Claude Code Configuration: 50+ Settings You Should Know
“I’ve been using Claude Code for a while now, but I had no idea you could configure all of this!” – I hear this regularly from developers in my courses. Time to change that.
Claude Code is far more than an AI coding assistant. It is a highly configurable development tool with over 50 environment variables, hierarchical settings levels and granular permission controls. In this article I will show you the most important configuration options.
Understanding the Settings Hierarchy
Claude Code uses a hierarchical configuration system. This means: settings at higher levels override lower ones. The order (from highest to lowest priority):
- Enterprise Managed Policies (
managed-settings.json) – Deployed by IT/DevOps, not overridable - Command Line Arguments – Temporary overrides for a session
- Local Project Settings (
.claude/settings.local.json) – Personal, non-committed settings - Shared Project Settings (
.claude/settings.json) – Team settings in the repository - User Settings (
~/.claude/settings.json) – Global personal settings
Practical tip: Use .claude/settings.local.json for experiments – this file is automatically ignored by Git.
The Most Important Environment Variables
Here are the environment variables that make the biggest difference in practice:
Performance & Costs
| Variable | Purpose |
|---|---|
MAX_THINKING_TOKENS | Enable extended thinking – improves complex reasoning tasks |
CLAUDE_CODE_MAX_OUTPUT_TOKENS | Maximum output tokens per request |
DISABLE_PROMPT_CACHING | Disable prompt caching (sometimes saves costs) |
DISABLE_COST_WARNINGS | Hide cost warnings |
Bash & Shell Behaviour
| Variable | Purpose |
|---|---|
BASH_DEFAULT_TIMEOUT_MS | Default timeout for long Bash commands |
BASH_MAX_TIMEOUT_MS | Maximum timeout for Bash commands |
BASH_MAX_OUTPUT_LENGTH | Max. characters in Bash outputs before truncation |
CLAUDE_BASH_MAINTAIN_PROJECT_WORKING_DIR | Return to the project root after each command |
Enterprise & Proxy
| Variable | Purpose |
|---|---|
HTTP_PROXY / HTTPS_PROXY | Proxy server for network connections |
NO_PROXY | Domains that should bypass the proxy |
CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC | Disable telemetry, auto-updates, error reporting |
Alternative Model Providers
| Variable | Purpose |
|---|---|
CLAUDE_CODE_USE_BEDROCK | Use AWS Bedrock instead of the Anthropic API |
CLAUDE_CODE_USE_VERTEX | Use Google Vertex AI |
CLAUDE_CODE_USE_FOUNDRY | Use Microsoft Foundry |
Permission Settings: Granular Control
The permissions settings in settings.json give you precise control over what Claude Code may and may not do:
{
"permissions": {
"allow": [
"Bash(npm run lint)",
"Bash(npm run test:*)",
"Read(~/.zshrc)"
],
"deny": [
"Bash(curl:*)",
"Read(./.env)",
"Read(./.env.*)",
"Read(./secrets/**)"
],
"defaultMode": "acceptEdits"
}
}
The Three Permission Types
- allow: Tools/commands that are executed without asking
- ask: Tools that require confirmation
- deny: Completely blocked tools/paths
Security tip: Use deny rules for sensitive files such as .env, credentials and secrets. Claude Code will then ignore these files entirely.
Sandbox Settings: Isolation for More Security
The sandbox isolates Bash commands from the filesystem and network. Especially important for teams working with sensitive code:
{
"sandbox": {
"enabled": true,
"autoAllowBashIfSandboxed": true,
"excludedCommands": ["git", "docker"],
"network": {
"allowUnixSockets": ["/var/run/docker.sock"],
"allowLocalBinding": true
}
}
}
Important: The sandbox is currently only available on macOS and Linux.
Team Announcements: Communication Within the Team
An underrated feature – companyAnnouncements displays messages on startup:
{
"companyAnnouncements": [
"Willkommen! Unsere Code Guidelines findest du unter docs.company.com",
"Reminder: Code Reviews sind für alle PRs erforderlich",
"Neue Security Policy seit 01.02.2026 aktiv"
]
}
Perfect for onboarding, policy updates or team announcements.
Hooks: Automation Before and After Tool Execution
With hooks you can run your own commands before or after Claude Code uses tools:
{
"hooks": {
"PreToolUse": {
"Bash": "echo 'Running command...'"
}
}
}
Use cases:
- Automatic formatting after file edits
- Logging/auditing of commands
- Blocking certain operations
My Top 5 Configurations for Everyday Use
From my daily work with Claude Code and teaching at FFHS/TSBE, here are my personal favourites:
1. Extended Thinking for Complex Tasks
export MAX_THINKING_TOKENS=10000
2. Protect Sensitive Files
{
"permissions": {
"deny": ["Read(./.env)", "Read(./secrets/**)", "Read(./*.pem)"]
}
}
3. Project-Specific Model
{
"model": "claude-sonnet-4-5-20250929"
}
4. Disable Co-Authored-By in Commits
{
"includeCoAuthoredBy": false
}
5. Custom Status Line for Context
{
"statusLine": {
"type": "command",
"command": "~/.claude/statusline.sh"
}
}
Conclusion: Invest 30 Minutes in Your Configuration
Most developers use Claude Code “out of the box” – and thereby give away enormous potential. A well-thought-out configuration makes you more productive, protects sensitive data and adapts the tool to your workflow.
My advice: Take 30 minutes, create a ~/.claude/settings.json for your global preferences and a .claude/settings.json for each important project.
You can find the full documentation at code.claude.com/docs/en/settings.
Which Claude Code settings do you use? Write to me on LinkedIn – I’m curious about your setups!