Claude Code · AIintermediate

Claude Code settings.json

A .claude/settings.json for Claude Code — permission allow/deny/ask rules, a PostToolUse hook, environment variables and a model override — the file that governs how the agent behaves in a repo.

claude-codeaiagentpermissionshooks

Preview

{
  "$schema": "https://json.schemastore.org/claude-code-settings.json",
  "permissions": {
    "allow": [
      "Bash(npm run test:*)",
      "Bash(npm run lint:*)",
      "Read(./src/**)"
    ],
    "ask": [
      "Bash(git push:*)"
    ],
    "deny": [
      "Read(./.env)",
      "Bash(rm -rf:*)"
    ]
  },
  "env": {
    "NODE_ENV": "development"
  },
  "model": "claude-sonnet-4-5",
  "hooks": {
    "PostToolUse": [
      {
        "matcher": "Edit|Write",
        "hooks": [
          {
            "type": "command",
            "command": "npx prettier --write \"$CLAUDE_FILE_PATHS\""
          }
        ]
      }
    ]
  }
}

AI actions

Documentation

Purpose

Control how Claude Code operates in a project — which tools run without prompting, what is always blocked, and what shell commands fire on lifecycle events.

When to use

Standardizing agent behavior for a repo: fewer permission prompts for safe commands, hard denies for secrets, and hooks that keep formatting or tests consistent.

Required fields

  • No field is strictly required; an empty {} is valid. permissions is the most common.

Optional fields

  • permissions — allow / deny / ask arrays of tool-pattern rules
  • hooks — commands run on events like PostToolUse or Stop
  • env — environment variables injected into the session
  • model — override the model used in this project

Best practices

  • Allow only narrow, safe command patterns (e.g. Bash(npm run test:*)), not broad wildcards.
  • Keep secret files in deny (Read(./.env)) so the agent never reads them.
  • Use ask for irreversible actions like git push instead of allow.

Security considerations

  • deny rules win over allow — put secret paths and destructive commands there.
  • Do not put API keys in this file; use env references or a separate secrets file.
  • Review hook commands carefully — they run automatically with your shell privileges.