Documentation — Spybara

cli-reference.md +15 −15

Details

38| `--agents` | Define custom [subagents](/en/sub-agents) dynamically via JSON (see below for format) | `claude --agents '{"reviewer":{"description":"Reviews code","prompt":"You are a code reviewer"}}'` |38| `--agents` | Define custom [subagents](/en/sub-agents) dynamically via JSON (see below for format) | `claude --agents '{"reviewer":{"description":"Reviews code","prompt":"You are a code reviewer"}}'` |

39| `--allow-dangerously-skip-permissions` | Enable permission bypassing as an option without immediately activating it. Allows composing with `--permission-mode` (use with caution) | `claude --permission-mode plan --allow-dangerously-skip-permissions` |39| `--allow-dangerously-skip-permissions` | Enable permission bypassing as an option without immediately activating it. Allows composing with `--permission-mode` (use with caution) | `claude --permission-mode plan --allow-dangerously-skip-permissions` |

40| `--allowedTools` | Tools that execute without prompting for permission. See [permission rule syntax](/en/settings#permission-rule-syntax) for pattern matching. To restrict which tools are available, use `--tools` instead | `"Bash(git log *)" "Bash(git diff *)" "Read"` |40| `--allowedTools` | Tools that execute without prompting for permission. See [permission rule syntax](/en/settings#permission-rule-syntax) for pattern matching. To restrict which tools are available, use `--tools` instead | `"Bash(git log *)" "Bash(git diff *)" "Read"` |

42| `--append-system-prompt-file` | Load additional system prompt text from a file and append to the default prompt (print mode only) | `claude -p --append-system-prompt-file ./extra-rules.txt "query"` |42| `--append-system-prompt-file` | Load additional system prompt text from a file and append to the default prompt | `claude --append-system-prompt-file ./extra-rules.txt` |

80| `--teammate-mode` | Set how [agent team](/en/agent-teams) teammates display: `auto` (default), `in-process`, or `tmux`. See [set up agent teams](/en/agent-teams#set-up-agent-teams) | `claude --teammate-mode in-process` |80| `--teammate-mode` | Set how [agent team](/en/agent-teams) teammates display: `auto` (default), `in-process`, or `tmux`. See [set up agent teams](/en/agent-teams#set-up-agent-teams) | `claude --teammate-mode in-process` |

81| `--tools` | Restrict which built-in tools Claude can use (works in both interactive and print modes). Use `""` to disable all, `"default"` for all, or tool names like `"Bash,Edit,Read"` | `claude --tools "Bash,Edit,Read"` |81| `--tools` | Restrict which built-in tools Claude can use. Use `""` to disable all, `"default"` for all, or tool names like `"Bash,Edit,Read"` | `claude --tools "Bash,Edit,Read"` |

84| `--worktree`, `-w` | Start Claude in an isolated [git worktree](/en/common-workflows#run-parallel-claude-code-sessions-with-git-worktrees) at `<repo>/.claude/worktrees/<name>`. If no name is given, one is auto-generated | `claude -w feature-auth` |84| `--worktree`, `-w` | Start Claude in an isolated [git worktree](/en/common-workflows#run-parallel-claude-code-sessions-with-git-worktrees) at `<repo>/.claude/worktrees/<name>`. If no name is given, one is auto-generated | `claude -w feature-auth` |

85 85

124 124

125### System prompt flags125### System prompt flags

126 126

127Claude Code provides four flags for customizing the system prompt, each serving a different purpose:127Claude Code provides four flags for customizing the system prompt. All four work in both interactive and non-interactive modes.

128 128

130| :---------------------------- | :------------------------------------------ | :------------------ | :------------------------------------------------------------------- |130| :---------------------------- | :------------------------------------------ | :------------------------------------------------------------------- |

135 135

136**When to use each:**136**When to use each:**

137 137

142 142

143* **`--system-prompt-file`**: use when you want to load a custom prompt from a file, useful for team consistency or version-controlled prompt templates.143* **`--system-prompt-file`**: use when you want to load a custom prompt from a file, useful for team consistency or version-controlled prompt templates.

144 ```bash theme={null}144 ```bash theme={null}

145 claude -p --system-prompt-file ./prompts/code-review.txt "Review this PR"145 claude --system-prompt-file ./prompts/code-review.txt

146 ```146 ```

147 147

148* **`--append-system-prompt`**: use when you want to add specific instructions while keeping Claude Code's default capabilities intact. This is the safest option for most use cases.148* **`--append-system-prompt`**: use when you want to add specific instructions while keeping Claude Code's default capabilities intact. This is the safest option for most use cases.

152 152

153* **`--append-system-prompt-file`**: use when you want to append instructions from a file while keeping Claude Code's defaults. Useful for version-controlled additions.153* **`--append-system-prompt-file`**: use when you want to append instructions from a file while keeping Claude Code's defaults. Useful for version-controlled additions.

154 ```bash theme={null}154 ```bash theme={null}

155 claude -p --append-system-prompt-file ./prompts/style-rules.txt "Review this PR"155 claude --append-system-prompt-file ./prompts/style-rules.txt

156 ```156 ```

157 157

158`--system-prompt` and `--system-prompt-file` are mutually exclusive. The append flags can be used together with either replacement flag.158`--system-prompt` and `--system-prompt-file` are mutually exclusive. The append flags can be used together with either replacement flag.

discover-plugins.md +16 −0

Details

294claude plugin uninstall formatter@your-org --scope project294claude plugin uninstall formatter@your-org --scope project

295```295```

296 296

297### Apply plugin changes without restarting

298

299When you install, enable, or disable plugins during a session, some changes (like new commands and hooks) take effect immediately. Others, including LSP server updates, require a restart.

300

301To activate all pending plugin changes without restarting, run:

302

303```shell theme={null}

304/reload-plugins

305```

306

307Claude Code reloads all active plugins and reports what was loaded. If any LSP servers were added or updated, it will let you know those require a restart to take effect.

308

297## Manage marketplaces309## Manage marketplaces

298 310

299You can manage marketplaces through the interactive `/plugin` interface or with CLI commands.311You can manage marketplaces through the interactive `/plugin` interface or with CLI commands.

378 390

379For full configuration options including `extraKnownMarketplaces` and `enabledPlugins`, see [Plugin settings](/en/settings#plugin-settings).391For full configuration options including `extraKnownMarketplaces` and `enabledPlugins`, see [Plugin settings](/en/settings#plugin-settings).

380 392

393## Security

394

395Plugins and marketplaces are highly trusted components that can execute arbitrary code on your machine with your user privileges. Only install plugins and add marketplaces from sources you trust. Organizations can restrict which marketplaces users are allowed to add using [managed marketplace restrictions](/en/plugin-marketplaces#managed-marketplace-restrictions).

396

381## Troubleshooting397## Troubleshooting

382 398

383### /plugin command not recognized399### /plugin command not recognized

hooks.md +69 −13

Details

18 18

19<div style={{maxWidth: "500px", margin: "0 auto"}}>19<div style={{maxWidth: "500px", margin: "0 auto"}}>

20 <Frame>20 <Frame>

21 <img src="https://mintcdn.com/claude-code/rsuu-ovdPNos9Dnn/images/hooks-lifecycle.svg?fit=max&auto=format&n=rsuu-ovdPNos9Dnn&q=85&s=ce5f1225339bbccdfbb52e99205db912" alt="Hook lifecycle diagram showing the sequence of hooks from SessionStart through the agentic loop to SessionEnd, with WorktreeCreate and WorktreeRemove as standalone setup and teardown events" data-og-width="520" width="520" data-og-height="1020" height="1020" data-path="images/hooks-lifecycle.svg" data-optimize="true" data-opv="3" srcset="https://mintcdn.com/claude-code/rsuu-ovdPNos9Dnn/images/hooks-lifecycle.svg?w=280&fit=max&auto=format&n=rsuu-ovdPNos9Dnn&q=85&s=7c7143c65492c1beb6bc66f5d206ba15 280w, https://mintcdn.com/claude-code/rsuu-ovdPNos9Dnn/images/hooks-lifecycle.svg?w=560&fit=max&auto=format&n=rsuu-ovdPNos9Dnn&q=85&s=dafaebf8f789f94edbf6bd66853c69df 560w, https://mintcdn.com/claude-code/rsuu-ovdPNos9Dnn/images/hooks-lifecycle.svg?w=840&fit=max&auto=format&n=rsuu-ovdPNos9Dnn&q=85&s=2caa51d2d95596f1f80b92e3f5f534fa 840w, https://mintcdn.com/claude-code/rsuu-ovdPNos9Dnn/images/hooks-lifecycle.svg?w=1100&fit=max&auto=format&n=rsuu-ovdPNos9Dnn&q=85&s=614def559f34f9b0c1dec93739d96b64 1100w, https://mintcdn.com/claude-code/rsuu-ovdPNos9Dnn/images/hooks-lifecycle.svg?w=1650&fit=max&auto=format&n=rsuu-ovdPNos9Dnn&q=85&s=ca45b85fdd8b2da81c69d12c453230cb 1650w, https://mintcdn.com/claude-code/rsuu-ovdPNos9Dnn/images/hooks-lifecycle.svg?w=2500&fit=max&auto=format&n=rsuu-ovdPNos9Dnn&q=85&s=7fd92d6b9713493f59962c9f295c9d2f 2500w" />21 <img src="https://mintcdn.com/claude-code/JWoaQLhotXStH4d2/images/hooks-lifecycle.svg?fit=max&auto=format&n=JWoaQLhotXStH4d2&q=85&s=9310bd002ef90ca32ac668455f5580a0" alt="Hook lifecycle diagram showing the sequence of hooks from SessionStart through the agentic loop to SessionEnd, with WorktreeCreate, WorktreeRemove, and InstructionsLoaded as standalone async events" data-og-width="520" width="520" data-og-height="1020" height="1020" data-path="images/hooks-lifecycle.svg" data-optimize="true" data-opv="3" srcset="https://mintcdn.com/claude-code/JWoaQLhotXStH4d2/images/hooks-lifecycle.svg?w=280&fit=max&auto=format&n=JWoaQLhotXStH4d2&q=85&s=109982de941b0c53206b6178f4982f64 280w, https://mintcdn.com/claude-code/JWoaQLhotXStH4d2/images/hooks-lifecycle.svg?w=560&fit=max&auto=format&n=JWoaQLhotXStH4d2&q=85&s=9375684c8578b8ffe598d3798a59448c 560w, https://mintcdn.com/claude-code/JWoaQLhotXStH4d2/images/hooks-lifecycle.svg?w=840&fit=max&auto=format&n=JWoaQLhotXStH4d2&q=85&s=ee44a68c8feaabf5e7d09e65f3d653ae 840w, https://mintcdn.com/claude-code/JWoaQLhotXStH4d2/images/hooks-lifecycle.svg?w=1100&fit=max&auto=format&n=JWoaQLhotXStH4d2&q=85&s=4f35067e11e2d1861513ae8faf92cc04 1100w, https://mintcdn.com/claude-code/JWoaQLhotXStH4d2/images/hooks-lifecycle.svg?w=1650&fit=max&auto=format&n=JWoaQLhotXStH4d2&q=85&s=abf63881fb2c5cce211ac8ebb37af504 1650w, https://mintcdn.com/claude-code/JWoaQLhotXStH4d2/images/hooks-lifecycle.svg?w=2500&fit=max&auto=format&n=JWoaQLhotXStH4d2&q=85&s=e804d84b83ff44107fd2195c73e1c2ac 2500w" />

22 </Frame>22 </Frame>

23</div>23</div>

24 24

25The table below summarizes when each event fires. The [Hook events](#hook-events) section documents the full input schema and decision control options for each one.25The table below summarizes when each event fires. The [Hook events](#hook-events) section documents the full input schema and decision control options for each one.

26 26

27| Event | When it fires |27| Event | When it fires |

~~28| :------------------- | :---------------------------------------------------------------------------------------------------------- |~~28| :------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------- |

29| `SessionStart` | When a session begins or resumes |29| `SessionStart` | When a session begins or resumes |

30| `UserPromptSubmit` | When you submit a prompt, before Claude processes it |30| `UserPromptSubmit` | When you submit a prompt, before Claude processes it |

31| `PreToolUse` | Before a tool call executes. Can block it |31| `PreToolUse` | Before a tool call executes. Can block it |

38| `Stop` | When Claude finishes responding |38| `Stop` | When Claude finishes responding |

39| `TeammateIdle` | When an [agent team](/en/agent-teams) teammate is about to go idle |39| `TeammateIdle` | When an [agent team](/en/agent-teams) teammate is about to go idle |

40| `TaskCompleted` | When a task is being marked as completed |40| `TaskCompleted` | When a task is being marked as completed |

41| `InstructionsLoaded` | When a CLAUDE.md or `.claude/rules/*.md` file is loaded into context. Fires at session start and when files are lazily loaded during a session |

41| `ConfigChange` | When a configuration file changes during a session |42| `ConfigChange` | When a configuration file changes during a session |

42| `WorktreeCreate` | When a worktree is being created via `--worktree` or `isolation: "worktree"`. Replaces default git behavior |43| `WorktreeCreate` | When a worktree is being created via `--worktree` or `isolation: "worktree"`. Replaces default git behavior |

43| `WorktreeRemove` | When a worktree is being removed, either at session exit or when a subagent finishes |44| `WorktreeRemove` | When a worktree is being removed, either at session exit or when a subagent finishes |

162The `matcher` field is a regex string that filters when hooks fire. Use `"*"`, `""`, or omit `matcher` entirely to match all occurrences. Each event type matches on a different field:163The `matcher` field is a regex string that filters when hooks fire. Use `"*"`, `""`, or omit `matcher` entirely to match all occurrences. Each event type matches on a different field:

163 164

165| :---------------------------------------------------------------------------------------------- | :------------------------ | :--------------------------------------------------------------------------------- |166| :-------------------------------------------------------------------------------------------------------------------- | :------------------------ | :--------------------------------------------------------------------------------- |

175 176

176The matcher is a regex, so `Edit|Write` matches either tool and `Notebook.*` matches any tool starting with Notebook. The matcher runs against a field from the [JSON input](#hook-input-and-output) that Claude Code sends to your hook on stdin. For tool events, that field is `tool_name`. Each [hook event](#hook-events) section lists the full set of matcher values and the input schema for that event.177The matcher is a regex, so `Edit|Write` matches either tool and `Notebook.*` matches any tool starting with Notebook. The matcher runs against a field from the [JSON input](#hook-input-and-output) that Claude Code sends to your hook on stdin. For tool events, that field is `tool_name`. Each [hook event](#hook-events) section lists the full set of matcher values and the input schema for that event.

177 178

195}196}

196```197```

197 198

198`UserPromptSubmit`, `Stop`, `TeammateIdle`, `TaskCompleted`, `WorktreeCreate`, and `WorktreeRemove` don't support matchers and always fire on every occurrence. If you add a `matcher` field to these events, it is silently ignored.199`UserPromptSubmit`, `Stop`, `TeammateIdle`, `TaskCompleted`, `WorktreeCreate`, `WorktreeRemove`, and `InstructionsLoaded` don't support matchers and always fire on every occurrence. If you add a `matcher` field to these events, it is silently ignored.

199 200

200#### Match MCP tools201#### Match MCP tools

201 202

445| `permission_mode` | Current [permission mode](/en/permissions#permission-modes): `"default"`, `"plan"`, `"acceptEdits"`, `"dontAsk"`, or `"bypassPermissions"` |446| `permission_mode` | Current [permission mode](/en/permissions#permission-modes): `"default"`, `"plan"`, `"acceptEdits"`, `"dontAsk"`, or `"bypassPermissions"` |

447 448

449When running with `--agent` or inside a subagent, two additional fields are included:

450

451| Field | Description |

452| :----------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |

453| `agent_id` | Unique identifier for the subagent. Present only when the hook fires inside a subagent call. Use this to distinguish subagent hook calls from main-thread calls. |

454| `agent_type` | Agent name (for example, `"Explore"` or `"security-reviewer"`). Present when the session uses `--agent` or the hook fires inside a subagent. For subagents, the subagent's type takes precedence over the session's `--agent` value. |

455

448For example, a `PreToolUse` hook for a Bash command receives this on stdin:456For example, a `PreToolUse` hook for a Bash command receives this on stdin:

449 457

450```json theme={null}458```json theme={null}

511| `PreCompact` | No | Shows stderr to user only |519| `PreCompact` | No | Shows stderr to user only |

512| `WorktreeCreate` | Yes | Any non-zero exit code causes worktree creation to fail |520| `WorktreeCreate` | Yes | Any non-zero exit code causes worktree creation to fail |

513| `WorktreeRemove` | No | Failures are logged in debug mode only |521| `WorktreeRemove` | No | Failures are logged in debug mode only |

522| `InstructionsLoaded` | No | Exit code is ignored |

514 523

515### HTTP response handling524### HTTP response handling

516 525

558Not every event supports blocking or controlling behavior through JSON. The events that do each use a different set of fields to express that decision. Use this table as a quick reference before writing a hook:567Not every event supports blocking or controlling behavior through JSON. The events that do each use a different set of fields to express that decision. Use this table as a quick reference before writing a hook:

559 568

561| :---------------------------------------------------------------------------------- | :------------------- | :-------------------------------------------------------------------------- |570| :---------------------------------------------------------------------------------- | :----------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------ |

563| TeammateIdle, TaskCompleted | Exit code only | Exit code 2 blocks the action, stderr is fed back as feedback |572| TeammateIdle, TaskCompleted | Exit code or `continue: false` | Exit code 2 blocks the action with stderr feedback. JSON `{"continue": false, "stopReason": "..."}` also stops the teammate entirely, matching `Stop` hook behavior |

568 577

569Here are examples of each pattern in action:578Here are examples of each pattern in action:

570 579

623 632

624Runs when Claude Code starts a new session or resumes an existing session. Useful for loading development context like existing issues or recent changes to your codebase, or setting up environment variables. For static context that does not require a script, use [CLAUDE.md](/en/memory) instead.633Runs when Claude Code starts a new session or resumes an existing session. Useful for loading development context like existing issues or recent changes to your codebase, or setting up environment variables. For static context that does not require a script, use [CLAUDE.md](/en/memory) instead.

625 634

626SessionStart runs on every session, so keep these hooks fast.635SessionStart runs on every session, so keep these hooks fast. Only `type: "command"` hooks are supported.

627 636

628The matcher value corresponds to how the session was initiated:637The matcher value corresponds to how the session was initiated:

629 638

710 `CLAUDE_ENV_FILE` is available for SessionStart hooks. Other hook types do not have access to this variable.719 `CLAUDE_ENV_FILE` is available for SessionStart hooks. Other hook types do not have access to this variable.

711</Note>720</Note>

712 721

722### InstructionsLoaded

723

724Fires when a `CLAUDE.md` or `.claude/rules/*.md` file is loaded into context. This event fires at session start for eagerly-loaded files and again later when files are lazily loaded, for example when Claude accesses a subdirectory that contains a nested `CLAUDE.md` or when conditional rules with `paths:` frontmatter match. The hook does not support blocking or decision control. It runs asynchronously for observability purposes.

725

726InstructionsLoaded does not support matchers and fires on every load occurrence.

727

728#### InstructionsLoaded input

729

730In addition to the [common input fields](#common-input-fields), InstructionsLoaded hooks receive these fields:

731

732| Field | Description |

733| :------------------ | :-------------------------------------------------------------------------------------------------------- |

734| `file_path` | Absolute path to the instruction file that was loaded |

735| `memory_type` | Scope of the file: `"User"`, `"Project"`, `"Local"`, or `"Managed"` |

736| `load_reason` | Why the file was loaded: `"session_start"`, `"nested_traversal"`, `"path_glob_match"`, or `"include"` |

737| `globs` | Path glob patterns from the file's `paths:` frontmatter, if any. Present only for `path_glob_match` loads |

738| `trigger_file_path` | Path to the file whose access triggered this load, for lazy loads |

739| `parent_file_path` | Path to the parent instruction file that included this one, for `include` loads |

740

741```json theme={null}

742{

743 "session_id": "abc123",

744 "transcript_path": "/Users/.../.claude/projects/.../transcript.jsonl",

745 "cwd": "/Users/my-project",

746 "permission_mode": "default",

747 "hook_event_name": "InstructionsLoaded",

748 "file_path": "/Users/my-project/CLAUDE.md",

749 "memory_type": "Project",

750 "load_reason": "session_start"

751}

752```

753

754#### InstructionsLoaded decision control

755

756InstructionsLoaded hooks have no decision control. They cannot block or modify instruction loading. Use this event for audit logging, compliance tracking, or observability.

757

713### UserPromptSubmit758### UserPromptSubmit

714 759

715Runs when the user submits a prompt, before Claude processes it. This allows you760Runs when the user submits a prompt, before Claude processes it. This allows you

1212 1257

1213Runs when an [agent team](/en/agent-teams) teammate is about to go idle after finishing its turn. Use this to enforce quality gates before a teammate stops working, such as requiring passing lint checks or verifying that output files exist.1258Runs when an [agent team](/en/agent-teams) teammate is about to go idle after finishing its turn. Use this to enforce quality gates before a teammate stops working, such as requiring passing lint checks or verifying that output files exist.

1214 1259

1215When a `TeammateIdle` hook exits with code 2, the teammate receives the stderr message as feedback and continues working instead of going idle. TeammateIdle hooks do not support matchers and fire on every occurrence.1260When a `TeammateIdle` hook exits with code 2, the teammate receives the stderr message as feedback and continues working instead of going idle. To stop the teammate entirely instead of re-running it, return JSON with `{"continue": false, "stopReason": "..."}`. TeammateIdle hooks do not support matchers and fire on every occurrence.

1216 1261

1217#### TeammateIdle input1262#### TeammateIdle input

1218 1263

1237 1282

1238#### TeammateIdle decision control1283#### TeammateIdle decision control

1239 1284

1240TeammateIdle hooks use exit codes only, not JSON decision control. This example checks that a build artifact exists before allowing a teammate to go idle:1285TeammateIdle hooks support two ways to control teammate behavior:

1286

1287* **Exit code 2**: the teammate receives the stderr message as feedback and continues working instead of going idle.

1288* **JSON `{"continue": false, "stopReason": "..."}`**: stops the teammate entirely, matching `Stop` hook behavior. The `stopReason` is shown to the user.

1289

1290This example checks that a build artifact exists before allowing a teammate to go idle:

1241 1291

1242```bash theme={null}1292```bash theme={null}

1243#!/bin/bash1293#!/bin/bash

1254 1304

1255Runs when a task is being marked as completed. This fires in two situations: when any agent explicitly marks a task as completed through the TaskUpdate tool, or when an [agent team](/en/agent-teams) teammate finishes its turn with in-progress tasks. Use this to enforce completion criteria like passing tests or lint checks before a task can close.1305Runs when a task is being marked as completed. This fires in two situations: when any agent explicitly marks a task as completed through the TaskUpdate tool, or when an [agent team](/en/agent-teams) teammate finishes its turn with in-progress tasks. Use this to enforce completion criteria like passing tests or lint checks before a task can close.

1256 1306

1257When a `TaskCompleted` hook exits with code 2, the task is not marked as completed and the stderr message is fed back to the model as feedback. TaskCompleted hooks do not support matchers and fire on every occurrence.1307When a `TaskCompleted` hook exits with code 2, the task is not marked as completed and the stderr message is fed back to the model as feedback. To stop the teammate entirely instead of re-running it, return JSON with `{"continue": false, "stopReason": "..."}`. TaskCompleted hooks do not support matchers and fire on every occurrence.

1258 1308

1259#### TaskCompleted input1309#### TaskCompleted input

1260 1310

1285 1335

1286#### TaskCompleted decision control1336#### TaskCompleted decision control

1287 1337

1288TaskCompleted hooks use exit codes only, not JSON decision control. This example runs tests and blocks task completion if they fail:1338TaskCompleted hooks support two ways to control task completion:

1339

1340* **Exit code 2**: the task is not marked as completed and the stderr message is fed back to the model as feedback.

1341* **JSON `{"continue": false, "stopReason": "..."}`**: stops the teammate entirely, matching `Stop` hook behavior. The `stopReason` is shown to the user.

1342

1343This example runs tests and blocks task completion if they fail:

1289 1344

1290```bash theme={null}1345```bash theme={null}

1291#!/bin/bash1346#!/bin/bash

1533Events that only support `type: "command"` hooks:1588Events that only support `type: "command"` hooks:

1534 1589

1535* `ConfigChange`1590* `ConfigChange`

1591* `InstructionsLoaded`

1536* `Notification`1592* `Notification`

1537* `PreCompact`1593* `PreCompact`

1538* `SessionEnd`1594* `SessionEnd`

hooks-guide.md +2 −1

Details

294Hook events fire at specific lifecycle points in Claude Code. When an event fires, all matching hooks run in parallel, and identical hook commands are automatically deduplicated. The table below shows each event and when it triggers:294Hook events fire at specific lifecycle points in Claude Code. When an event fires, all matching hooks run in parallel, and identical hook commands are automatically deduplicated. The table below shows each event and when it triggers:

295 295

296| Event | When it fires |296| Event | When it fires |

297| :------------------- | :---------------------------------------------------------------------------------------------------------- |297| :------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------- |

310| `InstructionsLoaded` | When a CLAUDE.md or `.claude/rules/*.md` file is loaded into context. Fires at session start and when files are lazily loaded during a session |

311| `WorktreeCreate` | When a worktree is being created via `--worktree` or `isolation: "worktree"`. Replaces default git behavior |312| `WorktreeCreate` | When a worktree is being created via `--worktree` or `isolation: "worktree"`. Replaces default git behavior |

interactive-mode.md +2 −0

Details

134| `/pr-comments [PR]` | Fetch and display comments from a GitHub pull request. Automatically detects the PR for the current branch, or pass a PR URL or number. Requires the `gh` CLI |134| `/pr-comments [PR]` | Fetch and display comments from a GitHub pull request. Automatically detects the PR for the current branch, or pass a PR URL or number. Requires the `gh` CLI |

137| `/reload-plugins` | Reload all active [plugins](/en/plugins) to apply pending changes without restarting. Reports what was loaded and notes any changes that require a restart |

138| `/remote-env` | Configure the default remote environment for [teleport sessions](/en/claude-code-on-the-web#teleport-a-web-session-to-your-terminal) |139| `/remote-env` | Configure the default remote environment for [teleport sessions](/en/claude-code-on-the-web#teleport-a-web-session-to-your-terminal) |

303* Supports the same `Ctrl+B` backgrounding for long-running commands304* Supports the same `Ctrl+B` backgrounding for long-running commands

304* Does not require Claude to interpret or approve the command305* Does not require Claude to interpret or approve the command

305* Supports history-based autocomplete: type a partial command and press **Tab** to complete from previous `!` commands in the current project306* Supports history-based autocomplete: type a partial command and press **Tab** to complete from previous `!` commands in the current project

307* Exit with `Escape`, `Backspace`, or `Ctrl+U` on an empty prompt

306 308

307This is useful for quick shell operations while maintaining conversation context.309This is useful for quick shell operations while maintaining conversation context.

308 310

mcp.md +23 −0

Details

619 * OAuth authentication works with HTTP servers619 * OAuth authentication works with HTTP servers

620</Tip>620</Tip>

621 621

622### Use a fixed OAuth callback port

623

624Some MCP servers require a specific redirect URI registered in advance. By default, Claude Code picks a random available port for the OAuth callback. Use `--callback-port` to fix the port so it matches a pre-registered redirect URI of the form `http://localhost:PORT/callback`.

625

626You can use `--callback-port` on its own (with dynamic client registration) or together with `--client-id` (with pre-configured credentials).

627

628```bash theme={null}

629# Fixed callback port with dynamic client registration

630claude mcp add --transport http \

631 --callback-port 8080 \

632 my-server https://mcp.example.com/mcp

633```

634

622### Use pre-configured OAuth credentials635### Use pre-configured OAuth credentials

623 636

624Some MCP servers don't support automatic OAuth setup. If you see an error like "Incompatible auth server: does not support dynamic client registration," the server requires pre-configured credentials. Register an OAuth app through the server's developer portal first, then provide the credentials when adding the server.637Some MCP servers don't support automatic OAuth setup. If you see an error like "Incompatible auth server: does not support dynamic client registration," the server requires pre-configured credentials. Register an OAuth app through the server's developer portal first, then provide the credentials when adding the server.

654 ```667 ```

655 </Tab>668 </Tab>

656 669

670 <Tab title="claude mcp add-json (callback port only)">

671 Use `--callback-port` without a client ID to fix the port while using dynamic client registration:

672

673 ```bash theme={null}

674 claude mcp add-json my-server \

675 '{"type":"http","url":"https://mcp.example.com/mcp","oauth":{"callbackPort":8080}}'

676 ```

677 </Tab>

678

657 <Tab title="CI / env var">679 <Tab title="CI / env var">

658 Set the secret via environment variable to skip the interactive prompt:680 Set the secret via environment variable to skip the interactive prompt:

659 681

676 698

677 * The client secret is stored securely in your system keychain (macOS) or a credentials file, not in your config699 * The client secret is stored securely in your system keychain (macOS) or a credentials file, not in your config

678 * If the server uses a public OAuth client with no secret, use only `--client-id` without `--client-secret`700 * If the server uses a public OAuth client with no secret, use only `--client-id` without `--client-secret`

701 * `--callback-port` can be used with or without `--client-id`

679 * These flags only apply to HTTP and SSE transports. They have no effect on stdio servers702 * These flags only apply to HTTP and SSE transports. They have no effect on stdio servers

680 * Use `claude mcp get <name>` to verify that OAuth credentials are configured for a server703 * Use `claude mcp get <name>` to verify that OAuth credentials are configured for a server

681</Tip>704</Tip>

memory.md +4 −0

Details

319* Make instructions more specific. "Use 2-space indentation" works better than "format code nicely."319* Make instructions more specific. "Use 2-space indentation" works better than "format code nicely."

320* Look for conflicting instructions across CLAUDE.md files. If two files give different guidance for the same behavior, Claude may pick one arbitrarily.320* Look for conflicting instructions across CLAUDE.md files. If two files give different guidance for the same behavior, Claude may pick one arbitrarily.

321 321

322<Tip>

323 Use the [`InstructionsLoaded` hook](/en/hooks#instructionsloaded) to log exactly which instruction files are loaded, when they load, and why. This is useful for debugging path-specific rules or lazy-loaded files in subdirectories.

324</Tip>

325

322### I don't know what auto memory saved326### I don't know what auto memory saved

323 327

324Run `/memory` and select the auto memory folder to browse what Claude has saved. Everything is plain markdown you can read, edit, or delete.328Run `/memory` and select the auto memory folder to browse what Claude has saved. Everything is plain markdown you can read, edit, or delete.

model-config.md +1 −1

Details

138* **Environment variable**: set `CLAUDE_CODE_EFFORT_LEVEL=low|medium|high`138* **Environment variable**: set `CLAUDE_CODE_EFFORT_LEVEL=low|medium|high`

139* **Settings**: set `effortLevel` in your settings file139* **Settings**: set `effortLevel` in your settings file

140 140

141Effort is supported on Opus 4.6 and Sonnet 4.6. The effort slider appears in `/model` when a supported model is selected.141Effort is supported on Opus 4.6 and Sonnet 4.6. The effort slider appears in `/model` when a supported model is selected. The current effort level is also displayed next to the logo and spinner (for example, "with low effort"), so you can confirm which setting is active without opening `/model`.

142 142

143To disable adaptive reasoning on Opus 4.6 and Sonnet 4.6 and revert to the previous fixed thinking budget, set `CLAUDE_CODE_DISABLE_ADAPTIVE_THINKING=1`. When disabled, these models use the fixed budget controlled by `MAX_THINKING_TOKENS`. See [environment variables](/en/settings#environment-variables).143To disable adaptive reasoning on Opus 4.6 and Sonnet 4.6 and revert to the previous fixed thinking budget, set `CLAUDE_CODE_DISABLE_ADAPTIVE_THINKING=1`. When disabled, these models use the fixed budget controlled by `MAX_THINKING_TOKENS`. See [environment variables](/en/settings#environment-variables).

144 144

permissions.md +11 −3

Details

222Some settings are only effective in managed settings:222Some settings are only effective in managed settings:

223 223

224| Setting | Description |224| Setting | Description |

225| :---------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |225| :---------------------------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |

226| `disableBypassPermissionsMode` | Set to `"disable"` to prevent `bypassPermissions` mode and the `--dangerously-skip-permissions` flag |226| `disableBypassPermissionsMode` | Set to `"disable"` to prevent `bypassPermissions` mode and the `--dangerously-skip-permissions` flag |

227| `allowManagedPermissionRulesOnly` | When `true`, prevents user and project settings from defining `allow`, `ask`, or `deny` permission rules. Only rules in managed settings apply |227| `allowManagedPermissionRulesOnly` | When `true`, prevents user and project settings from defining `allow`, `ask`, or `deny` permission rules. Only rules in managed settings apply |

228| `allowManagedHooksOnly` | When `true`, prevents loading of user, project, and plugin hooks. Only managed hooks and SDK hooks are allowed |228| `allowManagedHooksOnly` | When `true`, prevents loading of user, project, and plugin hooks. Only managed hooks and SDK hooks are allowed |

229| `allowManagedMcpServersOnly` | When `true`, only `allowedMcpServers` from managed settings are respected. `deniedMcpServers` still merges from all sources. See [Managed MCP configuration](/en/mcp#managed-mcp-configuration) |229| `allowManagedMcpServersOnly` | When `true`, only `allowedMcpServers` from managed settings are respected. `deniedMcpServers` still merges from all sources. See [Managed MCP configuration](/en/mcp#managed-mcp-configuration) |

230| `blockedMarketplaces` | Blocklist of marketplace sources. Blocked sources are checked before downloading, so they never touch the filesystem. See [managed marketplace restrictions](/en/plugin-marketplaces#managed-marketplace-restrictions) |230| `blockedMarketplaces` | Blocklist of marketplace sources. Blocked sources are checked before downloading, so they never touch the filesystem. See [managed marketplace restrictions](/en/plugin-marketplaces#managed-marketplace-restrictions) |

231| `sandbox.network.allowManagedDomainsOnly` | When `true`, only `allowedDomains` and `WebFetch(domain:...)` allow rules from managed settings are respected. Denied domains still merge from all sources |231| `sandbox.network.allowManagedDomainsOnly` | When `true`, only `allowedDomains` and `WebFetch(domain:...)` allow rules from managed settings are respected. Non-allowed domains are blocked automatically without prompting the user. Denied domains still merge from all sources |

232| `strictKnownMarketplaces` | Controls which plugin marketplaces users can add. See [managed marketplace restrictions](/en/plugin-marketplaces#managed-marketplace-restrictions) |232| `strictKnownMarketplaces` | Controls which plugin marketplaces users can add. See [managed marketplace restrictions](/en/plugin-marketplaces#managed-marketplace-restrictions) |

233| `allow_remote_sessions` | When `true`, allows users to start [Remote Control](/en/remote-control) and [web sessions](/en/claude-code-on-the-web). Defaults to `true`. Set to `false` to prevent remote session access |233| `allow_remote_sessions` | When `true`, allows users to start [Remote Control](/en/remote-control) and [web sessions](/en/claude-code-on-the-web). Defaults to `true`. Set to `false` to prevent remote session access |

234 234

235## Settings precedence235## Settings precedence

236 236

237Permission rules follow the same [settings precedence](/en/settings#settings-precedence) as all other Claude Code settings: managed settings have the highest precedence, followed by command line arguments, local project, shared project, and user settings.237Permission rules follow the same [settings precedence](/en/settings#settings-precedence) as all other Claude Code settings:

238

2391. **Managed settings**: cannot be overridden by any other level, including command line arguments

2402. **Command line arguments**: temporary session overrides

2413. **Local project settings** (`.claude/settings.local.json`)

2424. **Shared project settings** (`.claude/settings.json`)

2435. **User settings** (`~/.claude/settings.json`)

244

245If a tool is denied at any level, no other level can allow it. For example, a managed settings deny cannot be overridden by `--allowedTools`, and `--disallowedTools` can add restrictions beyond what managed settings define.

238 246

239If a permission is allowed in user settings but denied in project settings, the project setting takes precedence and the permission is blocked.247If a permission is allowed in user settings but denied in project settings, the project setting takes precedence and the permission is blocked.

240 248

plugin-marketplaces.md +58 −2

Details

220Once a plugin is cloned or copied into the local machine, it is copied into the local versioned plugin cache at `~/.claude/plugins/cache`.220Once a plugin is cloned or copied into the local machine, it is copied into the local versioned plugin cache at `~/.claude/plugins/cache`.

221 221

223| ------------- | ------------------------------- | ------------------------------------- | ----------------------------------------------------------------- |223| ------------- | ------------------------------- | ------------------------------------- | ----------------------------------------------------------------------------------- |

229 230

315| `ref` | string | Optional. Git branch or tag (defaults to repository default branch) |316| `ref` | string | Optional. Git branch or tag (defaults to repository default branch) |

316| `sha` | string | Optional. Full 40-character git commit SHA to pin to an exact version |317| `sha` | string | Optional. Full 40-character git commit SHA to pin to an exact version |

317 318

319### Git subdirectories

320

321Use `git-subdir` to point to a plugin that lives inside a subdirectory of a git repository. Claude Code uses a sparse, partial clone to fetch only the subdirectory, minimizing bandwidth for large monorepos.

322

323```json theme={null}

324{

325 "name": "my-plugin",

326 "source": {

327 "source": "git-subdir",

328 "url": "https://github.com/acme-corp/monorepo.git",

329 "path": "tools/claude-plugin"

330 }

331}

332```

333

334You can pin to a specific branch, tag, or commit:

335

336```json theme={null}

337{

338 "name": "my-plugin",

339 "source": {

340 "source": "git-subdir",

341 "url": "https://github.com/acme-corp/monorepo.git",

342 "path": "tools/claude-plugin",

343 "ref": "v2.0.0",

344 "sha": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0"

345 }

346}

347```

348

349The `url` field also accepts a GitHub shorthand (`owner/repo`) or SSH URLs (`git@github.com:owner/repo.git`).

350

351| Field | Type | Description |

352| :----- | :----- | :------------------------------------------------------------------------------------------------------- |

353| `url` | string | Required. Git repository URL, GitHub `owner/repo` shorthand, or SSH URL |

354| `path` | string | Required. Subdirectory path within the repo containing the plugin (for example, `"tools/claude-plugin"`) |

355| `ref` | string | Optional. Git branch or tag (defaults to repository default branch) |

356| `sha` | string | Optional. Full 40-character git commit SHA to pin to an exact version |

357

318### npm packages358### npm packages

319 359

320Plugins distributed as npm packages are installed using `npm install`. This works with any package on the public npm registry or a private registry your team hosts.360Plugins distributed as npm packages are installed using `npm install`. This works with any package on the public npm registry or a private registry your team hosts.

560}600}

561```601```

562 602

563Allow all marketplaces from an internal git server using regex pattern matching:603Allow all marketplaces from an internal git server using regex pattern matching on the host:

564 604

565```json theme={null}605```json theme={null}

566{606{

573}613}

574```614```

575 615

616Allow filesystem-based marketplaces from a specific directory using regex pattern matching on the path:

617

618```json theme={null}

619{

620 "strictKnownMarketplaces": [

621 {

622 "source": "pathPattern",

623 "pathPattern": "^/opt/approved/"

624 }

625 ]

626}

627```

628

629Use `".*"` as the `pathPattern` to allow any filesystem path while still controlling network sources with `hostPattern`.

630

576#### How restrictions work631#### How restrictions work

577 632

578Restrictions are validated early in the plugin installation process, before any network requests or filesystem operations occur. This prevents unauthorized marketplace access attempts.633Restrictions are validated early in the plugin installation process, before any network requests or filesystem operations occur. This prevents unauthorized marketplace access attempts.

582* For GitHub sources: `repo` is required, and `ref` or `path` must also match if specified in the allowlist637* For GitHub sources: `repo` is required, and `ref` or `path` must also match if specified in the allowlist

583* For URL sources: the full URL must match exactly638* For URL sources: the full URL must match exactly

584* For `hostPattern` sources: the marketplace host is matched against the regex pattern639* For `hostPattern` sources: the marketplace host is matched against the regex pattern

640* For `pathPattern` sources: the marketplace's filesystem path is matched against the regex pattern

585 641

586Because `strictKnownMarketplaces` is set in [managed settings](/en/settings#settings-files), individual users and project configurations cannot override these restrictions.642Because `strictKnownMarketplaces` is set in [managed settings](/en/settings#settings-files), individual users and project configurations cannot override these restrictions.

587 643

remote-control.md +8 −5

Details

46 46

47 This command supports the following flags:47 This command supports the following flags:

48 48

49 * **`--name "My Project"`**: set a custom session title visible in the session list at claude.ai/code. You can also pass the name as a positional argument: `claude remote-control "My Project"`

49 * **`--verbose`**: show detailed connection and session logs50 * **`--verbose`**: show detailed connection and session logs

50 * **`--sandbox`** / **`--no-sandbox`**: enable or disable [sandboxing](/en/sandboxing) for filesystem and network isolation during the session. Sandboxing is off by default.51 * **`--sandbox`** / **`--no-sandbox`**: enable or disable [sandboxing](/en/sandboxing) for filesystem and network isolation during the session. Sandboxing is off by default.

51 </Tab>52 </Tab>

57 /remote-control58 /remote-control

58 ```59 ```

59 60

60 This starts a Remote Control session that carries over your current conversation history and displays a session URL and QR code you can use to [connect from another device](#connect-from-another-device). The `--verbose`, `--sandbox`, and `--no-sandbox` flags are not available with this command.61 Pass a name as an argument to set a custom session title:

61 62

~~62 <Tip>~~63 ```

~~63 Use `/rename` before running `/remote-control` to give the session a descriptive name. This makes it easier to find in the session list across devices.~~64 /remote-control My Project

~~64 </Tip>~~65 ```

67 This starts a Remote Control session that carries over your current conversation history and displays a session URL and QR code you can use to [connect from another device](#connect-from-another-device). The `--verbose`, `--sandbox`, and `--no-sandbox` flags are not available with this command.

65 </Tab>68 </Tab>

66</Tabs>69</Tabs>

67 70

73* **Scan the QR code** shown alongside the session URL to open it directly in the Claude app. With `claude remote-control`, press spacebar to toggle the QR code display.76* **Scan the QR code** shown alongside the session URL to open it directly in the Claude app. With `claude remote-control`, press spacebar to toggle the QR code display.

74* **Open [claude.ai/code](https://claude.ai/code) or the Claude app** and find the session by name in the session list. Remote Control sessions show a computer icon with a green status dot when online.77* **Open [claude.ai/code](https://claude.ai/code) or the Claude app** and find the session by name in the session list. Remote Control sessions show a computer icon with a green status dot when online.

75 78

76The remote session takes its name from your last message, your `/rename` value, or "Remote Control session" if there's no conversation history. If the environment already has an active session, you'll be asked whether to continue it or start a new one.79The remote session takes its name from the `--name` argument (or the name passed to `/remote-control`), your last message, your `/rename` value, or "Remote Control session" if there's no conversation history. If the environment already has an active session, you'll be asked whether to continue it or start a new one.

77 80

78If you don't have the Claude app yet, use the `/mobile` command inside Claude Code to display a download QR code for [iOS](https://apps.apple.com/us/app/claude-by-anthropic/id6473753684) or [Android](https://play.google.com/store/apps/details?id=com.anthropic.claude).81If you don't have the Claude app yet, use the `/mobile` command inside Claude Code to display a download QR code for [iOS](https://apps.apple.com/us/app/claude-by-anthropic/id6473753684) or [Android](https://play.google.com/store/apps/details?id=com.anthropic.claude).

79 82

sandboxing.md +1 −1

Details

49Network access is controlled through a proxy server running outside the sandbox:49Network access is controlled through a proxy server running outside the sandbox:

50 50

51* **Domain restrictions**: Only approved domains can be accessed51* **Domain restrictions**: Only approved domains can be accessed

~~52* **User confirmation**: New domain requests trigger permission prompts~~52* **User confirmation**: New domain requests trigger permission prompts (unless [`allowManagedDomainsOnly`](/en/settings#sandbox-settings) is enabled, which blocks non-allowed domains automatically)

53* **Custom proxy support**: Advanced users can implement custom rules on outgoing traffic53* **Custom proxy support**: Advanced users can implement custom rules on outgoing traffic

54* **Comprehensive coverage**: Restrictions apply to all scripts, programs, and subprocesses spawned by commands54* **Comprehensive coverage**: Restrictions apply to all scripts, programs, and subprocesses spawned by commands

55 55

server-managed-settings.md +1 −1

Details

89 89

90### Settings precedence90### Settings precedence

91 91

92Server-managed settings and [endpoint-managed settings](/en/settings#settings-files) both occupy the highest tier in the Claude Code [settings hierarchy](/en/settings#settings-precedence), and user or project settings cannot override them. When both are present, server-managed settings take precedence and endpoint-managed settings are not used.92Server-managed settings and [endpoint-managed settings](/en/settings#settings-files) both occupy the highest tier in the Claude Code [settings hierarchy](/en/settings#settings-precedence). No other settings level can override them, including command line arguments. When both are present, server-managed settings take precedence and endpoint-managed settings are not used.

93 93

94### Fetch and caching behavior94### Fetch and caching behavior

95 95

settings.md +8 −4

Details

142`settings.json` supports a number of options:142`settings.json` supports a number of options:

143 143

144| Key | Description | Example |144| Key | Description | Example |

145| :-------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |145| :-------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------- |

146| `apiKeyHelper` | Custom script, to be executed in `/bin/sh`, to generate an auth value. This value will be sent as `X-Api-Key` and `Authorization: Bearer` headers for model requests | `/bin/generate_temp_api_key.sh` |146| `apiKeyHelper` | Custom script, to be executed in `/bin/sh`, to generate an auth value. This value will be sent as `X-Api-Key` and `Authorization: Bearer` headers for model requests | `/bin/generate_temp_api_key.sh` |

147| `cleanupPeriodDays` | Sessions inactive for longer than this period are deleted at startup. Setting to `0` immediately deletes all sessions. (default: 30 days) | `20` |147| `cleanupPeriodDays` | Sessions inactive for longer than this period are deleted at startup. Setting to `0` immediately deletes all sessions. (default: 30 days) | `20` |

148| `companyAnnouncements` | Announcement to display to users at startup. If multiple announcements are provided, they will be cycled through at random. | `["Welcome to Acme Corp! Review our code guidelines at docs.acme.com"]` |148| `companyAnnouncements` | Announcement to display to users at startup. If multiple announcements are provided, they will be cycled through at random. | `["Welcome to Acme Corp! Review our code guidelines at docs.acme.com"]` |

149| `env` | Environment variables that will be applied to every session | `{"FOO": "bar"}` |149| `env` | Environment variables that will be applied to every session | `{"FOO": "bar"}` |

150| `attribution` | Customize attribution for git commits and pull requests. See [Attribution settings](#attribution-settings) | `{"commit": "🤖 Generated with Claude Code", "pr": ""}` |150| `attribution` | Customize attribution for git commits and pull requests. See [Attribution settings](#attribution-settings) | `{"commit": "🤖 Generated with Claude Code", "pr": ""}` |

151| `includeCoAuthoredBy` | **Deprecated**: Use `attribution` instead. Whether to include the `co-authored-by Claude` byline in git commits and pull requests (default: `true`) | `false` |151| `includeCoAuthoredBy` | **Deprecated**: Use `attribution` instead. Whether to include the `co-authored-by Claude` byline in git commits and pull requests (default: `true`) | `false` |

152| `includeGitInstructions` | Include built-in commit and PR workflow instructions in Claude's system prompt (default: `true`). Set to `false` to remove these instructions, for example when using your own git workflow skills. The `CLAUDE_CODE_DISABLE_GIT_INSTRUCTIONS` environment variable takes precedence over this setting when set | `false` |

173| `deniedMcpServers` | When set in managed-settings.json, denylist of MCP servers that are explicitly blocked. Applies to all scopes including managed servers. Denylist takes precedence over allowlist. See [Managed MCP configuration](/en/mcp#managed-mcp-configuration) | `[{ "serverName": "filesystem" }]` |174| `deniedMcpServers` | When set in managed-settings.json, denylist of MCP servers that are explicitly blocked. Applies to all scopes including managed servers. Denylist takes precedence over allowlist. See [Managed MCP configuration](/en/mcp#managed-mcp-configuration) | `[{ "serverName": "filesystem" }]` |

174| `strictKnownMarketplaces` | When set in managed-settings.json, allowlist of plugin marketplaces users can add. Undefined = no restrictions, empty array = lockdown. Applies to marketplace additions only. See [Managed marketplace restrictions](/en/plugin-marketplaces#managed-marketplace-restrictions) | `[{ "source": "github", "repo": "acme-corp/plugins" }]` |175| `strictKnownMarketplaces` | When set in managed-settings.json, allowlist of plugin marketplaces users can add. Undefined = no restrictions, empty array = lockdown. Applies to marketplace additions only. See [Managed marketplace restrictions](/en/plugin-marketplaces#managed-marketplace-restrictions) | `[{ "source": "github", "repo": "acme-corp/plugins" }]` |

175| `blockedMarketplaces` | (Managed settings only) Blocklist of marketplace sources. Blocked sources are checked before downloading, so they never touch the filesystem. See [Managed marketplace restrictions](/en/plugin-marketplaces#managed-marketplace-restrictions) | `[{ "source": "github", "repo": "untrusted/plugins" }]` |176| `blockedMarketplaces` | (Managed settings only) Blocklist of marketplace sources. Blocked sources are checked before downloading, so they never touch the filesystem. See [Managed marketplace restrictions](/en/plugin-marketplaces#managed-marketplace-restrictions) | `[{ "source": "github", "repo": "untrusted/plugins" }]` |

177| `pluginTrustMessage` | (Managed settings only) Custom message appended to the plugin trust warning shown before installation. Use this to add organization-specific context, for example to confirm that plugins from your internal marketplace are vetted. | `"All plugins from our marketplace are approved by IT"` |

176| `awsAuthRefresh` | Custom script that modifies the `.aws` directory (see [advanced credential configuration](/en/amazon-bedrock#advanced-credential-configuration)) | `aws sso login --profile myprofile` |178| `awsAuthRefresh` | Custom script that modifies the `.aws` directory (see [advanced credential configuration](/en/amazon-bedrock#advanced-credential-configuration)) | `aws sso login --profile myprofile` |

177| `awsCredentialExport` | Custom script that outputs JSON with AWS credentials (see [advanced credential configuration](/en/amazon-bedrock#advanced-credential-configuration)) | `/bin/generate_aws_grant.sh` |179| `awsCredentialExport` | Custom script that outputs JSON with AWS credentials (see [advanced credential configuration](/en/amazon-bedrock#advanced-credential-configuration)) | `/bin/generate_aws_grant.sh` |

178| `alwaysThinkingEnabled` | Enable [extended thinking](/en/common-workflows#use-extended-thinking-thinking-mode) by default for all sessions. Typically configured via the `/config` command rather than editing directly | `true` |180| `alwaysThinkingEnabled` | Enable [extended thinking](/en/common-workflows#use-extended-thinking-thinking-mode) by default for all sessions. Typically configured via the `/config` command rather than editing directly | `true` |

219Configure advanced sandboxing behavior. Sandboxing isolates bash commands from your filesystem and network. See [Sandboxing](/en/sandboxing) for details.221Configure advanced sandboxing behavior. Sandboxing isolates bash commands from your filesystem and network. See [Sandboxing](/en/sandboxing) for details.

220 222

222| :-------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------ |224| :-------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------ |

234| `network.allowManagedDomainsOnly` | (Managed settings only) Only `allowedDomains` and `WebFetch(domain:...)` allow rules from managed settings are respected. Domains from user, project, and local settings are ignored. Denied domains are still respected from all sources. Default: false | `true` |236| `network.allowManagedDomainsOnly` | (Managed settings only) Only `allowedDomains` and `WebFetch(domain:...)` allow rules from managed settings are respected. Domains from user, project, and local settings are ignored. Non-allowed domains are blocked automatically without prompting the user. Denied domains are still respected from all sources. Default: false | `true` |

235| `network.httpProxyPort` | HTTP proxy port used if you wish to bring your own proxy. If not specified, Claude will run its own proxy. | `8080` |237| `network.httpProxyPort` | HTTP proxy port used if you wish to bring your own proxy. If not specified, Claude will run its own proxy. | `8080` |

236| `network.socksProxyPort` | SOCKS5 proxy port used if you wish to bring your own proxy. If not specified, Claude will run its own proxy. | `8081` |238| `network.socksProxyPort` | SOCKS5 proxy port used if you wish to bring your own proxy. If not specified, Claude will run its own proxy. | `8081` |

240| `enableWeakerNetworkIsolation` | (macOS only) Allow access to the system TLS trust service (`com.apple.trustd.agent`) in the sandbox. Required for Go-based tools like `gh`, `gcloud`, and `terraform` to verify TLS certificates when using `httpProxyPort` with a MITM proxy and custom CA. **Reduces security** by opening a potential data exfiltration path. Default: false | `true` |

238 241

239#### Sandbox path prefixes242#### Sandbox path prefixes

240 243

386 389

3871. **Managed settings** ([server-managed](/en/server-managed-settings), [MDM/OS-level policies](#configuration-scopes), or [managed settings](/en/settings#settings-files))3901. **Managed settings** ([server-managed](/en/server-managed-settings), [MDM/OS-level policies](#configuration-scopes), or [managed settings](/en/settings#settings-files))

388 * Policies deployed by IT through server delivery, MDM configuration profiles, registry policies, or managed settings files391 * Policies deployed by IT through server delivery, MDM configuration profiles, registry policies, or managed settings files

389 * Cannot be overridden by user or project settings392 * Cannot be overridden by any other level, including command line arguments

390 * Within the managed tier, precedence is: server-managed > MDM/OS-level policies > `managed-settings.json` > HKCU registry (Windows only). Only one managed source is used; sources do not merge.393 * Within the managed tier, precedence is: server-managed > MDM/OS-level policies > `managed-settings.json` > HKCU registry (Windows only). Only one managed source is used; sources do not merge.

391 394

3922. **Command line arguments**3952. **Command line arguments**

808| `CLAUDE_CODE_DISABLE_1M_CONTEXT` | Set to `1` to disable [1M context window](/en/model-config#extended-context) support. When set, 1M model variants are unavailable in the model picker. Useful for enterprise environments with compliance requirements | |811| `CLAUDE_CODE_DISABLE_1M_CONTEXT` | Set to `1` to disable [1M context window](/en/model-config#extended-context) support. When set, 1M model variants are unavailable in the model picker. Useful for enterprise environments with compliance requirements | |

809| `CLAUDE_CODE_DISABLE_ADAPTIVE_THINKING` | Set to `1` to disable [adaptive reasoning](/en/model-config#adjust-effort-level) for Opus 4.6 and Sonnet 4.6. When disabled, these models fall back to the fixed thinking budget controlled by `MAX_THINKING_TOKENS` | |812| `CLAUDE_CODE_DISABLE_ADAPTIVE_THINKING` | Set to `1` to disable [adaptive reasoning](/en/model-config#adjust-effort-level) for Opus 4.6 and Sonnet 4.6. When disabled, these models fall back to the fixed thinking budget controlled by `MAX_THINKING_TOKENS` | |

810| `CLAUDE_CODE_DISABLE_AUTO_MEMORY` | Set to `1` to disable [auto memory](/en/memory#auto-memory). Set to `0` to force auto memory on during the gradual rollout. When disabled, Claude does not create or load auto memory files | |813| `CLAUDE_CODE_DISABLE_AUTO_MEMORY` | Set to `1` to disable [auto memory](/en/memory#auto-memory). Set to `0` to force auto memory on during the gradual rollout. When disabled, Claude does not create or load auto memory files | |

814| `CLAUDE_CODE_DISABLE_GIT_INSTRUCTIONS` | Set to `1` to remove built-in commit and PR workflow instructions from Claude's system prompt. Useful when using your own git workflow skills. Takes precedence over the [`includeGitInstructions`](#available-settings) setting when set | |

811| `CLAUDE_CODE_DISABLE_BACKGROUND_TASKS` | Set to `1` to disable all background task functionality, including the `run_in_background` parameter on Bash and subagent tools, auto-backgrounding, and the Ctrl+B shortcut | |815| `CLAUDE_CODE_DISABLE_BACKGROUND_TASKS` | Set to `1` to disable all background task functionality, including the `run_in_background` parameter on Bash and subagent tools, auto-backgrounding, and the Ctrl+B shortcut | |

812| `CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS` | Set to `1` to disable Anthropic API-specific `anthropic-beta` headers. Use this if experiencing issues like "Unexpected value(s) for the `anthropic-beta` header" when using an LLM gateway with third-party providers | |816| `CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS` | Set to `1` to disable Anthropic API-specific `anthropic-beta` headers. Use this if experiencing issues like "Unexpected value(s) for the `anthropic-beta` header" when using an LLM gateway with third-party providers | |

skills.md +3 −2

Details

28 28

29* **`/debug [description]`**: troubleshoots your current Claude Code session by reading the session debug log. Optionally describe the issue to focus the analysis.29* **`/debug [description]`**: troubleshoots your current Claude Code session by reading the session debug log. Optionally describe the issue to focus the analysis.

30 30

~~31Claude Code also includes a bundled developer platform skill that activates automatically when your code imports the Anthropic SDK. You don't need to invoke it manually.~~31* **`/claude-api`**: loads Claude API reference material for your project's language (Python, TypeScript, Java, Go, Ruby, C#, PHP, or cURL) and Agent SDK reference for Python and TypeScript. Covers tool use, streaming, batches, structured outputs, and common pitfalls. Also activates automatically when your code imports `anthropic`, `@anthropic-ai/sdk`, or `claude_agent_sdk`.

32 32

33## Getting started33## Getting started

34 34

204Skills support string substitution for dynamic values in the skill content:204Skills support string substitution for dynamic values in the skill content:

205 205

206| Variable | Description |206| Variable | Description |

207| :--------------------- | :------------------------------------------------------------------------------------------------------------------------------------------- |207| :--------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |

208| `$ARGUMENTS` | All arguments passed when invoking the skill. If `$ARGUMENTS` is not present in the content, arguments are appended as `ARGUMENTS: <value>`. |208| `$ARGUMENTS` | All arguments passed when invoking the skill. If `$ARGUMENTS` is not present in the content, arguments are appended as `ARGUMENTS: <value>`. |

210| `$N` | Shorthand for `$ARGUMENTS[N]`, such as `$0` for the first argument or `$1` for the second. |210| `$N` | Shorthand for `$ARGUMENTS[N]`, such as `$0` for the first argument or `$1` for the second. |

211| `${CLAUDE_SESSION_ID}` | The current session ID. Useful for logging, creating session-specific files, or correlating skill output with sessions. |211| `${CLAUDE_SESSION_ID}` | The current session ID. Useful for logging, creating session-specific files, or correlating skill output with sessions. |

212| `${CLAUDE_SKILL_DIR}` | The directory containing the skill's `SKILL.md` file. For plugin skills, this is the skill's subdirectory within the plugin, not the plugin root. Use this in bash injection commands to reference scripts or files bundled with the skill, regardless of the current working directory. |

212 213

213**Example using substitutions:**214**Example using substitutions:**

214 215

statusline.md +13 −0

Details

168| `worktree.name` | Name of the active worktree. Present only during `--worktree` sessions |

169| `worktree.path` | Absolute path to the worktree directory |

170| `worktree.branch` | Git branch name for the worktree (for example, `"worktree-my-feature"`). Absent for hook-based worktrees |

171| `worktree.original_cwd` | The directory Claude was in before entering the worktree |

172| `worktree.original_branch` | Git branch checked out before entering the worktree. Absent for hook-based worktrees |

168 173

169<Accordion title="Full JSON schema">174<Accordion title="Full JSON schema">

170 Your status line command receives this JSON structure via stdin:175 Your status line command receives this JSON structure via stdin:

212 },217 },

213 "agent": {218 "agent": {

214 "name": "security-reviewer"219 "name": "security-reviewer"

220 },

221 "worktree": {

222 "name": "my-feature",

223 "path": "/path/to/.claude/worktrees/my-feature",

224 "branch": "worktree-my-feature",

225 "original_cwd": "/path/to/project",

226 "original_branch": "main"

215 }227 }

216 }228 }

217 ```229 ```

220 232

221 * `vim`: appears only when vim mode is enabled233 * `vim`: appears only when vim mode is enabled

222 * `agent`: appears only when running with the `--agent` flag or agent settings configured234 * `agent`: appears only when running with the `--agent` flag or agent settings configured

235 * `worktree`: appears only during `--worktree` sessions. When present, `branch` and `original_branch` may also be absent for hook-based worktrees

223 236

224 **Fields that may be `null`**:237 **Fields that may be `null`**:

225 238

Documentation 2026-03-04 21:06 UTC to 2026-03-05 06:12 UTC