configuration

# Claude Code Configuration

## Overview

Claude Code provides hierarchical configuration through `settings.json` files at multiple levels. You can manage settings globally, per-project, or through enterprise policies.

## Configuration File Locations

**User-level settings**: `~/.claude/settings.json` (applies to all projects)

**Project-level settings**:
- `.claude/settings.json` (shared with team via source control)
- `.claude/settings.local.json` (personal, not committed)

**Enterprise managed policies**:
- macOS: `/Library/Application Support/ClaudeCode/managed-settings.json`
- Linux/WSL: `/etc/claude-code/managed-settings.json`
- Windows: `C:\ProgramData\ClaudeCode\managed-settings.json`

## Key Configuration Options

| Setting | Purpose | Example |
|---------|---------|---------|
| `permissions` | Control tool access and file restrictions | `{"allow": ["Bash(npm run test:*)"], "deny": ["Read(.env)"]}` |
| `env` | Environment variables for sessions | `{"FOO": "bar"}` |
| `model` | Override default model | `"claude-sonnet-4-5-20250929"` |
| `outputStyle` | Adjust system prompt behavior | `"Explanatory"` |
| `hooks` | Custom commands before/after tool use | `{"PreToolUse": {"Bash": "echo 'Running..'"}}` |

## Permission Configuration

Restrict file and command access through the `permissions` object:

**Deny patterns** block sensitive files:
```json
{
  "permissions": {
    "deny": [
      "Read(.env)",
      "Read(./secrets/**)",
      "Bash(curl:*)"
    ]
  }
}
```

**Allow patterns** explicitly permit actions:
```json
{
  "permissions": {
    "allow": [
      "Bash(npm run lint)",
      "Bash(npm run test:*)"
    ]
  }
}
```

**Ask patterns** require confirmation:
```json
{
  "permissions": {
    "ask": [
      "Bash(git push:*)",
      "Write(src/**)"
    ]
  }
}
```

## Sandbox Settings

Enable process isolation (macOS/Linux):

```json
{
  "sandbox": {
    "enabled": true,
    "excludedCommands": ["docker"],
    "network": {
      "allowUnixSockets": ["~/.s