Documentation 2026-02-23 21:13 UTC to 2026-02-24 21:08 UTC

20* **Repositories not on your local machine**: Work on code you don't have checked out locally20* **Repositories not on your local machine**: Work on code you don't have checked out locally

21* **Backend changes**: Where Claude Code can write tests and then write code to pass those tests21* **Backend changes**: Where Claude Code can write tests and then write code to pass those tests

22 22 

23Claude Code is also available on the Claude iOS app for kicking off tasks on the go and monitoring work in progress.23Claude Code is also available on the Claude app for [iOS](https://apps.apple.com/us/app/claude-by-anthropic/id6473753684) and [Android](https://play.google.com/store/apps/details?id=com.anthropic.claude) for kicking off tasks on the go and monitoring work in progress.

24 24 

25You can move between local and remote development: [send tasks from your terminal to run on the web](#from-terminal-to-web) with the `&` prefix, or [teleport web sessions back to your terminal](#from-web-to-terminal) to continue locally.25You can move between local and remote development: [send tasks from your terminal to run on the web](#from-terminal-to-web) with the `&` prefix, or [teleport web sessions back to your terminal](#from-web-to-terminal) to continue locally. To use the web interface while running Claude Code on your own machine instead of cloud infrastructure, see [Remote Control](/en/remote-control).

26 26 

27## Who can use Claude Code on the web?27## Who can use Claude Code on the web?

28 28 

9## CLI commands9## CLI commands

10 10 

11| Command | Description | Example |11| Command | Description | Example |

12| :------------------------------ | :----------------------------------------------------------------- | :------------------------------------------------ |12| :------------------------------ | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------ |

13| `claude` | Start interactive REPL | `claude` |13| `claude` | Start interactive REPL | `claude` |

14| `claude "query"` | Start REPL with initial prompt | `claude "explain this project"` |14| `claude "query"` | Start REPL with initial prompt | `claude "explain this project"` |

15| `claude -p "query"` | Query via SDK, then exit | `claude -p "explain this function"` |15| `claude -p "query"` | Query via SDK, then exit | `claude -p "explain this function"` |

18| `claude -c -p "query"` | Continue via SDK | `claude -c -p "Check for type errors"` |18| `claude -c -p "query"` | Continue via SDK | `claude -c -p "Check for type errors"` |

19| `claude -r "<session>" "query"` | Resume session by ID or name | `claude -r "auth-refactor" "Finish this PR"` |19| `claude -r "<session>" "query"` | Resume session by ID or name | `claude -r "auth-refactor" "Finish this PR"` |

20| `claude update` | Update to latest version | `claude update` |20| `claude update` | Update to latest version | `claude update` |

21| `claude auth login` | Sign in to your Anthropic account | `claude auth login` |

22| `claude auth logout` | Log out from your Anthropic account | `claude auth logout` |

23| `claude auth status` | Show authentication status | `claude auth status` |

21| `claude agents` | List all configured [subagents](/en/sub-agents), grouped by source | `claude agents` |24| `claude agents` | List all configured [subagents](/en/sub-agents), grouped by source | `claude agents` |

22| `claude mcp` | Configure Model Context Protocol (MCP) servers | See the [Claude Code MCP documentation](/en/mcp). |25| `claude mcp` | Configure Model Context Protocol (MCP) servers | See the [Claude Code MCP documentation](/en/mcp). |

26| `claude remote-control` | Start a [Remote Control session](/en/remote-control) to control Claude Code from Claude.ai or the Claude app while running locally. See [Remote Control](/en/remote-control) for flags | `claude remote-control` |

23 27 

24## CLI flags28## CLI flags

25 29 

51 51 

52## Data access52## Data access

53 53 

54For all first party users, you can learn more about what data is logged for [local Claude Code](#local-claude-code-data-flow-and-dependencies) and [remote Claude Code](#cloud-execution-data-flow-and-dependencies). Note for remote Claude Code, Claude accesses the repository where you initiate your Claude Code session. Claude does not access repositories that you have connected but have not started a session in.54For all first party users, you can learn more about what data is logged for [local Claude Code](#local-claude-code-data-flow-and-dependencies) and [remote Claude Code](#cloud-execution-data-flow-and-dependencies). [Remote Control](/en/remote-control) sessions follow the local data flow since all execution happens on your machine. Note for remote Claude Code, Claude accesses the repository where you initiate your Claude Code session. Claude does not access repositories that you have connected but have not started a session in.

55 55 

56## Local Claude Code: Data flow and dependencies56## Local Claude Code: Data flow and dependencies

57 57 

370Managed settings override project and user settings and apply when Desktop spawns CLI sessions. You can set these keys in your organization's [managed settings](/en/settings#settings-precedence) file or push them remotely through the admin console.370Managed settings override project and user settings and apply when Desktop spawns CLI sessions. You can set these keys in your organization's [managed settings](/en/settings#settings-precedence) file or push them remotely through the admin console.

371 371 

372| Key | Description |372| Key | Description |

373| ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------- |373| ------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- |

374| `disableBypassPermissionsMode` | set to `"disable"` to prevent users from enabling Bypass permissions mode. See [permissions](/en/permissions#managed-settings). |374| `disableBypassPermissionsMode` | set to `"disable"` to prevent users from enabling Bypass permissions mode. See [managed settings](/en/permissions#managed-only-settings). |

375 375 

376For the complete list of managed-only settings including `allowManagedPermissionRulesOnly` and `allowManagedHooksOnly`, see [managed-only settings](/en/permissions#managed-only-settings).376For the complete list of managed-only settings including `allowManagedPermissionRulesOnly` and `allowManagedHooksOnly`, see [managed-only settings](/en/permissions#managed-only-settings).

377 377 

34 34 

35Tools are what make Claude Code agentic. Without tools, Claude can only respond with text. With tools, Claude can act: read your code, edit files, run commands, search the web, and interact with external services. Each tool use returns information that feeds back into the loop, informing Claude's next decision.35Tools are what make Claude Code agentic. Without tools, Claude can only respond with text. With tools, Claude can act: read your code, edit files, run commands, search the web, and interact with external services. Each tool use returns information that feeds back into the loop, informing Claude's next decision.

36 36 

37The built-in tools generally fall into four categories, each representing a different kind of agency.37The built-in tools generally fall into five categories, each representing a different kind of agency.

38 38 

39| Category | What Claude can do |39| Category | What Claude can do |

40| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- |40| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- |

61 61 

62## What Claude can access62## What Claude can access

63 63 

64This guide focuses on the terminal. Claude Code also runs in [VS Code, JetBrains IDEs, and other environments](/en/ide-integrations).

65 

66When you run `claude` in a directory, Claude Code gains access to:64When you run `claude` in a directory, Claude Code gains access to:

67 65 

68* **Your project.** Files in your directory and subdirectories, plus files elsewhere with your permission.66* **Your project.** Files in your directory and subdirectories, plus files elsewhere with your permission.

73 71 

74Because Claude sees your whole project, it can work across it. When you ask Claude to "fix the authentication bug," it searches for relevant files, reads multiple files to understand context, makes coordinated edits across them, runs tests to verify the fix, and commits the changes if you ask. This is different from inline code assistants that only see the current file.72Because Claude sees your whole project, it can work across it. When you ask Claude to "fix the authentication bug," it searches for relevant files, reads multiple files to understand context, makes coordinated edits across them, runs tests to verify the fix, and commits the changes if you ask. This is different from inline code assistants that only see the current file.

75 73 

74## Environments and interfaces

75 

76The agentic loop, tools, and capabilities described above are the same everywhere you use Claude Code. What changes is where the code executes and how you interact with it.

77 

78### Execution environments

79 

80Claude Code runs in three environments, each with different tradeoffs for where your code executes.

81 

82| Environment | Where code runs | Use case |

83| ------------------ | --------------------------------------- | ---------------------------------------------------------- |

84| **Local** | Your machine | Default. Full access to your files, tools, and environment |

85| **Cloud** | Anthropic-managed VMs | Offload tasks, work on repos you don't have locally |

86| **Remote Control** | Your machine, controlled from a browser | Use the web UI while keeping everything local |

87 

88### Interfaces

89 

90You can access Claude Code through the terminal, the [desktop app](/en/desktop), [IDE extensions](/en/ide-integrations), [claude.ai/code](https://claude.ai/code), [Remote Control](/en/remote-control), [Slack](/en/slack), and [CI/CD pipelines](/en/github-actions). The interface determines how you see and interact with Claude, but the underlying agentic loop is identical. See [Use Claude Code everywhere](/en/overview#use-claude-code-everywhere) for the full list.

91 

76## Work with sessions92## Work with sessions

77 93 

78Claude Code saves your conversation locally as you work. Each message, tool use, and result is stored, which enables [rewinding](#undo-changes-with-checkpoints), [resuming, and forking](#resume-or-fork-sessions) sessions. Before Claude makes code changes, it also snapshots the affected files so you can revert if needed.94Claude Code saves your conversation locally as you work. Each message, tool use, and result is stored, which enables [rewinding](#undo-changes-with-checkpoints), [resuming, and forking](#resume-or-fork-sessions) sessions. Before Claude makes code changes, it also snapshots the affected files so you can revert if needed.

187 <Accordion title="Work from anywhere" icon="globe">187 <Accordion title="Work from anywhere" icon="globe">

188 Sessions aren't tied to a single surface. Move work between environments as your context changes:188 Sessions aren't tied to a single surface. Move work between environments as your context changes:

189 189 

190 * Step away from your desk and keep working from your phone or any browser with [Remote Control](/en/remote-control)

190 * Kick off a long-running task on the [web](/en/claude-code-on-the-web) or [iOS app](https://apps.apple.com/app/claude-by-anthropic/id6473753684), then pull it into your terminal with `/teleport`191 * Kick off a long-running task on the [web](/en/claude-code-on-the-web) or [iOS app](https://apps.apple.com/app/claude-by-anthropic/id6473753684), then pull it into your terminal with `/teleport`

191 * Hand off a terminal session to the [Desktop app](/en/desktop) with `/desktop` for visual diff review192 * Hand off a terminal session to the [Desktop app](/en/desktop) with `/desktop` for visual diff review

192 * Route tasks from team chat: mention `@Claude` in [Slack](/en/slack) with a bug report and get a pull request back193 * Route tasks from team chat: mention `@Claude` in [Slack](/en/slack) with a bug report and get a pull request back

200Beyond the [Terminal](/en/quickstart), [VS Code](/en/vs-code), [JetBrains](/en/jetbrains), [Desktop](/en/desktop), and [Web](/en/claude-code-on-the-web) environments above, Claude Code integrates with CI/CD, chat, and browser workflows:201Beyond the [Terminal](/en/quickstart), [VS Code](/en/vs-code), [JetBrains](/en/jetbrains), [Desktop](/en/desktop), and [Web](/en/claude-code-on-the-web) environments above, Claude Code integrates with CI/CD, chat, and browser workflows:

201 202 

202| I want to... | Best option |203| I want to... | Best option |

203| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ |204| -------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ |

205| Continue a local session from my phone or another device | [Remote Control](/en/remote-control) |

204| Start a task locally, continue on mobile | [Web](/en/claude-code-on-the-web) or [Claude iOS app](https://apps.apple.com/app/claude-by-anthropic/id6473753684) |206| Start a task locally, continue on mobile | [Web](/en/claude-code-on-the-web) or [Claude iOS app](https://apps.apple.com/app/claude-by-anthropic/id6473753684) |

205| Automate PR reviews and issue triage | [GitHub Actions](/en/github-actions) or [GitLab CI/CD](/en/gitlab-ci-cd) |207| Automate PR reviews and issue triage | [GitHub Actions](/en/github-actions) or [GitLab CI/CD](/en/gitlab-ci-cd) |

206| Route bug reports from Slack to pull requests | [Slack](/en/slack) |208| Route bug reports from Slack to pull requests | [Slack](/en/slack) |

136Read and Edit rules both follow the [gitignore](https://git-scm.com/docs/gitignore) specification with four distinct pattern types:136Read and Edit rules both follow the [gitignore](https://git-scm.com/docs/gitignore) specification with four distinct pattern types:

137 137 

138| Pattern | Meaning | Example | Matches |138| Pattern | Meaning | Example | Matches |

139| ------------------ | -------------------------------------- | -------------------------------- | ---------------------------------- |139| ------------------ | -------------------------------------- | -------------------------------- | ------------------------------ |

140| `//path` | **Absolute** path from filesystem root | `Read(//Users/alice/secrets/**)` | `/Users/alice/secrets/**` |140| `//path` | **Absolute** path from filesystem root | `Read(//Users/alice/secrets/**)` | `/Users/alice/secrets/**` |

141| `~/path` | Path from **home** directory | `Read(~/Documents/*.pdf)` | `/Users/alice/Documents/*.pdf` |141| `~/path` | Path from **home** directory | `Read(~/Documents/*.pdf)` | `/Users/alice/Documents/*.pdf` |

142| `/path` | Path **relative to settings file** | `Edit(/src/**/*.ts)` | `<settings file path>/src/**/*.ts` |142| `/path` | Path **relative to project root** | `Edit(/src/**/*.ts)` | `<project root>/src/**/*.ts` |

143| `path` or `./path` | Path **relative to current directory** | `Read(*.env)` | `<cwd>/*.env` |143| `path` or `./path` | Path **relative to current directory** | `Read(*.env)` | `<cwd>/*.env` |

144 144 

145<Warning>145<Warning>

146 A pattern like `/Users/alice/file` is NOT an absolute path. It's relative to your settings file. Use `//Users/alice/file` for absolute paths.146 A pattern like `/Users/alice/file` is NOT an absolute path. It's relative to the project root. Use `//Users/alice/file` for absolute paths.

147</Warning>147</Warning>

148 148 

149Examples:149Examples:

150 150 

151* `Edit(/docs/**)`: edits in `<project>/docs/` (NOT `/docs/`)151* `Edit(/docs/**)`: edits in `<project>/docs/` (NOT `/docs/` and NOT `<project>/.claude/docs/`)

152* `Read(~/.zshrc)`: reads your home directory's `.zshrc`152* `Read(~/.zshrc)`: reads your home directory's `.zshrc`

153* `Edit(//tmp/scratch.txt)`: edits the absolute path `/tmp/scratch.txt`153* `Edit(//tmp/scratch.txt)`: edits the absolute path `/tmp/scratch.txt`

154* `Read(src/**)`: reads from `<current-directory>/src/`154* `Read(src/**)`: reads from `<current-directory>/src/`

215 215 

216## Managed settings216## Managed settings

217 217 

218For organizations that need centralized control over Claude Code configuration, administrators can deploy `managed-settings.json` files to system directories. These policy files follow the same format as regular settings files and cannot be overridden by user or project settings. For organizations without device management infrastructure, [server-managed settings](/en/server-managed-settings) provide an alternative that delivers configurations from Anthropic's servers.218For organizations that need centralized control over Claude Code configuration, administrators can deploy managed settings that cannot be overridden by user or project settings. These policy settings follow the same format as regular settings files and can be delivered through MDM/OS-level policies, managed settings files, or [server-managed settings](/en/server-managed-settings). See [settings files](/en/settings#settings-files) for delivery mechanisms and file locations.

219 

220**Managed settings file locations**:

221 

222* **macOS**: `/Library/Application Support/ClaudeCode/managed-settings.json`

223* **Linux and WSL**: `/etc/claude-code/managed-settings.json`

224* **Windows**: `C:\Program Files\ClaudeCode\managed-settings.json`

225 

226<Note>

227 These are system-wide paths (not user home directories like `~/Library/...`) that require administrator privileges. They are designed to be deployed by IT administrators.

228</Note>

229 219 

230### Managed-only settings220### Managed-only settings

231 221 

232Some settings are only effective in managed settings:222Some settings are only effective in managed settings:

233 223 

234| Setting | Description |224| Setting | Description |

235| :-------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------- |225| :---------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |

236| `disableBypassPermissionsMode` | Set to `"disable"` to prevent `bypassPermissions` mode and the `--dangerously-skip-permissions` flag |226| `disableBypassPermissionsMode` | Set to `"disable"` to prevent `bypassPermissions` mode and the `--dangerously-skip-permissions` flag |

237| `allowManagedPermissionRulesOnly` | When `true`, prevents user and project settings from defining `allow`, `ask`, or `deny` permission rules. Only rules in managed settings apply |227| `allowManagedPermissionRulesOnly` | When `true`, prevents user and project settings from defining `allow`, `ask`, or `deny` permission rules. Only rules in managed settings apply |

238| `allowManagedHooksOnly` | When `true`, prevents loading of user, project, and plugin hooks. Only managed hooks and SDK hooks are allowed |228| `allowManagedHooksOnly` | When `true`, prevents loading of user, project, and plugin hooks. Only managed hooks and SDK hooks are allowed |

229| `allowManagedMcpServersOnly` | When `true`, only `allowedMcpServers` from managed settings are respected. `deniedMcpServers` still merges from all sources. See [Managed MCP configuration](/en/mcp#managed-mcp-configuration) |

230| `blockedMarketplaces` | Blocklist of marketplace sources. Blocked sources are checked before downloading, so they never touch the filesystem. See [managed marketplace restrictions](/en/plugin-marketplaces#managed-marketplace-restrictions) |

231| `sandbox.network.allowManagedDomainsOnly` | When `true`, only `allowedDomains` and `WebFetch(domain:...)` allow rules from managed settings are respected. Denied domains still merge from all sources |

239| `strictKnownMarketplaces` | Controls which plugin marketplaces users can add. See [managed marketplace restrictions](/en/plugin-marketplaces#managed-marketplace-restrictions) |232| `strictKnownMarketplaces` | Controls which plugin marketplaces users can add. See [managed marketplace restrictions](/en/plugin-marketplaces#managed-marketplace-restrictions) |

233| `allow_remote_sessions` | When `true`, allows users to start [Remote Control](/en/remote-control) and [web sessions](/en/claude-code-on-the-web). Defaults to `true`. Set to `false` to prevent remote session access |

240 234 

241## Settings precedence235## Settings precedence

242 236 

251When you install a plugin, you choose a **scope** that determines where the plugin is available and who else can use it:251When you install a plugin, you choose a **scope** that determines where the plugin is available and who else can use it:

252 252 

253| Scope | Settings file | Use case |253| Scope | Settings file | Use case |

254| :-------- | :---------------------------- | :------------------------------------------------------- |254| :-------- | :---------------------------------------------- | :------------------------------------------------------- |

255| `user` | `~/.claude/settings.json` | Personal plugins available across all projects (default) |255| `user` | `~/.claude/settings.json` | Personal plugins available across all projects (default) |

256| `project` | `.claude/settings.json` | Team plugins shared via version control |256| `project` | `.claude/settings.json` | Team plugins shared via version control |

257| `local` | `.claude/settings.local.json` | Project-specific plugins, gitignored |257| `local` | `.claude/settings.local.json` | Project-specific plugins, gitignored |

258| `managed` | `managed-settings.json` | Managed plugins (read-only, update only) |258| `managed` | [Managed settings](/en/settings#settings-files) | Managed plugins (read-only, update only) |

259 259 

260Plugins use the same scope system as other Claude Code configurations. For installation instructions and scope flags, see [Install plugins](/en/discover-plugins#install-plugins). For a complete explanation of scopes, see [Configuration scopes](/en/settings#configuration-scopes).260Plugins use the same scope system as other Claude Code configurations. For installation instructions and scope flags, see [Install plugins](/en/discover-plugins#install-plugins). For a complete explanation of scopes, see [Configuration scopes](/en/settings#configuration-scopes).

261 261 

1> ## Documentation Index

2> Fetch the complete documentation index at: https://code.claude.com/docs/llms.txt

3> Use this file to discover all available pages before exploring further.

4 

5# Continue local sessions from any device with Remote Control

6 

7> Continue a local Claude Code session from your phone, tablet, or any browser using Remote Control. Works with claude.ai/code and the Claude mobile app.

8 

9<Note>

10 Remote Control is available as a research preview on Pro and Max plans. It is not available on Team or Enterprise plans.

11</Note>

12 

13Remote Control connects [claude.ai/code](https://claude.ai/code) or the Claude app for [iOS](https://apps.apple.com/us/app/claude-by-anthropic/id6473753684) and [Android](https://play.google.com/store/apps/details?id=com.anthropic.claude) to a Claude Code session running on your machine. Start a task at your desk, then pick it up from your phone on the couch or a browser on another computer.

14 

15When you start a Remote Control session on your machine, Claude keeps running locally the entire time, so nothing moves to the cloud. With Remote Control you can:

16 

17* **Use your full local environment remotely**: your filesystem, [MCP servers](/en/mcp), tools, and project configuration all stay available

18* **Work from both surfaces at once**: the conversation stays in sync across all connected devices, so you can send messages from your terminal, browser, and phone interchangeably

19* **Survive interruptions**: if your laptop sleeps or your network drops, the session reconnects automatically when your machine comes back online

20 

21Unlike [Claude Code on the web](/en/claude-code-on-the-web), which runs on cloud infrastructure, Remote Control sessions run directly on your machine and interact with your local filesystem. The web and mobile interfaces are just a window into that local session.

22 

23This page covers setup, how to start and connect to sessions, and how Remote Control compares to Claude Code on the web.

24 

25## Requirements

26 

27Before using Remote Control, confirm that your environment meets these conditions:

28 

29* **Subscription**: requires a Pro or Max plan. API keys are not supported.

30* **Authentication**: run `claude` and use `/login` to sign in through claude.ai if you haven't already.

31* **Workspace trust**: run `claude` in your project directory at least once to accept the workspace trust dialog.

32 

33## Start a Remote Control session

34 

35You can start a new session directly in Remote Control, or connect a session that's already running.

36 

37<Tabs>

38 <Tab title="New session">

39 Navigate to your project directory and run:

40 

41 ```bash theme={null}

42 claude remote-control

43 ```

44 

45 The process stays running in your terminal, waiting for remote connections. It displays a session URL you can use to [connect from another device](#connect-from-another-device), and you can press spacebar to show a QR code for quick access from your phone. While a remote session is active, the terminal shows connection status and tool activity.

46 

47 This command supports the following flags:

48 

49 * **`--verbose`**: show detailed connection and session logs

50 * **`--sandbox`** / **`--no-sandbox`**: enable or disable [sandboxing](/en/sandboxing) for filesystem and network isolation during the session. Sandboxing is off by default.

51 </Tab>

52 

53 <Tab title="From an existing session">

54 If you're already in a Claude Code session and want to continue it remotely, use the `/remote-control` (or `/rc`) command:

55 

56 ```

57 /remote-control

58 ```

59 

60 This starts a Remote Control session that carries over your current conversation history and displays a session URL and QR code you can use to [connect from another device](#connect-from-another-device). The `--verbose`, `--sandbox`, and `--no-sandbox` flags are not available with this command.

61 

62 <Tip>

63 Use `/rename` before running `/remote-control` to give the session a descriptive name. This makes it easier to find in the session list across devices.

64 </Tip>

65 </Tab>

66</Tabs>

67 

68### Connect from another device

69 

70Once a Remote Control session is active, you have a few ways to connect from another device:

71 

72* **Open the session URL** in any browser to go directly to the session on [claude.ai/code](https://claude.ai/code). Both `claude remote-control` and `/remote-control` display this URL in the terminal.

73* **Scan the QR code** shown alongside the session URL to open it directly in the Claude app. With `claude remote-control`, press spacebar to toggle the QR code display.

74* **Open [claude.ai/code](https://claude.ai/code) or the Claude app** and find the session by name in the session list. Remote Control sessions show a computer icon with a green status dot when online.

75 

76The remote session takes its name from your last message, your `/rename` value, or "Remote Control session" if there's no conversation history. If the environment already has an active session, you'll be asked whether to continue it or start a new one.

77 

78If you don't have the Claude app yet, use the `/mobile` command inside Claude Code to display a download QR code for [iOS](https://apps.apple.com/us/app/claude-by-anthropic/id6473753684) or [Android](https://play.google.com/store/apps/details?id=com.anthropic.claude).

79 

80### Enable Remote Control for all sessions

81 

82By default, Remote Control only activates when you explicitly run `claude remote-control` or `/remote-control`. To enable it automatically for every session, run `/config` inside Claude Code and set **Enable Remote Control for all sessions** to `true`. Set it back to `false` to disable.

83 

84Each Claude Code instance supports one remote session at a time. If you run multiple instances, each one gets its own environment and session.

85 

86## Connection and security

87 

88Your local Claude Code session makes outbound HTTPS requests only and never opens inbound ports on your machine. When you start Remote Control, it registers with the Anthropic API and polls for work. When you connect from another device, the server routes messages between the web or mobile client and your local session over a streaming connection.

89 

90All traffic travels through the Anthropic API over TLS, the same transport security as any Claude Code session. The connection uses multiple short-lived credentials, each scoped to a single purpose and expiring independently.

91 

92## Remote Control vs Claude Code on the web

93 

94Remote Control and [Claude Code on the web](/en/claude-code-on-the-web) both use the claude.ai/code interface. The key difference is where the session runs: Remote Control executes on your machine, so your local MCP servers, tools, and project configuration stay available. Claude Code on the web executes in Anthropic-managed cloud infrastructure.

95 

96Use Remote Control when you're in the middle of local work and want to keep going from another device. Use Claude Code on the web when you want to kick off a task without any local setup, work on a repo you don't have cloned, or run multiple tasks in parallel.

97 

98## Limitations

99 

100* **One remote session at a time**: each Claude Code session supports one remote connection.

101* **Terminal must stay open**: Remote Control runs as a local process. If you close the terminal or stop the `claude` process, the session ends. Run `claude remote-control` again to start a new one.

102* **Extended network outage**: if your machine is awake but unable to reach the network for more than roughly 10 minutes, the session times out and the process exits. Run `claude remote-control` again to start a new session.

103 

104## Related resources

105 

106* [Claude Code on the web](/en/claude-code-on-the-web): run sessions in Anthropic-managed cloud environments instead of on your machine

107* [Authentication](/en/authentication): set up `/login` and manage credentials for claude.ai

108* [CLI reference](/en/cli-reference): full list of flags and commands including `claude remote-control`

109* [Security](/en/security): how Remote Control sessions fit into the Claude Code security model

110* [Data usage](/en/data-usage): what data flows through the Anthropic API during local and remote sessions

106 106 

107For more details on cloud execution, see [Claude Code on the web](/en/claude-code-on-the-web).107For more details on cloud execution, see [Claude Code on the web](/en/claude-code-on-the-web).

108 108 

109[Remote Control](/en/remote-control) sessions work differently: the web interface connects to a Claude Code process running on your local machine. All code execution and file access stays local, and the same data that flows during any local Claude Code session travels through the Anthropic API over TLS. No cloud VMs or sandboxing are involved. The connection uses multiple short-lived, narrowly scoped credentials, each limited to a specific purpose and expiring independently, to limit the blast radius of any single compromised credential.

110 

109## Security best practices111## Security best practices

110 112 

111### Working with sensitive code113### Working with sensitive code

117 119 

118### Team security120### Team security

119 121 

120* Use [managed settings](/en/permissions#managed-settings) to enforce organizational standards122* Use [managed settings](/en/settings#settings-files) to enforce organizational standards

121* Share approved permission configurations through version control123* Share approved permission configurations through version control

122* Train team members on security best practices124* Train team members on security best practices

123* Monitor Claude Code usage through [OpenTelemetry metrics](/en/monitoring-usage)125* Monitor Claude Code usage through [OpenTelemetry metrics](/en/monitoring-usage)

24 24 

25## Choose between server-managed and endpoint-managed settings25## Choose between server-managed and endpoint-managed settings

26 26 

27Claude Code supports two approaches for centralized configuration. Server-managed settings deliver configuration from Anthropic's servers. [Endpoint-managed settings](/en/permissions#managed-settings) deploy a `managed-settings.json` file to system directories via MDM (mobile device management).27Claude Code supports two approaches for centralized configuration. Server-managed settings deliver configuration from Anthropic's servers. [Endpoint-managed settings](/en/settings#settings-files) are deployed directly to devices through native OS policies (macOS managed preferences, Windows registry) or managed settings files.

28 28 

29| Approach | Best for | Security model |29| Approach | Best for | Security model |

30| :---------------------------------------------------------------- | :------------------------------------------------------- | :----------------------------------------------------------------- |30| :----------------------------------------------------------- | :------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------- |

31| **Server-managed settings** | Organizations without MDM, or users on unmanaged devices | Settings delivered from Anthropic's servers at authentication time |31| **Server-managed settings** | Organizations without MDM, or users on unmanaged devices | Settings delivered from Anthropic's servers at authentication time |

32| **[Endpoint-managed settings](/en/permissions#managed-settings)** | Organizations with MDM or endpoint management | Settings deployed to protected system directories by IT |32| **[Endpoint-managed settings](/en/settings#settings-files)** | Organizations with MDM or endpoint management | Settings deployed to devices via MDM configuration profiles, registry policies, or managed settings files |

33 33 

34If your devices are enrolled in an MDM or endpoint management solution, endpoint-managed settings provide stronger security guarantees because the settings file can be protected from user modification at the OS level.34If your devices are enrolled in an MDM or endpoint management solution, endpoint-managed settings provide stronger security guarantees because the settings file can be protected from user modification at the OS level.

35 35 

89 89 

90### Settings precedence90### Settings precedence

91 91 

92Server-managed settings and [endpoint-managed settings](/en/permissions#managed-settings) both occupy the highest tier in the Claude Code [settings hierarchy](/en/settings#settings-precedence), and user or project settings cannot override them. When both are present, server-managed settings take precedence and the local `managed-settings.json` file is not used.92Server-managed settings and [endpoint-managed settings](/en/settings#settings-files) both occupy the highest tier in the Claude Code [settings hierarchy](/en/settings#settings-precedence), and user or project settings cannot override them. When both are present, server-managed settings take precedence and endpoint-managed settings are not used.

93 93 

94### Fetch and caching behavior94### Fetch and caching behavior

95 95 

152 152 

153To detect runtime configuration changes, use [`ConfigChange` hooks](/en/hooks#configchange) to log modifications or block unauthorized changes before they take effect.153To detect runtime configuration changes, use [`ConfigChange` hooks](/en/hooks#configchange) to log modifications or block unauthorized changes before they take effect.

154 154 

155For stronger enforcement guarantees, use [endpoint-managed settings](/en/permissions#managed-settings) on devices enrolled in an MDM solution.155For stronger enforcement guarantees, use [endpoint-managed settings](/en/settings#settings-files) on devices enrolled in an MDM solution.

156 156 

157## See also157## See also

158 158 

159Related pages for managing Claude Code configuration:159Related pages for managing Claude Code configuration:

160 160 

161* [Settings](/en/settings): complete configuration reference including all available settings161* [Settings](/en/settings): complete configuration reference including all available settings

162* [Endpoint-managed settings](/en/permissions#managed-settings): file-based managed settings deployed by IT162* [Endpoint-managed settings](/en/settings#settings-files): managed settings deployed to devices by IT

163* [Authentication](/en/authentication): set up user access to Claude Code163* [Authentication](/en/authentication): set up user access to Claude Code

164* [Security](/en/security): security safeguards and best practices164* [Security](/en/security): security safeguards and best practices

15### Available scopes15### Available scopes

16 16 

17| Scope | Location | Who it affects | Shared with team? |17| Scope | Location | Who it affects | Shared with team? |

18| :---------- | :----------------------------------- | :----------------------------------- | :--------------------- |18| :---------- | :--------------------------------------------------------------------------------- | :----------------------------------- | :--------------------- |

19| **Managed** | System-level `managed-settings.json` | All users on the machine | Yes (deployed by IT) |19| **Managed** | Server-managed settings, plist / registry, or system-level `managed-settings.json` | All users on the machine | Yes (deployed by IT) |

20| **User** | `~/.claude/` directory | You, across all projects | No |20| **User** | `~/.claude/` directory | You, across all projects | No |

21| **Project** | `.claude/` in repository | All collaborators on this repository | Yes (committed to git) |21| **Project** | `.claude/` in repository | All collaborators on this repository | Yes (committed to git) |

22| **Local** | `.claude/*.local.*` files | You, in this repository only | No (gitignored) |22| **Local** | `.claude/*.local.*` files | You, in this repository only | No (gitignored) |

83* **Project settings** are saved in your project directory:83* **Project settings** are saved in your project directory:

84 * `.claude/settings.json` for settings that are checked into source control and shared with your team84 * `.claude/settings.json` for settings that are checked into source control and shared with your team

85 * `.claude/settings.local.json` for settings that are not checked in, useful for personal preferences and experimentation. Claude Code will configure git to ignore `.claude/settings.local.json` when it is created.85 * `.claude/settings.local.json` for settings that are not checked in, useful for personal preferences and experimentation. Claude Code will configure git to ignore `.claude/settings.local.json` when it is created.

86* **Managed settings**: For organizations that need centralized control, Claude Code supports `managed-settings.json` and `managed-mcp.json` files that can be deployed to system directories:86* **Managed settings**: For organizations that need centralized control, Claude Code supports multiple delivery mechanisms for managed settings. All use the same JSON format and cannot be overridden by user or project settings:

87 87 

88 * **Server-managed settings**: delivered from Anthropic's servers via the Claude.ai admin console. See [server-managed settings](/en/server-managed-settings).

89 * **MDM/OS-level policies**: delivered through native device management on macOS and Windows:

90 * macOS: `com.anthropic.claudecode` managed preferences domain (deployed via configuration profiles in Jamf, Kandji, or other MDM tools)

91 * Windows: `HKLM\SOFTWARE\Policies\ClaudeCode` registry key with a `Settings` value (REG\_SZ or REG\_EXPAND\_SZ) containing JSON (deployed via Group Policy or Intune)

92 * Windows (user-level): `HKCU\SOFTWARE\Policies\ClaudeCode` (lowest policy priority, only used when no admin-level source exists)

93 * **File-based**: `managed-settings.json` and `managed-mcp.json` deployed to system directories:

88 * macOS: `/Library/Application Support/ClaudeCode/`94 * macOS: `/Library/Application Support/ClaudeCode/`

89 * Linux and WSL: `/etc/claude-code/`95 * Linux and WSL: `/etc/claude-code/`

90 * Windows: `C:\Program Files\ClaudeCode\`96 * Windows: `C:\Program Files\ClaudeCode\`

91 97 

92 <Note>98 See [managed settings](/en/permissions#managed-only-settings) and [Managed MCP configuration](/en/mcp#managed-mcp-configuration) for details.

93 These are system-wide paths (not user home directories like `~/Library/...`) that require administrator privileges. They are designed to be deployed by IT administrators.

94 </Note>

95 

96 See [Managed settings](/en/permissions#managed-settings) and [Managed MCP configuration](/en/mcp#managed-mcp-configuration) for details. For organizations without device management infrastructure, see [server-managed settings](/en/server-managed-settings).

97 99 

98 <Note>100 <Note>

99 Managed deployments can also restrict **plugin marketplace additions** using101 Managed deployments can also restrict **plugin marketplace additions** using

140`settings.json` supports a number of options:142`settings.json` supports a number of options:

141 143 

142| Key | Description | Example |144| Key | Description | Example |

143| :-------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | :---------------------------------------------------------------------- |145| :-------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |

144| `apiKeyHelper` | Custom script, to be executed in `/bin/sh`, to generate an auth value. This value will be sent as `X-Api-Key` and `Authorization: Bearer` headers for model requests | `/bin/generate_temp_api_key.sh` |146| `apiKeyHelper` | Custom script, to be executed in `/bin/sh`, to generate an auth value. This value will be sent as `X-Api-Key` and `Authorization: Bearer` headers for model requests | `/bin/generate_temp_api_key.sh` |

145| `cleanupPeriodDays` | Sessions inactive for longer than this period are deleted at startup. Setting to `0` immediately deletes all sessions. (default: 30 days) | `20` |147| `cleanupPeriodDays` | Sessions inactive for longer than this period are deleted at startup. Setting to `0` immediately deletes all sessions. (default: 30 days) | `20` |

146| `companyAnnouncements` | Announcement to display to users at startup. If multiple announcements are provided, they will be cycled through at random. | `["Welcome to Acme Corp! Review our code guidelines at docs.acme.com"]` |148| `companyAnnouncements` | Announcement to display to users at startup. If multiple announcements are provided, they will be cycled through at random. | `["Welcome to Acme Corp! Review our code guidelines at docs.acme.com"]` |

152| `disableAllHooks` | Disable all [hooks](/en/hooks) and any custom [status line](/en/statusline) | `true` |154| `disableAllHooks` | Disable all [hooks](/en/hooks) and any custom [status line](/en/statusline) | `true` |

153| `allowManagedHooksOnly` | (Managed settings only) Prevent loading of user, project, and plugin hooks. Only allows managed hooks and SDK hooks. See [Hook configuration](#hook-configuration) | `true` |155| `allowManagedHooksOnly` | (Managed settings only) Prevent loading of user, project, and plugin hooks. Only allows managed hooks and SDK hooks. See [Hook configuration](#hook-configuration) | `true` |

154| `allowManagedPermissionRulesOnly` | (Managed settings only) Prevent user and project settings from defining `allow`, `ask`, or `deny` permission rules. Only rules in managed settings apply. See [Managed-only settings](/en/permissions#managed-only-settings) | `true` |156| `allowManagedPermissionRulesOnly` | (Managed settings only) Prevent user and project settings from defining `allow`, `ask`, or `deny` permission rules. Only rules in managed settings apply. See [Managed-only settings](/en/permissions#managed-only-settings) | `true` |

157| `allowManagedMcpServersOnly` | (Managed settings only) Only `allowedMcpServers` from managed settings are respected. `deniedMcpServers` still merges from all sources. Users can still add MCP servers, but only the admin-defined allowlist applies. See [Managed MCP configuration](/en/mcp#managed-mcp-configuration) | `true` |

155| `model` | Override the default model to use for Claude Code | `"claude-sonnet-4-6"` |158| `model` | Override the default model to use for Claude Code | `"claude-sonnet-4-6"` |

156| `availableModels` | Restrict which models users can select via `/model`, `--model`, Config tool, or `ANTHROPIC_MODEL`. Does not affect the Default option. See [Restrict model selection](/en/model-config#restrict-model-selection) | `["sonnet", "haiku"]` |159| `availableModels` | Restrict which models users can select via `/model`, `--model`, Config tool, or `ANTHROPIC_MODEL`. Does not affect the Default option. See [Restrict model selection](/en/model-config#restrict-model-selection) | `["sonnet", "haiku"]` |

157| `otelHeadersHelper` | Script to generate dynamic OpenTelemetry headers. Runs at startup and periodically (see [Dynamic headers](/en/monitoring-usage#dynamic-headers)) | `/bin/generate_otel_headers.sh` |160| `otelHeadersHelper` | Script to generate dynamic OpenTelemetry headers. Runs at startup and periodically (see [Dynamic headers](/en/monitoring-usage#dynamic-headers)) | `/bin/generate_otel_headers.sh` |

167| `allowedMcpServers` | When set in managed-settings.json, allowlist of MCP servers users can configure. Undefined = no restrictions, empty array = lockdown. Applies to all scopes. Denylist takes precedence. See [Managed MCP configuration](/en/mcp#managed-mcp-configuration) | `[{ "serverName": "github" }]` |170| `allowedMcpServers` | When set in managed-settings.json, allowlist of MCP servers users can configure. Undefined = no restrictions, empty array = lockdown. Applies to all scopes. Denylist takes precedence. See [Managed MCP configuration](/en/mcp#managed-mcp-configuration) | `[{ "serverName": "github" }]` |

168| `deniedMcpServers` | When set in managed-settings.json, denylist of MCP servers that are explicitly blocked. Applies to all scopes including managed servers. Denylist takes precedence over allowlist. See [Managed MCP configuration](/en/mcp#managed-mcp-configuration) | `[{ "serverName": "filesystem" }]` |171| `deniedMcpServers` | When set in managed-settings.json, denylist of MCP servers that are explicitly blocked. Applies to all scopes including managed servers. Denylist takes precedence over allowlist. See [Managed MCP configuration](/en/mcp#managed-mcp-configuration) | `[{ "serverName": "filesystem" }]` |

169| `strictKnownMarketplaces` | When set in managed-settings.json, allowlist of plugin marketplaces users can add. Undefined = no restrictions, empty array = lockdown. Applies to marketplace additions only. See [Managed marketplace restrictions](/en/plugin-marketplaces#managed-marketplace-restrictions) | `[{ "source": "github", "repo": "acme-corp/plugins" }]` |172| `strictKnownMarketplaces` | When set in managed-settings.json, allowlist of plugin marketplaces users can add. Undefined = no restrictions, empty array = lockdown. Applies to marketplace additions only. See [Managed marketplace restrictions](/en/plugin-marketplaces#managed-marketplace-restrictions) | `[{ "source": "github", "repo": "acme-corp/plugins" }]` |

173| `blockedMarketplaces` | (Managed settings only) Blocklist of marketplace sources. Blocked sources are checked before downloading, so they never touch the filesystem. See [Managed marketplace restrictions](/en/plugin-marketplaces#managed-marketplace-restrictions) | `[{ "source": "github", "repo": "untrusted/plugins" }]` |

170| `awsAuthRefresh` | Custom script that modifies the `.aws` directory (see [advanced credential configuration](/en/amazon-bedrock#advanced-credential-configuration)) | `aws sso login --profile myprofile` |174| `awsAuthRefresh` | Custom script that modifies the `.aws` directory (see [advanced credential configuration](/en/amazon-bedrock#advanced-credential-configuration)) | `aws sso login --profile myprofile` |

171| `awsCredentialExport` | Custom script that outputs JSON with AWS credentials (see [advanced credential configuration](/en/amazon-bedrock#advanced-credential-configuration)) | `/bin/generate_aws_grant.sh` |175| `awsCredentialExport` | Custom script that outputs JSON with AWS credentials (see [advanced credential configuration](/en/amazon-bedrock#advanced-credential-configuration)) | `/bin/generate_aws_grant.sh` |

172| `alwaysThinkingEnabled` | Enable [extended thinking](/en/common-workflows#use-extended-thinking-thinking-mode) by default for all sessions. Typically configured via the `/config` command rather than editing directly | `true` |176| `alwaysThinkingEnabled` | Enable [extended thinking](/en/common-workflows#use-extended-thinking-thinking-mode) by default for all sessions. Typically configured via the `/config` command rather than editing directly | `true` |

190| `deny` | Array of permission rules to deny tool use. Use this to exclude sensitive files from Claude Code access. See [Permission rule syntax](#permission-rule-syntax) and [Bash permission limitations](/en/permissions#tool-specific-permission-rules) | `[ "WebFetch", "Bash(curl *)", "Read(./.env)", "Read(./secrets/**)" ]` |194| `deny` | Array of permission rules to deny tool use. Use this to exclude sensitive files from Claude Code access. See [Permission rule syntax](#permission-rule-syntax) and [Bash permission limitations](/en/permissions#tool-specific-permission-rules) | `[ "WebFetch", "Bash(curl *)", "Read(./.env)", "Read(./secrets/**)" ]` |

191| `additionalDirectories` | Additional [working directories](/en/permissions#working-directories) that Claude has access to | `[ "../docs/" ]` |195| `additionalDirectories` | Additional [working directories](/en/permissions#working-directories) that Claude has access to | `[ "../docs/" ]` |

192| `defaultMode` | Default [permission mode](/en/permissions#permission-modes) when opening Claude Code | `"acceptEdits"` |196| `defaultMode` | Default [permission mode](/en/permissions#permission-modes) when opening Claude Code | `"acceptEdits"` |

193| `disableBypassPermissionsMode` | Set to `"disable"` to prevent `bypassPermissions` mode from being activated. This disables the `--dangerously-skip-permissions` command-line flag. See [managed settings](/en/permissions#managed-settings) | `"disable"` |197| `disableBypassPermissionsMode` | Set to `"disable"` to prevent `bypassPermissions` mode from being activated. This disables the `--dangerously-skip-permissions` command-line flag. See [managed settings](/en/permissions#managed-only-settings) | `"disable"` |

194 198 

195### Permission rule syntax199### Permission rule syntax

196 200 

214**Filesystem and network restrictions** are configured via Read, Edit, and WebFetch permission rules, not via these sandbox settings.218**Filesystem and network restrictions** are configured via Read, Edit, and WebFetch permission rules, not via these sandbox settings.

215 219 

216| Keys | Description | Example |220| Keys | Description | Example |

217| :---------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------ |221| :-------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------ |

218| `enabled` | Enable bash sandboxing (macOS, Linux, and WSL2). Default: false | `true` |222| `enabled` | Enable bash sandboxing (macOS, Linux, and WSL2). Default: false | `true` |

219| `autoAllowBashIfSandboxed` | Auto-approve bash commands when sandboxed. Default: true | `true` |223| `autoAllowBashIfSandboxed` | Auto-approve bash commands when sandboxed. Default: true | `true` |

220| `excludedCommands` | Commands that should run outside of the sandbox | `["git", "docker"]` |224| `excludedCommands` | Commands that should run outside of the sandbox | `["git", "docker"]` |

223| `network.allowAllUnixSockets` | Allow all Unix socket connections in sandbox. Default: false | `true` |227| `network.allowAllUnixSockets` | Allow all Unix socket connections in sandbox. Default: false | `true` |

224| `network.allowLocalBinding` | Allow binding to localhost ports (macOS only). Default: false | `true` |228| `network.allowLocalBinding` | Allow binding to localhost ports (macOS only). Default: false | `true` |

225| `network.allowedDomains` | Array of domains to allow for outbound network traffic. Supports wildcards (e.g., `*.example.com`). | `["github.com", "*.npmjs.org"]` |229| `network.allowedDomains` | Array of domains to allow for outbound network traffic. Supports wildcards (e.g., `*.example.com`). | `["github.com", "*.npmjs.org"]` |

230| `network.allowManagedDomainsOnly` | (Managed settings only) Only `allowedDomains` and `WebFetch(domain:...)` allow rules from managed settings are respected. Domains from user, project, and local settings are ignored. Denied domains are still respected from all sources. Default: false | `true` |

226| `network.httpProxyPort` | HTTP proxy port used if you wish to bring your own proxy. If not specified, Claude will run its own proxy. | `8080` |231| `network.httpProxyPort` | HTTP proxy port used if you wish to bring your own proxy. If not specified, Claude will run its own proxy. | `8080` |

227| `network.socksProxyPort` | SOCKS5 proxy port used if you wish to bring your own proxy. If not specified, Claude will run its own proxy. | `8081` |232| `network.socksProxyPort` | SOCKS5 proxy port used if you wish to bring your own proxy. If not specified, Claude will run its own proxy. | `8081` |

228| `enableWeakerNestedSandbox` | Enable weaker sandbox for unprivileged Docker environments (Linux and WSL2 only). **Reduces security.** Default: false | `true` |233| `enableWeakerNestedSandbox` | Enable weaker sandbox for unprivileged Docker environments (Linux and WSL2 only). **Reduces security.** Default: false | `true` |

356 361 

357Settings apply in order of precedence. From highest to lowest:362Settings apply in order of precedence. From highest to lowest:

358 363 

3591. **Managed settings** ([`managed-settings.json`](/en/permissions#managed-settings) or [server-managed settings](/en/server-managed-settings))3641. **Managed settings** ([server-managed](/en/server-managed-settings), [MDM/OS-level policies](#configuration-scopes), or [managed settings](/en/settings#settings-files))

360 * Policies deployed by IT/DevOps to system directories, or delivered from Anthropic's servers for Claude for Enterprise customers365 * Policies deployed by IT through server delivery, MDM configuration profiles, registry policies, or managed settings files

361 * Cannot be overridden by user or project settings366 * Cannot be overridden by user or project settings

367 * Within the managed tier, precedence is: server-managed > MDM/OS-level policies > `managed-settings.json` > HKCU registry (Windows only). Only one managed source is used; sources do not merge.

362 368 

3632. **Command line arguments**3692. **Command line arguments**

364 * Temporary overrides for a specific session370 * Temporary overrides for a specific session

376 382 

377For example, if your user settings allow `Bash(npm run *)` but a project's shared settings deny it, the project setting takes precedence and the command is blocked.383For example, if your user settings allow `Bash(npm run *)` but a project's shared settings deny it, the project setting takes precedence and the command is blocked.

378 384 

385### Verify active settings

386 

387Run `/status` inside Claude Code to see which settings sources are active and where they come from. The output shows each configuration layer (managed, user, project) along with its origin, such as `Enterprise managed settings (remote)`, `Enterprise managed settings (plist)`, `Enterprise managed settings (HKLM)`, or `Enterprise managed settings (file)`. If a settings file contains errors, `/status` reports the issue so you can fix it.

388 

379### Key points about the configuration system389### Key points about the configuration system

380 390 

381* **Memory files (`CLAUDE.md`)**: Contain instructions and context that Claude loads at startup391* **Memory files (`CLAUDE.md`)**: Contain instructions and context that Claude loads at startup

505 515 

506#### `strictKnownMarketplaces`516#### `strictKnownMarketplaces`

507 517 

508**Managed settings only**: Controls which plugin marketplaces users are allowed to add. This setting can only be configured in [`managed-settings.json`](/en/permissions#managed-settings) and provides administrators with strict control over marketplace sources.518**Managed settings only**: Controls which plugin marketplaces users are allowed to add. This setting can only be configured in [managed settings](/en/settings#settings-files) and provides administrators with strict control over marketplace sources.

509 519 

510**Managed settings file locations**:520**Managed settings file locations**:

511 521 

253}253}

254```254```

255 255 

256For enterprise deployments, you can enforce a consistent release channel across your organization using [managed settings](/en/permissions#managed-settings).256For enterprise deployments, you can enforce a consistent release channel across your organization using [managed settings](/en/settings#settings-files).

257 257 

258### Disable auto-updates258### Disable auto-updates

259 259 

77Where you store a skill determines who can use it:77Where you store a skill determines who can use it:

78 78 

79| Location | Path | Applies to |79| Location | Path | Applies to |

80| :--------- | :------------------------------------------------------- | :----------------------------- |80| :--------- | :-------------------------------------------------- | :----------------------------- |

81| Enterprise | See [managed settings](/en/permissions#managed-settings) | All users in your organization |81| Enterprise | See [managed settings](/en/settings#settings-files) | All users in your organization |

82| Personal | `~/.claude/skills/<skill-name>/SKILL.md` | All your projects |82| Personal | `~/.claude/skills/<skill-name>/SKILL.md` | All your projects |

83| Project | `.claude/skills/<skill-name>/SKILL.md` | This project only |83| Project | `.claude/skills/<skill-name>/SKILL.md` | This project only |

84| Plugin | `<plugin>/skills/<skill-name>/SKILL.md` | Where plugin is enabled |84| Plugin | `<plugin>/skills/<skill-name>/SKILL.md` | Where plugin is enabled |

453 453 

454* **Project skills**: Commit `.claude/skills/` to version control454* **Project skills**: Commit `.claude/skills/` to version control

455* **Plugins**: Create a `skills/` directory in your [plugin](/en/plugins)455* **Plugins**: Create a `skills/` directory in your [plugin](/en/plugins)

456* **Managed**: Deploy organization-wide through [managed settings](/en/permissions#managed-settings)456* **Managed**: Deploy organization-wide through [managed settings](/en/settings#settings-files)

457 457 

458### Generate visual output458### Generate visual output

459 459 

508Subagents can run in the foreground (blocking) or background (concurrent):508Subagents can run in the foreground (blocking) or background (concurrent):

509 509 

510* **Foreground subagents** block the main conversation until complete. Permission prompts and clarifying questions (like [`AskUserQuestion`](/en/settings#tools-available-to-claude)) are passed through to you.510* **Foreground subagents** block the main conversation until complete. Permission prompts and clarifying questions (like [`AskUserQuestion`](/en/settings#tools-available-to-claude)) are passed through to you.

511* **Background subagents** run concurrently while you continue working. Before launching, Claude Code prompts for any tool permissions the subagent will need, ensuring it has the necessary approvals upfront. Once running, the subagent inherits these permissions and auto-denies anything not pre-approved. If a background subagent needs to ask clarifying questions, that tool call fails but the subagent continues. MCP tools are not available in background subagents.511* **Background subagents** run concurrently while you continue working. Before launching, Claude Code prompts for any tool permissions the subagent will need, ensuring it has the necessary approvals upfront. Once running, the subagent inherits these permissions and auto-denies anything not pre-approved. If a background subagent needs to ask clarifying questions, that tool call fails but the subagent continues.

512 512 

513If a background subagent fails due to missing permissions, you can [resume it](#resume-subagents) in the foreground to retry with interactive prompts.513If a background subagent fails due to missing permissions, you can [resume it](#resume-subagents) in the foreground to retry with interactive prompts.

514 514 

193Claude Code stores configuration in several locations:193Claude Code stores configuration in several locations:

194 194 

195| File | Purpose |195| File | Purpose |

196| :---------------------------- | :------------------------------------------------------- |196| :---------------------------- | :----------------------------------------------------------------------------------------------------- |

197| `~/.claude/settings.json` | User settings (permissions, hooks, model overrides) |197| `~/.claude/settings.json` | User settings (permissions, hooks, model overrides) |

198| `.claude/settings.json` | Project settings (checked into source control) |198| `.claude/settings.json` | Project settings (checked into source control) |

199| `.claude/settings.local.json` | Local project settings (not committed) |199| `.claude/settings.local.json` | Local project settings (not committed) |

200| `~/.claude.json` | Global state (theme, OAuth, MCP servers) |200| `~/.claude.json` | Global state (theme, OAuth, MCP servers) |

201| `.mcp.json` | Project MCP servers (checked into source control) |201| `.mcp.json` | Project MCP servers (checked into source control) |

202| `managed-settings.json` | [Managed settings](/en/settings#settings-files) |

203| `managed-mcp.json` | [Managed MCP servers](/en/mcp#managed-mcp-configuration) |202| `managed-mcp.json` | [Managed MCP servers](/en/mcp#managed-mcp-configuration) |

203| Managed settings | [Managed settings](/en/settings#settings-files) (server-managed, MDM/OS-level policies, or file-based) |

204 204 

205On Windows, `~` refers to your user home directory, such as `C:\Users\YourName`.205On Windows, `~` refers to your user home directory, such as `C:\Users\YourName`.

206 206 

207**Managed file locations:**

208 

209* macOS: `/Library/Application Support/ClaudeCode/`

210* Linux/WSL: `/etc/claude-code/`

211* Windows: `C:\Program Files\ClaudeCode\`

212 

213For details on configuring these files, see [Settings](/en/settings) and [MCP](/en/mcp).207For details on configuring these files, see [Settings](/en/settings) and [MCP](/en/mcp).

214 208 

215### Resetting configuration209### Resetting configuration