v2.1.169) |
CLAUDE_CODE_DISABLE_ARTIFACT |
Set to 1 to disable the Artifact tool, which publishes session output as a private web page on claude.ai. Equivalent to the disableArtifact setting |
CLAUDE_CODE_ARTIFACT_AUTO_OPEN |
Set to 0 to stop Claude Code from opening the browser automatically when a new artifact is published. Republishing an existing artifact does not open the browser regardless of this setting |
ENABLE_TOOL_SEARCH |
MCP tool search threshold (e.g., auto:5) |
ENABLE_PROMPT_CACHING_1H |
Opt into 1-hour prompt cache TTL. Replaces the deprecated ENABLE_PROMPT_CACHING_1H_BEDROCK (in v2.1.108 changelog, not yet on official env-vars page) |
FORCE_PROMPT_CACHING_5M |
Force 5-minute prompt cache TTL (in v2.1.108 changelog, not yet on official env-vars page) |
CLAUDE_CODE_ENABLE_AWAY_SUMMARY |
Opt out of away summary / idle-session recap. Set to 0 to disable. Pairs with the awaySummaryEnabled setting (v2.1.110) |
DISABLE_PROMPT_CACHING |
Disable all prompt caching (1 to disable) |
DISABLE_PROMPT_CACHING_HAIKU |
Disable Haiku prompt caching |
DISABLE_PROMPT_CACHING_SONNET |
Disable Sonnet prompt caching |
DISABLE_PROMPT_CACHING_OPUS |
Disable Opus prompt caching |
ENABLE_PROMPT_CACHING_1H_BEDROCK |
Request 1-hour cache TTL on Bedrock (1 to enable) (not in official docs — unverified; v2.1.108 changelog says deprecated, replaced by ENABLE_PROMPT_CACHING_1H) |
CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS |
Disable experimental beta features (1 to disable) |
CLAUDE_CODE_SHELL |
Override automatic shell detection |
CLAUDE_CODE_FILE_READ_MAX_OUTPUT_TOKENS |
Override default file read token limit |
CLAUDE_CODE_GLOB_HIDDEN |
Set to false to exclude dotfiles from results when Claude invokes the Glob tool. Included by default. Does not affect @ file autocomplete, ls, Grep, or Read |
CLAUDE_CODE_GLOB_NO_IGNORE |
Set to false to make the Glob tool respect .gitignore patterns. By default, Glob returns all matching files including gitignored ones. Does not affect @ file autocomplete, which has its own respectGitignore setting |
CLAUDE_CODE_GLOB_TIMEOUT_SECONDS |
Timeout in seconds for Glob file discovery |
CLAUDE_CODE_ENABLE_TASKS |
Controls whether sessions use the structured Task tools (TaskCreate, TaskUpdate, TaskGet, TaskList) or the legacy TodoWrite tool. As of v2.1.142, Task tools are the default in all modes. Set to 0 to revert to TodoWrite |
CLAUDE_CODE_SIMPLE |
Set to 1 to run with a minimal system prompt and only the Bash, file read, and file edit tools. Also configurable as a startup-only var — see CLI Startup Flags |
CLAUDE_CODE_EXIT_AFTER_STOP_DELAY |
Auto-exit SDK mode after idle duration (ms) |
CLAUDE_CODE_DISABLE_ADAPTIVE_THINKING |
Disable adaptive thinking (1 to disable) |
CLAUDE_CODE_DISABLE_THINKING |
Force-disable extended thinking (1 to disable) |
DISABLE_INTERLEAVED_THINKING |
Prevent interleaved-thinking beta header from being sent (1 to disable) |
CLAUDE_CODE_DISABLE_1M_CONTEXT |
Disable 1M token context window (1 to disable) |
CLAUDE_CODE_ACCOUNT_UUID |
Override account UUID for authentication |
CLAUDE_CODE_DISABLE_GIT_INSTRUCTIONS |
Disable git-related system prompt instructions |
CLAUDE_CODE_ATTRIBUTION_HEADER |
Set to 0 to omit the Claude Code attribution block from the system prompt |
CLAUDE_CODE_NEW_INIT |
Set to true to make /init run an interactive setup flow. Asks which files to generate (CLAUDE.md, skills, hooks) before exploring the codebase. Without this, /init generates a CLAUDE.md automatically |
CLAUDE_CODE_PLUGIN_SEED_DIR |
Path to one or more read-only plugin seed directories, separated by : on Unix or ; on Windows. Bundle pre-populated plugins into a container image. Claude Code registers marketplaces from these directories at startup and uses pre-cached plugins without re-cloning |
ENABLE_CLAUDEAI_MCP_SERVERS |
Enable Claude.ai MCP servers |
CLAUDE_CODE_EFFORT_LEVEL |
Set effort level: low, medium, high, xhigh (Opus 4.7 and 4.8, v2.1.111), max (Opus 4.6 only), or auto (use model default). Takes precedence over /effort and the effortLevel setting. Also configurable as a startup-only var — see CLI Startup Flags |
CLAUDE_EFFORT |
Read-only. Injected into Bash tool subprocesses and hook handlers with the active effort level so shell scripts and hooks can adapt to the current tier (companion to CLAUDE_CODE_EFFORT_LEVEL; v2.1.133). Inside skill files use ${CLAUDE_EFFORT} (in changelog, not on official env-vars page — read-only, not user-configurable) |
CLAUDE_CODE_ALWAYS_ENABLE_EFFORT |
Set to 1 to force-enable the effort parameter on all models, even those that do not normally support effort-level selection. Allows /effort and the effortLevel setting to take effect on models outside the standard effort-capable set (v2.1.154) |
CLAUDE_CODE_MAX_TURNS |
Maximum agentic turns before stopping (not in official docs — unverified) |
CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC |
Equivalent of setting DISABLE_AUTOUPDATER, DISABLE_FEEDBACK_COMMAND, DISABLE_ERROR_REPORTING, and DISABLE_TELEMETRY |
CLAUDE_CODE_SKIP_SETTINGS_SETUP |
Skip first-run settings setup flow (not in official docs — unverified) |
CLAUDE_CODE_PROMPT_CACHING_ENABLED |
Override prompt caching behavior (not in official docs — unverified) |
CLAUDE_CODE_DISABLE_TOOLS |
Comma-separated list of tools to disable (not in official docs — unverified) |
CLAUDE_CODE_DISABLE_MCP |
Disable all MCP servers (1 to disable) (not in official docs — unverified) |
CLAUDE_CODE_MAX_OUTPUT_TOKENS |
Max output tokens per response. Default: 32,000 (64,000 for Opus 4.6 as of v2.1.77). Upper bound: 64,000 (128,000 for Opus 4.6 and Sonnet 4.6 as of v2.1.77) |
CLAUDE_CODE_DISABLE_FAST_MODE |
Disable fast mode entirely (1 to disable) |
CLAUDE_CODE_OPUS_4_6_FAST_MODE_OVERRIDE |
REMOVED in v2.1.160 — the environment variable is now a no-op. Fast mode runs on the default model regardless of this variable. Previously pinned fast mode to Claude Opus 4.6 instead of the default (v2.1.142–v2.1.159) |
CLAUDE_CODE_DISABLE_NONSTREAMING_FALLBACK |
Set to 1 to disable the non-streaming fallback when a streaming request fails mid-stream. Streaming errors propagate to the retry layer instead. Useful when a proxy or gateway causes the fallback to produce duplicate tool execution (v2.1.83) |
CLAUDE_ENABLE_STREAM_WATCHDOG |
Stream idle watchdog that aborts stalled streams. Enabled by default as of v2.1.163; set to 0 to disable |
CLAUDE_CODE_ENABLE_FINE_GRAINED_TOOL_STREAMING |
Enabled by default on the Anthropic API (v2.1.139+); set to 0 to opt out |
CLAUDE_CODE_DISABLE_AUTO_MEMORY |
Disable auto memory (1 to disable) |
CLAUDE_CODE_DISABLE_FILE_CHECKPOINTING |
Disable file checkpointing for /rewind (1 to disable) |
CLAUDE_CODE_DISABLE_ATTACHMENTS |
Disable attachment processing (1 to disable) |
CLAUDE_CODE_DISABLE_CLAUDE_MDS |
Prevent loading CLAUDE.md files (1 to disable) |
CLAUDE_CODE_ADDITIONAL_DIRECTORIES_CLAUDE_MD |
Load CLAUDE.md memory files from additional directories specified via --add-dir at startup (1 to enable). Also configurable as a startup-only var — see CLI Startup Flags |
CLAUDE_CODE_DISABLE_POLICY_SKILLS |
Skip loading skills from the system-wide managed skills directory (1 to disable) |
CLAUDE_CODE_RESUME_INTERRUPTED_TURN |
Auto-resume if previous session ended mid-turn (1 to enable) |
CLAUDE_CODE_SKIP_PROMPT_HISTORY |
Set to 1 to skip writing prompt history and session transcripts to disk. Sessions started with this variable set do not appear in --resume, --continue, or up-arrow history. Useful for ephemeral scripted sessions |
CLAUDE_CODE_USER_EMAIL |
Provide user email synchronously for authentication |
CLAUDE_CODE_ORGANIZATION_UUID |
Provide organization UUID synchronously for authentication |
CLAUDE_CONFIG_DIR |
Custom config directory (overrides default ~/.claude) |
CLAUDE_CODE_TMPDIR |
Override the temp directory used for internal temp files. Claude Code appends /claude/ to this path. Default: /tmp on Unix/macOS, os.tmpdir() on Windows |
ANTHROPIC_CUSTOM_HEADERS |
Custom headers for API requests (Name: Value format, newline-separated for multiple headers) |
CLAUDE_CODE_EXTRA_BODY |
JSON object to merge into the top level of every API request body. Use to inject vendor-specific fields (e.g., routing hints for a custom gateway) |
CLAUDE_CODE_PROPAGATE_TRACEPARENT |
Set to 1 to propagate the W3C traceparent header through requests when routing through a custom proxy, linking Claude Code traces to your upstream telemetry |
ANTHROPIC_FOUNDRY_API_KEY |
API key for Microsoft Foundry authentication |
ANTHROPIC_FOUNDRY_BASE_URL |
Base URL for Foundry resource |
ANTHROPIC_FOUNDRY_RESOURCE |
Foundry resource name |
ANTHROPIC_FOUNDRY_AUTH_TOKEN |
Azure authentication token for Foundry (alternative to service principal auth, v2.1.203+) |
AWS_BEARER_TOKEN_BEDROCK |
Bedrock API key for authentication |
ANTHROPIC_SMALL_FAST_MODEL |
DEPRECATED — Use ANTHROPIC_DEFAULT_HAIKU_MODEL instead |
ANTHROPIC_SMALL_FAST_MODEL_AWS_REGION |
AWS region for deprecated Haiku-class model override |
CLAUDE_CODE_SHELL_PREFIX |
Command prefix prepended to bash commands |
BASH_DEFAULT_TIMEOUT_MS |
Default bash command timeout in ms |
CLAUDE_CODE_SKIP_BEDROCK_AUTH |
Skip AWS auth for Bedrock (1 to skip) |
CLAUDE_CODE_SKIP_FOUNDRY_AUTH |
Skip Azure auth for Foundry (1 to skip) |
CLAUDE_CODE_SKIP_MANTLE_AUTH |
Skip AWS authentication for Bedrock Mantle (e.g., when using an LLM gateway) |
CLAUDE_CODE_SKIP_VERTEX_AUTH |
Skip Google auth for Vertex (1 to skip) |
CLAUDE_CODE_PROXY_RESOLVES_HOSTS |
Allow proxy to perform DNS resolution |
CLAUDE_CODE_API_KEY_HELPER_TTL_MS |
Credential refresh interval in ms for apiKeyHelper |
CLAUDE_CODE_CLIENT_CERT |
Client certificate path for mTLS |
CLAUDE_CODE_CLIENT_KEY |
Client private key path for mTLS |
CLAUDE_CODE_CLIENT_KEY_PASSPHRASE |
Passphrase for encrypted mTLS key |
CLAUDE_CODE_CERT_STORE |
Comma-separated list of CA certificate sources for TLS connections: bundled (Mozilla CA set shipped with Claude Code) and/or system (OS trust store). Default: bundled,system. The native binary distribution is required for system store integration; on the Node.js runtime, only the bundled set is used regardless of this value (v2.1.101) |
CLAUDE_CODE_PLUGIN_GIT_TIMEOUT_MS |
Plugin marketplace git clone timeout in ms (default: 120000) |
CLAUDE_CODE_PLUGIN_PREFER_HTTPS |
Set to 1 to clone GitHub owner/repo shorthand plugin sources over HTTPS instead of SSH. Applies to plugin install/update and /plugin marketplace add/update. Useful in CI runners or containers without a configured SSH key for github.com (v2.1.141) |
CLAUDE_CODE_PLUGIN_CACHE_DIR |
Override the plugins root directory |
CLAUDE_CODE_DISABLE_OFFICIAL_MARKETPLACE_AUTOINSTALL |
Skip auto-adding the official marketplace (1 to disable) |
CLAUDE_CODE_SYNC_PLUGIN_INSTALL |
Wait for plugin install to complete before first query (1 to enable) |
CLAUDE_CODE_SYNC_PLUGIN_INSTALL_TIMEOUT_MS |
Timeout in ms for synchronous plugin install |
CLAUDE_CODE_PLUGIN_KEEP_MARKETPLACE_ON_FAILURE |
Set to 1 to keep the existing marketplace cache when a git pull fails instead of wiping and re-cloning. Useful in offline or airgapped environments where re-cloning would fail the same way |
CLAUDE_CODE_ENABLE_BACKGROUND_PLUGIN_REFRESH |
Refresh plugin state at session turn boundaries after a background install completes (1 to enable). Without this, newly installed plugins take effect on the next session |
CLAUDE_CODE_HIDE_ACCOUNT_INFO |
Hide email/org info from UI (not in official docs — unverified) |
CLAUDE_CODE_DISABLE_CRON |
Disable scheduled/cron tasks (1 to disable) |
DISABLE_INSTALLATION_CHECKS |
Disable installation warnings |
DISABLE_FEEDBACK_COMMAND |
Disable the /feedback command. The older name DISABLE_BUG_COMMAND is also accepted |
DISABLE_DOCTOR_COMMAND |
Hide the /doctor command (1 to disable) |
DISABLE_LOGIN_COMMAND |
Hide the /login command (1 to disable) |
DISABLE_LOGOUT_COMMAND |
Hide the /logout command (1 to disable) |
DISABLE_UPGRADE_COMMAND |
Hide the /upgrade command (1 to disable) |
DISABLE_EXTRA_USAGE_COMMAND |
Hide the /extra-usage command — renamed to /usage-credits in v2.1.144, though this env var name is unchanged (1 to disable) |
DISABLE_INSTALL_GITHUB_APP_COMMAND |
Hide the /install-github-app command (1 to disable) |
DISABLE_NON_ESSENTIAL_MODEL_CALLS |
Disable flavor text and non-essential model calls (not in official docs — unverified) |
CLAUDE_CODE_DEBUG_LOGS_DIR |
Override debug log file path. Despite the name, this is a file path, not a directory. Requires debug mode enabled separately via --debug, /debug, or the DEBUG env var; setting this variable alone does not enable logging. Use --debug-file to both enable debug mode and set the path at once. Default: ~/.claude/debug/<session-id>.txt |
CLAUDE_CODE_DEBUG_LOG_LEVEL |
Minimum debug log level |
CLAUDE_AUTO_BACKGROUND_TASKS |
Force auto-backgrounding of long tasks (1 to enable) |
CLAUDE_CODE_DISABLE_LEGACY_MODEL_REMAP |
Prevent remapping Opus 4.0/4.1 to newer models (1 to disable) |
FALLBACK_FOR_ALL_PRIMARY_MODELS |
Trigger fallback model for all primary models, not just default (1 to enable) |
CCR_FORCE_BUNDLE |
Set to 1 to force claude --remote to bundle and upload your local repository even when GitHub access is available. Also configurable as a startup-only var — see CLI Startup Flags |
CLAUDE_CODE_GIT_BASH_PATH |
Windows only: path to the Git Bash executable (bash.exe). Use when Git Bash is installed but not in your PATH |
DISABLE_COST_WARNINGS |
Disable cost warning messages |
CLAUDE_CODE_SUBAGENT_MODEL |
Override model for subagents (e.g., haiku, sonnet) |
CLAUDE_CODE_SUBPROCESS_ENV_SCRUB |
Set to 1 to strip Anthropic and cloud provider credentials from subprocess environments (Bash tool, hooks, MCP stdio servers). Use for defense-in-depth when subprocesses should not inherit API keys (v2.1.83) |
CLAUDE_CODE_SCRIPT_CAPS |
JSON object limiting how many times specific scripts may be invoked per session when CLAUDE_CODE_SUBPROCESS_ENV_SCRUB is set. Keys are substrings matched against the command text; values are integer call limits. For example, {"deploy.sh": 2} allows deploy.sh to be called at most twice. Matching is substring-based; runtime fan-out via xargs or find -exec is not detected — this is a defense-in-depth control |
CLAUDE_CODE_PERFORCE_MODE |
Set to 1 to enable Perforce-aware write protection. When set, Edit, Write, and NotebookEdit fail with a p4 edit <file> hint if the target file lacks the owner-write bit, which Perforce clears on synced files until p4 edit opens them. Prevents Claude Code from bypassing Perforce change tracking (v2.1.98) |
CLAUDE_CODE_MAX_RETRIES |
Override API request retry count (default: 10) |
CLAUDE_CODE_RETRY_WATCHDOG |
Raise the retry count for non-capacity API errors to 300. The standard retry cap (CLAUDE_CODE_MAX_RETRIES, default: 10) still applies for capacity errors (in v2.1.199 changelog, not on official env-vars page) |
CLAUDE_CODE_MAX_TOOL_USE_CONCURRENCY |
Max parallel read-only tools (default: 10) |
CLAUDE_AGENT_SDK_DISABLE_BUILTIN_AGENTS |
Disable built-in subagent types in SDK mode (1 to disable) |
CLAUDE_AGENT_SDK_MCP_NO_PREFIX |
Skip mcp__<server>__ prefix for MCP tools in SDK mode (1 to enable) |
CLAUDE_ASYNC_AGENT_STALL_TIMEOUT_MS |
Stall timeout in ms for background subagents (default: 600000 / 10 minutes). The subagent is killed if it produces no output for this duration |
MCP_CONNECTION_NONBLOCKING |
Set to true in -p mode to skip the MCP connection wait entirely. Bounds --mcp-config server connections at 5s instead of blocking on the slowest server (in v2.1.89 changelog, not yet on official env-vars page) |
CLAUDE_CODE_SESSIONEND_HOOKS_TIMEOUT_MS |
SessionEnd hook timeout in ms (replaces hard 1.5s limit) |
CLAUDE_CODE_DISABLE_FEEDBACK_SURVEY |
Disable feedback survey prompts (1 to disable) |
CLAUDE_CODE_ENABLE_FEEDBACK_SURVEY_FOR_OTEL |
Set to 1 to route the session quality survey to your own OpenTelemetry collector when Anthropic-bound nonessential traffic is blocked. Survey ratings are emitted only as OTEL events to your configured collector — no survey data is sent to Anthropic. Applies when CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC, DISABLE_TELEMETRY, or DO_NOT_TRACK is set; has no effect otherwise. CLAUDE_CODE_DISABLE_FEEDBACK_SURVEY and the organization product feedback policy take precedence (v2.1.136) |
CLAUDE_CODE_DISABLE_TERMINAL_TITLE |
Disable terminal title updates (1 to disable) |
CLAUDE_CODE_TMUX_TRUECOLOR |
Set to 1 to allow 24-bit truecolor output inside tmux. By default, Claude Code clamps to 256 colors when $TMUX is set because tmux does not pass through truecolor escape sequences unless configured to. Set this after adding set -ga terminal-overrides ',*:Tc' to your ~/.tmux.conf |
CLAUDE_CODE_NO_FLICKER |
Set to 1 to enable flicker-free alt-screen rendering. Eliminates visual flicker during fullscreen redraws (v2.1.88) |
CLAUDE_CODE_ALT_SCREEN_FULL_REPAINT |
Set to 1 to repaint the entire screen on every frame in fullscreen rendering. Use when partial redraws produce visual artifacts in unusual terminal emulators |
CLAUDE_CODE_DISABLE_ALTERNATE_SCREEN |
Set to 1 to disable fullscreen rendering and use the classic main-screen renderer. The conversation stays in your terminal's native scrollback so Cmd+f and tmux copy mode work as usual. Takes precedence over CLAUDE_CODE_NO_FLICKER and the tui setting. You can also switch with /tui default (v2.1.132) |
CLAUDE_CODE_FORCE_SYNC_OUTPUT |
Set to 1 to force-enable DEC private mode 2026 synchronized output when your terminal supports it but is not auto-detected. Useful for emulators such as Emacs eat that implement BSU/ESU but do not reply to the capability probe. Has no effect under tmux (v2.1.129) |
CLAUDE_CODE_SCROLL_SPEED |
Mouse wheel scroll multiplier for fullscreen rendering. Increase for faster scrolling, decrease for finer control |
CLAUDE_CODE_DISABLE_VIRTUAL_SCROLL |
Set to 1 to disable virtual scrolling in fullscreen rendering and render every message in the transcript. Use if scrolling in fullscreen mode shows blank regions where messages should appear |
CLAUDE_CODE_DISABLE_MOUSE |
Set to 1 to disable mouse tracking in fullscreen rendering. Useful when mouse events interfere with terminal multiplexers or accessibility tools |
CLAUDE_CODE_DISABLE_MOUSE_CLICKS |
Set to 1 to disable mouse click interactions in fullscreen rendering while preserving wheel scroll. Distinguishes click-event suppression from full mouse tracking disable (CLAUDE_CODE_DISABLE_MOUSE). Useful when terminal selection or external accessibility tools conflict with in-app mouse clicks (in v2.1.195 changelog, not yet on official env-vars page) |
CLAUDE_CODE_HIDE_CWD |
Set to 1 to hide the current working directory in the Claude Code startup logo banner. Useful in screen recordings, demos, or shared sessions where the CWD path leaks information about the host or project layout (v2.1.119) |
CLAUDE_CODE_ACCESSIBILITY |
Set to 1 to keep native terminal cursor visible for screen readers and accessibility tools |
CLAUDE_AX_SCREEN_READER |
Set to 1 to render screen-reader friendly output: flat text without decorative borders or animations. Set to 0 to force screen-reader mode off even when the axScreenReader setting is true. The --ax-screen-reader CLI flag takes precedence (v2.1.181+) |
CLAUDE_CODE_NATIVE_CURSOR |
Set to 1 to show the terminal's own cursor at the input caret position instead of Claude Code's custom cursor character |
CLAUDE_CODE_SYNTAX_HIGHLIGHT |
Set to 0 to disable syntax highlighting in diff output |
CLAUDE_CODE_IDE_SKIP_AUTO_INSTALL |
Skip automatic IDE extension installation (1 to skip) |
CLAUDE_CODE_AUTO_CONNECT_IDE |
Override auto IDE connection behavior |
CLAUDE_CODE_IDE_HOST_OVERRIDE |
Override IDE host address for connection |
CLAUDE_CODE_IDE_SKIP_VALID_CHECK |
Skip IDE lockfile validation (1 to skip) |
CLAUDE_CODE_OTEL_HEADERS_HELPER_DEBOUNCE_MS |
Debounce interval in ms for OTel headers helper script |
CLAUDE_CODE_OTEL_FLUSH_TIMEOUT_MS |
Timeout in ms for OpenTelemetry flush |
CLAUDE_CODE_OTEL_SHUTDOWN_TIMEOUT_MS |
Timeout in ms for OpenTelemetry shutdown |
CLAUDE_ENABLE_BYTE_WATCHDOG |
Set to 1 to force-enable the byte-level streaming idle watchdog, or 0 to force-disable it. When unset, the watchdog is enabled by default for Anthropic API connections. The byte watchdog aborts a connection when no bytes arrive on the wire for the duration set by CLAUDE_STREAM_IDLE_TIMEOUT_MS (minimum 5 minutes), independent of the event-level watchdog |
CLAUDE_STREAM_IDLE_TIMEOUT_MS |
Timeout in ms for the streaming idle watchdog. Two watchdogs apply: byte-level (default and minimum 300000 / 5 minutes, aborts when no bytes arrive on the wire) and event-level (default 90000 / 90 seconds, no minimum, aborts when no SSE events arrive). The byte watchdog is enabled by default for Anthropic API connections; control it via CLAUDE_ENABLE_BYTE_WATCHDOG. Increase the event timeout if long-running tools or slow networks cause premature timeout errors |
OTEL_LOG_TOOL_DETAILS |
Set to 1 to include tool_parameters in OpenTelemetry events. Omitted by default for privacy (in v2.1.85 changelog, not yet on official env-vars page) |
OTEL_LOG_RAW_API_BODIES |
Set to 1 to emit full API request and response bodies as OpenTelemetry log events. Omitted by default for privacy and payload size. Useful for debugging at a gateway or proxy (in v2.1.111 changelog, not yet on official env-vars page) |
OTEL_RESOURCE_ATTRIBUTES |
Comma-separated key=value pairs added as resource attributes on all OpenTelemetry metric data points emitted by Claude Code. Use to attach environment or deployment labels (e.g., environment=production,team=platform) that appear on every metric for filtering in your collector (v2.1.162) |
OTEL_LOG_USER_PROMPTS |
Set to 1 to include the user_system_prompt field in OpenTelemetry LLM request spans. Omitted by default for privacy — user prompts can contain sensitive data, so opt in only when you control the OTel collector and have policies in place (in v2.1.121 changelog, not yet on official env-vars page) |
OTEL_LOG_ASSISTANT_RESPONSES |
Set to 1 to include model response text in OpenTelemetry log events. Omitted by default for privacy and payload size. Use only when you control the OTel collector and have policies for handling model output (in v2.1.193 changelog, not yet on official env-vars page) |
OTEL_EXPORTER_OTLP_ENDPOINT |
OpenTelemetry collector endpoint URL for metrics and logs. See Monitoring |
OTEL_EXPORTER_OTLP_HEADERS |
OpenTelemetry exporter headers (Name=Value format, comma-separated) for authenticating with your collector |
OTEL_LOG_TOOL_CONTENT |
Set to 1 to emit full tool inputs and outputs as OpenTelemetry log events. Omitted by default for privacy |
OTEL_METRICS_EXPORTER |
OpenTelemetry metrics exporter type (e.g., otlp). See Monitoring |
OTEL_TRACES_EXPORTER |
OpenTelemetry traces exporter type (e.g., otlp). See Monitoring |
OTEL_METRICS_INCLUDE_ENTRYPOINT |
Set to 1 to include the session entry-point (e.g., interactive vs -p vs SDK) as a label on all OpenTelemetry metric data points. Useful for breaking down metrics by how Claude Code was invoked (v2.1.161 changelog) (in v2.1.161 changelog, not yet on official env-vars page) |
CLAUDE_CODE_FORK_SUBAGENT |
Set to 1 to enable forked subagents on external builds (non-Anthropic-signed distributions). Forked subagents run in an isolated child process instead of sharing the main agent's context (in v2.1.117 changelog, not yet on official env-vars page) |
CLAUDE_CODE_MCP_SERVER_NAME |
Name of the MCP server, passed as an environment variable to headersHelper scripts so they can generate server-specific authentication headers (in v2.1.85 changelog, not yet on official env-vars page) |
CLAUDE_CODE_MCP_SERVER_URL |
URL of the MCP server, passed as an environment variable to headersHelper scripts alongside CLAUDE_CODE_MCP_SERVER_NAME (in v2.1.85 changelog, not yet on official env-vars page) |
ANTHROPIC_DEFAULT_OPUS_MODEL |
Override Opus model alias (e.g., claude-opus-4-6[1m]) |
ANTHROPIC_DEFAULT_OPUS_MODEL_NAME |
Customize the Opus entry label in the /model picker when using a pinned model on Bedrock/Vertex/Foundry. Defaults to the model ID |
ANTHROPIC_DEFAULT_OPUS_MODEL_DESCRIPTION |
Customize the Opus entry description in the /model picker. Defaults to Custom model (<model-id>) |
ANTHROPIC_DEFAULT_OPUS_MODEL_SUPPORTED_CAPABILITIES |
Override capability detection for a pinned Opus model. Comma-separated values (e.g., effort,thinking). Required when the pinned model supports features the auto-detection cannot confirm |
ANTHROPIC_DEFAULT_SONNET_MODEL |
Override Sonnet model alias (e.g., claude-sonnet-4-6) |
ANTHROPIC_DEFAULT_SONNET_MODEL_NAME |
Customize the Sonnet entry label in the /model picker when using a pinned model on Bedrock/Vertex/Foundry. Defaults to the model ID |
ANTHROPIC_DEFAULT_SONNET_MODEL_DESCRIPTION |
Customize the Sonnet entry description in the /model picker. Defaults to Custom model (<model-id>) |
ANTHROPIC_DEFAULT_SONNET_MODEL_SUPPORTED_CAPABILITIES |
Override capability detection for a pinned Sonnet model. Comma-separated values (e.g., effort,thinking). Required when the pinned model supports features the auto-detection cannot confirm |
ANTHROPIC_DEFAULT_FABLE_MODEL |
Override Fable model alias (e.g., claude-fable-5) |
ANTHROPIC_DEFAULT_FABLE_MODEL_NAME |
Customize the Fable entry label in the /model picker when using a pinned model on Bedrock/Vertex/Foundry. Defaults to the model ID |
ANTHROPIC_DEFAULT_FABLE_MODEL_DESCRIPTION |
Customize the Fable entry description in the /model picker. Defaults to Custom model (<model-id>) |
ANTHROPIC_DEFAULT_FABLE_MODEL_SUPPORTED_CAPABILITIES |
Override capability detection for a pinned Fable model. Comma-separated values (e.g., effort,thinking). Required when the pinned model supports features the auto-detection cannot confirm |
MAX_THINKING_TOKENS |
Maximum extended thinking tokens per response. Set to 0 to disable extended thinking entirely on the Anthropic API (equivalent to --thinking disabled). Applies only when using a fixed thinking budget — on adaptive thinking models (Opus 4.7+), the effort level controls thinking depth instead |
CLAUDE_CODE_AUTO_COMPACT_WINDOW |
Set the context capacity in tokens used for auto-compaction calculations. Defaults to the model's context window (200K standard, 1M for extended context models). Use a lower value (e.g., 500000) on a 1M model to treat it as 500K for compaction. Capped at actual context window. CLAUDE_AUTOCOMPACT_PCT_OVERRIDE is applied as a percentage of this value. Setting this decouples the compaction threshold from the status line's used_percentage |
DISABLE_AUTO_COMPACT |
Disable automatic context compaction (1 to disable). Manual /compact still works (not in official docs — unverified) |
DISABLE_COMPACT |
Disable all compaction — both automatic and manual (1 to disable) |
CLAUDE_CODE_ENABLE_PROMPT_SUGGESTION |
Enable prompt suggestions |
CLAUDE_CODE_PLAN_MODE_REQUIRED |
Require plan mode for sessions |
CLAUDE_CODE_TEAM_NAME |
Team name for agent teams |
CLAUDE_CODE_TASK_LIST_ID |
Task list ID for task integration |
CLAUDE_ENV_FILE |
Custom environment file path |
FORCE_AUTOUPDATE_PLUGINS |
Force plugin auto-updates (1 to enable) |
HTTP_PROXY |
HTTP proxy URL for network requests |
HTTPS_PROXY |
HTTPS proxy URL for network requests |
NO_PROXY |
Comma-separated list of hosts that bypass proxy |
MCP_TOOL_TIMEOUT |
MCP tool execution timeout in ms |
MCP_CLIENT_SECRET |
MCP OAuth client secret |
MCP_OAUTH_CALLBACK_PORT |
MCP OAuth callback port |
IS_DEMO |
Enable demo mode |
SLASH_COMMAND_TOOL_CHAR_BUDGET |
Character budget for slash command tool output |
VERTEX_REGION_CLAUDE_3_5_HAIKU |
Vertex AI region override for Claude 3.5 Haiku |
VERTEX_REGION_CLAUDE_3_7_SONNET |
Vertex AI region override for Claude 3.7 Sonnet |
VERTEX_REGION_CLAUDE_4_0_OPUS |
Vertex AI region override for Claude 4.0 Opus |
VERTEX_REGION_CLAUDE_4_0_SONNET |
Vertex AI region override for Claude 4.0 Sonnet |
VERTEX_REGION_CLAUDE_4_1_OPUS |
Vertex AI region override for Claude 4.1 Opus |
Useful Commands
| Command | Description |
|---|---|
/model |
Switch models and adjust effort level (Opus 4.7 and 4.8) |
/effort |
Set effort level directly: low, medium, high, xhigh (Opus 4.7 and 4.8, v2.1.111), or max (Opus 4.6 only) (v2.1.76+) |
/config |
Interactive configuration UI; also accepts key=value syntax for prompt-based settings: /config model=sonnet (v2.1.181) |
/memory |
View/edit all memory files |
/agents |
Manage subagents |
/mcp |
Manage MCP servers |
/hooks |
View configured hooks |
/plugin |
Manage plugins |
claude plugin tag |
Tag a plugin version in a marketplace for distribution. Run from the marketplace repo with the plugin name and version (v2.1.118) |
claude plugin prune |
Remove plugins whose marketplace source is no longer present (e.g., marketplace deleted or extraKnownMarketplaces entry removed). Cleans up local cache and disables orphaned plugins (v2.1.121) |
claude plugin details <plugin> |
Show the plugin's component inventory (commands, agents, skills, hooks) and the per-session context-token cost it adds. Useful for auditing token spend before enabling a plugin in a managed environment (v2.1.139) |
/keybindings |
Configure custom keyboard shortcuts |
/skills |
View and manage skills |
/permissions |
View and manage permission rules |
/usage-credits |
View remaining usage credits and limits. Renamed from /extra-usage in v2.1.144 (the old name still works) |
claude gateway |
Manage Claude Gateway connections for organization-managed deployments. Requires forceLoginMethod: "gateway" in managed settings (v2.1.195) |
--doctor |
Diagnose configuration issues |
--debug |
Debug mode with hook execution details |
Quick Reference: Complete Example
{
"$schema": "https://json.schemastore.org/claude-code-settings.json",
"model": "sonnet",
"advisorModel": "fable",
"agent": "code-reviewer",
"language": "english",
"cleanupPeriodDays": 30,
"autoUpdatesChannel": "stable",
"alwaysThinkingEnabled": true,
"showThinkingSummaries": true,
"viewMode": "default",
"tui": "fullscreen",
"awaySummaryEnabled": false,
"includeGitInstructions": true,
"defaultShell": "bash",
"plansDirectory": "./plans",
"claudeMdExcludes": ["**/vendor/**/CLAUDE.md"],
"effortLevel": "high",
"maxSkillDescriptionChars": 1536,
"skillListingBudgetFraction": 0.01,
"disableAgentView": false,
"disableWorkflows": false,
"workflowKeywordTriggerEnabled": true,
"syntaxHighlightingDisabled": false,
"worktree": {
"symlinkDirectories": ["node_modules"],
"sparsePaths": ["packages/my-app", "shared/utils"],
"baseRef": "fresh",
"bgIsolation": "worktree"
},
"skillOverrides": {
"legacy-context": "name-only",
"deploy": "off"
},
"modelOverrides": {
"claude-opus-4-6": "arn:aws:bedrock:us-east-1:123456789:inference-profile/anthropic.claude-opus-4-6-v1:0"
},
"autoMode": {
"classifyAllShell": false,
"environment": [
"Source control: github.example.com/acme-corp and all repos under it",
"Trusted internal domains: *.internal.example.com"
],
"soft_deny": ["$defaults", "Never run terraform apply"],
"hard_deny": ["Never run rm -rf on directories outside the project"]
},
"permissions": {
"allow": [
"Edit(*)",
"Write(*)",
"Bash(npm run *)",
"Bash(git *)",
"WebFetch(domain:*)",
"mcp__*",
"Agent(*)"
],
"deny": [
"Read(.env)",
"Read(./secrets/**)"
],
"additionalDirectories": ["../shared/"],
"defaultMode": "acceptEdits"
},
"enableAllProjectMcpServers": true,
"mcpServers": {
"always-on-server": {
"type": "http",
"url": "https://mcp.example.com",
"alwaysLoad": true
}
},
"sshConfigs": [
{
"id": "dev-vm",
"name": "Dev VM",
"sshHost": "user@dev.example.com"
}
],
"sandbox": {
"enabled": true,
"excludedCommands": ["git", "docker"],
"filesystem": {
"denyRead": ["./secrets/"],
"denyWrite": ["./.env"]
}
},
"attribution": {
"commit": "Generated with Claude Code",
"pr": ""
},
"prUrlTemplate": "https://gitlab.example.com/{owner}/{repo}/-/merge_requests/{number}",
"statusLine": {
"type": "command",
"command": "git branch --show-current"
},
"spinnerTipsEnabled": true,
"spinnerTipsOverride": {
"tips": ["Custom tip 1", "Custom tip 2"],
"excludeDefault": false
},
"prefersReducedMotion": false,
"preferredNotifChannel": "terminal_bell",
"env": {
"NODE_ENV": "development",
"CLAUDE_CODE_EFFORT_LEVEL": "medium",
"ANTHROPIC_BEDROCK_SERVICE_TIER": "priority"
}
}