C
Claude Code Expert

Task 3.1

Configuration & Settings

Claude Code is configured through a hierarchy of settings files, environment variables, and command-line flags. Understanding the configuration hierarchy — global, project, and local settings — is essential for managing Claude Code in team environments.

Settings Hierarchy

Claude Code settings are applied in order of precedence: command-line flags override environment variables, which override project settings, which override user (global) settings. User settings live in ~/.claude/settings.json. Project settings live in .claude/settings.json in the project root.

Project settings are committed to version control and shared across the team. User settings are personal and not shared. This separation lets teams standardize behavior while allowing individual customization.

Key Configuration Options

Important settings include: model selection (which Claude model to use), allowed and denied tool patterns (controlling which tools Claude can use), MCP server configuration, and permission modes. The permissions system controls what actions Claude can take without asking — from fully autonomous to requiring approval for each action.

The allowedTools and deniedTools patterns use glob syntax to match tool names. For example, 'mcp__*' allows all MCP tools, while 'Edit' allows the file edit tool specifically.

Environment Variables

Claude Code reads several environment variables for configuration: ANTHROPIC_API_KEY for authentication, CLAUDE_CODE_USE_BEDROCK or CLAUDE_CODE_USE_VERTEX for cloud provider routing, and CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC to disable telemetry.

For CI/CD pipelines, environment variables are the primary configuration mechanism since there is no interactive terminal. Set the API key and any necessary flags before invoking Claude Code in headless mode.

Key Concept

Project Settings for Teams, User Settings for Individuals

Project settings (.claude/settings.json) define team-wide defaults and are version-controlled. User settings (~/.claude/settings.json) define personal preferences and are not shared. When there is a conflict, project settings take precedence for security-critical options (like denied tools) but user settings can extend allowed options. This ensures teams maintain a security baseline while allowing individual flexibility.

Exam Traps

EXAM TRAP

Confusing project and user settings precedence

Project settings override user settings for most options. The exam may test whether you know which setting level takes precedence for a given configuration.

EXAM TRAP

Forgetting environment variables for CI/CD

In non-interactive (headless) mode, Claude Code relies on environment variables for API keys and configuration. The exam may present CI/CD scenarios where this matters.

EXAM TRAP

Not knowing about permission modes

Claude Code has different permission modes that control autonomy. The exam tests whether you understand the tradeoffs between automatic and manual approval modes.

Check Your Understanding

A team wants to prevent Claude Code from executing shell commands on all developers' machines, but one developer needs to run specific linting commands. How should this be configured?

Build Exercise

Configure Claude Code for a Team

Beginner20 minutes

What you'll learn

  • Create project-level settings
  • Configure allowed and denied tools
  • Set up MCP server references
  • Understand the settings hierarchy

  1. Create a .claude/settings.json file in your project with basic settings: deny dangerous tools (Bash with rm -rf), allow file read/write tools.

    WHY: Project settings establish the security baseline for the team.

    YOU SHOULD SEE: A settings.json file with allowedTools and deniedTools arrays.

  2. Create a user-level settings file (~/.claude/settings.json) with personal preferences that extend the project settings.

    WHY: User settings let individuals customize their experience without affecting the team.

    YOU SHOULD SEE: Personal settings that add to, but don't override, the project security rules.

  3. Add an MCP server to the project settings so all team members have access to a shared tool.

    WHY: MCP server configuration in project settings ensures consistent tooling across the team.

    YOU SHOULD SEE: A mcpServers section in .claude/settings.json referencing a shared server.

  4. Test the configuration by verifying which tools are available and which are blocked. Try to use a denied tool and observe the behavior.

    WHY: Testing validates that your configuration achieves the intended security posture.

    YOU SHOULD SEE: Allowed tools work normally; denied tools are blocked with a clear message.

Sources

Previous

Tool Selection & Routing