Settings examples
Claude Code settings.json Examples for Teams
A useful settings.json is not a pile of preferences. It is a scoped contract for which tools can run, which hooks must fire, and which local convenience should stay private.
Quick Answer
Start with project settings for shared repo policy, keep personal overrides local, use permissions.allow/ask/deny for tool rules, put hooks under lifecycle event names, and keep command scaffolds in .claude/commands only when a legacy command is the right fit.
For: Engineering teams turning Claude Code policy into reviewable JSON instead of scattered local defaults.
Key facts
What this page establishes
- Start with project settings for shared repo policy, keep personal overrides local, use permissions.allow/ask/deny for tool rules, put hooks under lifecycle event names, and keep command scaffolds in .claude/commands only when a legacy command is the right fit.
- Audience: Engineering teams turning Claude Code policy into reviewable JSON instead of scattered local defaults.
- Primary-source base: Claude Code settings, Configure permissions, Hooks reference.
Put shared policy in the shared settings scope
Claude Code settings resolve from multiple scopes. That is useful only when ownership is clear: managed settings for administrators, project settings for repo policy, user settings for personal defaults, and local settings for private overrides.
If a rule must apply to a team, do not hide it in one developer account. Commit the project setting or document the managed policy that owns it. If a rule only helps one workstation, keep it local.
Primary-source anchor: Anthropic documents settings scopes and separates managed, user, project, and local ownership.
Model permissions before adding convenience
Permission rules are easiest to review when the intent is visible. Put high-risk blocks in deny, put commands that should still require judgment in ask, and allow only boring commands that support the workflow.
Deny rules take precedence over ask and allow rules. That means a broad deny cannot be punched through with a narrower allow later, so avoid broad blocks unless you truly want an unconditional boundary.
{
"permissions": {
"allow": ["Read", "Bash(npm test *)", "Bash(git diff *)"],
"ask": ["Bash(npm run build)", "WebFetch(domain:docs.example.com)"],
"deny": ["Read(//**/.env)", "Bash(rm -rf *)", "mcp__*"]
}
} Primary-source anchor: Anthropic documents deny, ask, and allow precedence plus file, Bash, MCP, and agent rule syntax.
Keep hook JSON close to the lifecycle event
Hook configuration has a predictable shape: event name, optional matcher group, then one or more hook handlers. Tool events can match tool names such as Bash, Edit, or Write. Stop-style events always fire and should not depend on a matcher.
The safest first examples are narrow: lint after edits, block risky shell commands before Bash runs, or require a final check before Stop. Keep hook scripts small enough for code review.
{
"hooks": {
"PostToolUse": [
{
"matcher": "Edit|Write",
"hooks": [
{
"type": "command",
"command": "${CLAUDE_PROJECT_DIR}/.claude/hooks/lint-changed.sh"
}
]
}
],
"Stop": [
{
"hooks": [
{
"type": "command",
"command": "${CLAUDE_PROJECT_DIR}/.claude/hooks/require-checks.sh"
}
]
}
]
}
} Primary-source anchor: the hooks reference documents event names, matcher groups, handler fields, input/output, and decision control.
Treat command files as lightweight workflow entry points
Skills are the recommended reusable capability, but legacy files in .claude/commands still work and can be useful for short team commands. Keep them concise and explicit about allowed tools and expected evidence.
A command scaffold should include a description, argument hints, optional allowed tools, the task contract, and the verification command the user expects Claude to run.
---
description: Review the active diff for regressions
argument-hint: "[focus area]"
allowed-tools: Read Grep Bash(git diff *) Bash(npm test *)
---
Review the active diff for $ARGUMENTS.
Return findings with file paths, severity, and test evidence. Primary-source anchor: Anthropic documents skills frontmatter and notes that files under .claude/commands still work with the same frontmatter.
Use generators as starters, not policy substitutes
Generated settings should be reviewed like any other configuration. The free tools on this site produce valid starter blocks, but a team still needs to verify commands, paths, and trust boundaries in its own repository.
The right output is boring JSON or markdown that a reviewer can understand in one pass. Avoid opaque all-purpose settings that claim to solve security, hooks, and workflow design at the same time.
- Review generated JSON before committing it.
- Keep hook scripts in the repository and code review them.
- Use deny rules for unconditional boundaries.
- Use ask rules for operations that need human judgment.
- Run Claude Code locally after adding settings to catch typos and startup warnings.
Primary Sources
These are the source pages used for factual claims on this article.
Anthropic
Claude Code settings
Managed, user, project, and local settings scopes.Anthropic
Configure permissions
Permission rule syntax, deny/ask/allow precedence, file rules, MCP rules, and agent rules.Anthropic
Hooks reference
Hook lifecycle, event cadence, input/output shape, and advanced hook types.Anthropic
Skills and slash commands
Current skills frontmatter fields and legacy .claude/commands compatibility.Cite This Page
Claude Ships Code. "Claude Code settings.json Examples for Teams." Updated 2026-07-06. https://claudeshipscode-com.pages.dev/settings-json
Claude Ships Code. "Claude Code settings.json Examples for Teams." Updated 2026-07-06. https://claudeshipscode-com.pages.dev/settings-json FAQ
Where should Claude Code settings.json live?
Use .claude/settings.json for shared project settings, .claude/settings.local.json for private repo-local overrides, user settings for personal defaults, and managed settings for organization policy.
Are .claude/commands files still supported?
Yes. Anthropic documents that files in .claude/commands still work, although skills are recommended for richer reusable workflows.