Claude Code · AIintermediate
Claude Code settings.json
A .claude/settings.json for Claude Code — permission allow/deny/ask rules, a PostToolUse hook, environment variables and a model override — the file that governs how the agent behaves in a repo.
claude-codeaiagentpermissionshooks
Preview
{
"$schema": "https://json.schemastore.org/claude-code-settings.json",
"permissions": {
"allow": [
"Bash(npm run test:*)",
"Bash(npm run lint:*)",
"Read(./src/**)"
],
"ask": [
"Bash(git push:*)"
],
"deny": [
"Read(./.env)",
"Bash(rm -rf:*)"
]
},
"env": {
"NODE_ENV": "development"
},
"model": "claude-sonnet-4-5",
"hooks": {
"PostToolUse": [
{
"matcher": "Edit|Write",
"hooks": [
{
"type": "command",
"command": "npx prettier --write \"$CLAUDE_FILE_PATHS\""
}
]
}
]
}
}AI actions
Documentation
Purpose
Control how Claude Code operates in a project — which tools run without prompting, what is always blocked, and what shell commands fire on lifecycle events.
When to use
Standardizing agent behavior for a repo: fewer permission prompts for safe commands, hard denies for secrets, and hooks that keep formatting or tests consistent.
Required fields
- No field is strictly required; an empty {} is valid. permissions is the most common.
Optional fields
- permissions — allow / deny / ask arrays of tool-pattern rules
- hooks — commands run on events like PostToolUse or Stop
- env — environment variables injected into the session
- model — override the model used in this project
Best practices
- Allow only narrow, safe command patterns (e.g. Bash(npm run test:*)), not broad wildcards.
- Keep secret files in deny (Read(./.env)) so the agent never reads them.
- Use ask for irreversible actions like git push instead of allow.
Security considerations
- deny rules win over allow — put secret paths and destructive commands there.
- Do not put API keys in this file; use env references or a separate secrets file.
- Review hook commands carefully — they run automatically with your shell privileges.