Documentation 2026-03-28 18:04 UTC to 2026-03-30 21:13 UTC

224 224 

225## See also225## See also

226 226 

227* [Computer use](/en/computer-use): control native macOS apps when a task can't be done in a browser

227* [Use Claude Code in VS Code](/en/vs-code#automate-browser-tasks-with-chrome): browser automation in the VS Code extension228* [Use Claude Code in VS Code](/en/vs-code#automate-browser-tasks-with-chrome): browser automation in the VS Code extension

228* [CLI reference](/en/cli-reference): command-line flags including `--chrome`229* [CLI reference](/en/cli-reference): command-line flags including `--chrome`

229* [Common workflows](/en/common-workflows): more ways to use Claude Code230* [Common workflows](/en/common-workflows): more ways to use Claude Code

685## Limitations685## Limitations

686 686 

687* **Repository authentication**: You can only move sessions from web to local when you are authenticated to the same account687* **Repository authentication**: You can only move sessions from web to local when you are authenticated to the same account

688* **Platform restrictions**: Claude Code on the web only works with code hosted in GitHub. GitLab and other non-GitHub repositories cannot be used with cloud sessions688* **Platform restrictions**: Claude Code on the web only works with code hosted in GitHub. Self-hosted [GitHub Enterprise Server](/en/github-enterprise-server) instances are supported for Teams and Enterprise plans. GitLab and other non-GitHub repositories cannot be used with cloud sessions

689 689 

690## Best practices690## Best practices

691 691 

38| `--add-dir` | Add additional working directories for Claude to access (validates each path exists as a directory) | `claude --add-dir ../apps ../lib` |38| `--add-dir` | Add additional working directories for Claude to access (validates each path exists as a directory) | `claude --add-dir ../apps ../lib` |

39| `--agent` | Specify an agent for the current session (overrides the `agent` setting) | `claude --agent my-custom-agent` |39| `--agent` | Specify an agent for the current session (overrides the `agent` setting) | `claude --agent my-custom-agent` |

40| `--agents` | Define custom subagents dynamically via JSON. Uses the same field names as subagent [frontmatter](/en/sub-agents#supported-frontmatter-fields), plus a `prompt` field for the agent's instructions | `claude --agents '{"reviewer":{"description":"Reviews code","prompt":"You are a code reviewer"}}'` |40| `--agents` | Define custom subagents dynamically via JSON. Uses the same field names as subagent [frontmatter](/en/sub-agents#supported-frontmatter-fields), plus a `prompt` field for the agent's instructions | `claude --agents '{"reviewer":{"description":"Reviews code","prompt":"You are a code reviewer"}}'` |

41| `--allow-dangerously-skip-permissions` | Enable permission bypassing as an option without immediately activating it. Allows composing with `--permission-mode` (use with caution) | `claude --permission-mode plan --allow-dangerously-skip-permissions` |41| `--allow-dangerously-skip-permissions` | Add `bypassPermissions` to the `Shift+Tab` mode cycle without starting in it. Lets you begin in a different mode like `plan` and switch to `bypassPermissions` later. See [permission modes](/en/permission-modes#skip-all-checks-with-bypasspermissions-mode) | `claude --permission-mode plan --allow-dangerously-skip-permissions` |

42| `--allowedTools` | Tools that execute without prompting for permission. See [permission rule syntax](/en/settings#permission-rule-syntax) for pattern matching. To restrict which tools are available, use `--tools` instead | `"Bash(git log *)" "Bash(git diff *)" "Read"` |42| `--allowedTools` | Tools that execute without prompting for permission. See [permission rule syntax](/en/settings#permission-rule-syntax) for pattern matching. To restrict which tools are available, use `--tools` instead | `"Bash(git log *)" "Bash(git diff *)" "Read"` |

43| `--append-system-prompt` | Append custom text to the end of the default system prompt | `claude --append-system-prompt "Always use TypeScript"` |43| `--append-system-prompt` | Append custom text to the end of the default system prompt | `claude --append-system-prompt "Always use TypeScript"` |

44| `--append-system-prompt-file` | Load additional system prompt text from a file and append to the default prompt | `claude --append-system-prompt-file ./extra-rules.txt` |44| `--append-system-prompt-file` | Load additional system prompt text from a file and append to the default prompt | `claude --append-system-prompt-file ./extra-rules.txt` |

48| `--chrome` | Enable [Chrome browser integration](/en/chrome) for web automation and testing | `claude --chrome` |48| `--chrome` | Enable [Chrome browser integration](/en/chrome) for web automation and testing | `claude --chrome` |

49| `--continue`, `-c` | Load the most recent conversation in the current directory | `claude --continue` |49| `--continue`, `-c` | Load the most recent conversation in the current directory | `claude --continue` |

50| `--dangerously-load-development-channels` | Enable [channels](/en/channels-reference#test-during-the-research-preview) that are not on the approved allowlist, for local development. Accepts `plugin:<name>@<marketplace>` and `server:<name>` entries. Prompts for confirmation | `claude --dangerously-load-development-channels server:webhook` |50| `--dangerously-load-development-channels` | Enable [channels](/en/channels-reference#test-during-the-research-preview) that are not on the approved allowlist, for local development. Accepts `plugin:<name>@<marketplace>` and `server:<name>` entries. Prompts for confirmation | `claude --dangerously-load-development-channels server:webhook` |

51| `--dangerously-skip-permissions` | Skip permission prompts (use with caution). See [permission modes](/en/permission-modes#skip-all-checks-with-bypasspermissions-mode) for what this does and does not skip | `claude --dangerously-skip-permissions` |51| `--dangerously-skip-permissions` | Skip permission prompts. Equivalent to `--permission-mode bypassPermissions`. See [permission modes](/en/permission-modes#skip-all-checks-with-bypasspermissions-mode) for what this does and does not skip | `claude --dangerously-skip-permissions` |

52| `--debug` | Enable debug mode with optional category filtering (for example, `"api,hooks"` or `"!statsig,!file"`) | `claude --debug "api,mcp"` |52| `--debug` | Enable debug mode with optional category filtering (for example, `"api,hooks"` or `"!statsig,!file"`) | `claude --debug "api,mcp"` |

53| `--disable-slash-commands` | Disable all skills and commands for this session | `claude --disable-slash-commands` |53| `--disable-slash-commands` | Disable all skills and commands for this session | `claude --disable-slash-commands` |

54| `--disallowedTools` | Tools that are removed from the model's context and cannot be used | `"Bash(git log *)" "Bash(git diff *)" "Edit"` |54| `--disallowedTools` | Tools that are removed from the model's context and cannot be used | `"Bash(git log *)" "Bash(git diff *)" "Edit"` |

71| `--no-chrome` | Disable [Chrome browser integration](/en/chrome) for this session | `claude --no-chrome` |71| `--no-chrome` | Disable [Chrome browser integration](/en/chrome) for this session | `claude --no-chrome` |

72| `--no-session-persistence` | Disable session persistence so sessions are not saved to disk and cannot be resumed (print mode only) | `claude -p --no-session-persistence "query"` |72| `--no-session-persistence` | Disable session persistence so sessions are not saved to disk and cannot be resumed (print mode only) | `claude -p --no-session-persistence "query"` |

73| `--output-format` | Specify output format for print mode (options: `text`, `json`, `stream-json`) | `claude -p "query" --output-format json` |73| `--output-format` | Specify output format for print mode (options: `text`, `json`, `stream-json`) | `claude -p "query" --output-format json` |

74| `--enable-auto-mode` | Unlock [auto mode](/en/permission-modes#eliminate-prompts-with-auto-mode) in the `Shift+Tab` cycle. Requires a Team plan (Enterprise and API support rolling out shortly) and Claude Sonnet 4.6 or Opus 4.6 | `claude --enable-auto-mode` |74| `--enable-auto-mode` | Unlock [auto mode](/en/permission-modes#eliminate-prompts-with-auto-mode) in the `Shift+Tab` cycle. Requires a Team, Enterprise, or API plan and Claude Sonnet 4.6 or Opus 4.6 | `claude --enable-auto-mode` |

75| `--permission-mode` | Begin in a specified [permission mode](/en/permission-modes) | `claude --permission-mode plan` |75| `--permission-mode` | Begin in a specified [permission mode](/en/permission-modes). Accepts `default`, `acceptEdits`, `plan`, `auto`, `dontAsk`, or `bypassPermissions`. Overrides `defaultMode` from settings files | `claude --permission-mode plan` |

76| `--permission-prompt-tool` | Specify an MCP tool to handle permission prompts in non-interactive mode | `claude -p --permission-prompt-tool mcp_auth_tool "query"` |76| `--permission-prompt-tool` | Specify an MCP tool to handle permission prompts in non-interactive mode | `claude -p --permission-prompt-tool mcp_auth_tool "query"` |

77| `--plugin-dir` | Load plugins from a directory for this session only. Each flag takes one path. Repeat the flag for multiple directories: `--plugin-dir A --plugin-dir B` | `claude --plugin-dir ./my-plugins` |77| `--plugin-dir` | Load plugins from a directory for this session only. Each flag takes one path. Repeat the flag for multiple directories: `--plugin-dir A --plugin-dir B` | `claude --plugin-dir ./my-plugins` |

78| `--print`, `-p` | Print response without interactive mode (see [Agent SDK documentation](https://platform.claude.com/docs/en/agent-sdk/overview) for programmatic usage details) | `claude -p "query"` |78| `--print`, `-p` | Print response without interactive mode (see [Agent SDK documentation](https://platform.claude.com/docs/en/agent-sdk/overview) for programmatic usage details) | `claude -p "query"` |

14 14 

15Findings are tagged by severity and don't approve or block your PR, so existing review workflows stay intact. You can tune what Claude flags by adding a `CLAUDE.md` or `REVIEW.md` file to your repository.15Findings are tagged by severity and don't approve or block your PR, so existing review workflows stay intact. You can tune what Claude flags by adding a `CLAUDE.md` or `REVIEW.md` file to your repository.

16 16 

17To run Claude in your own CI infrastructure instead of this managed service, see [GitHub Actions](/en/github-actions) or [GitLab CI/CD](/en/gitlab-ci-cd).17To run Claude in your own CI infrastructure instead of this managed service, see [GitHub Actions](/en/github-actions) or [GitLab CI/CD](/en/gitlab-ci-cd). For repositories on a self-hosted GitHub instance, see [GitHub Enterprise Server](/en/github-enterprise-server).

18 18 

19This page covers:19This page covers:

20 20 

1> ## Documentation Index

2> Fetch the complete documentation index at: https://code.claude.com/docs/llms.txt

3> Use this file to discover all available pages before exploring further.

4 

5# Let Claude use your computer from the CLI

6 

7> Enable computer use in the Claude Code CLI so Claude can open apps, click, type, and see your screen on macOS. Test native apps, debug visual issues, and automate GUI-only tools without leaving your terminal.

8 

9<Note>

10 Computer use is a research preview on macOS that requires a Pro or Max plan. It is not available on Team or Enterprise plans. It requires Claude Code v2.1.85 or later and an interactive session, so it is not available in non-interactive mode with the `-p` flag.

11</Note>

12 

13Computer use lets Claude open apps, control your screen, and work on your machine the way you would. From the CLI, Claude can compile a Swift app, launch it, click through every button, and screenshot the result, all in the same conversation where it wrote the code.

14 

15This page covers how computer use works in the CLI. For the Desktop app, see [computer use in Desktop](/en/desktop#let-claude-use-your-computer).

16 

17## What you can do with computer use

18 

19Computer use handles tasks that require a GUI: anything you'd normally have to leave the terminal and do by hand.

20 

21* **Build and validate native apps**: ask Claude to build a macOS menu bar app. Claude writes the Swift, compiles it, launches it, and clicks through every control to verify it works before you ever open it.

22* **End-to-end UI testing**: point Claude at a local Electron app and say "test the onboarding flow." Claude opens the app, clicks through signup, and screenshots each step. No Playwright config, no test harness.

23* **Debug visual and layout issues**: tell Claude "the modal is clipping on small windows." Claude resizes the window, reproduces the bug, screenshots it, patches the CSS, and verifies the fix. Claude sees what you see.

24* **Drive GUI-only tools**: interact with design tools, hardware control panels, the iOS Simulator, or proprietary apps that have no CLI or API.

25 

26## When computer use applies

27 

28Claude has several ways to interact with an app or service. Computer use is the broadest and slowest, so Claude tries the most precise tool first:

29 

30* If you have an [MCP server](/en/mcp) for the service, Claude uses that.

31* If the task is a shell command, Claude uses Bash.

32* If the task is browser work and you have [Claude in Chrome](/en/chrome) set up, Claude uses that.

33* If none of those apply, Claude uses computer use.

34 

35Screen control is reserved for things nothing else can reach: native apps, simulators, and tools without an API.

36 

37## Enable computer use

38 

39Computer use is available as a built-in MCP server called `computer-use`. It's off by default until you enable it.

40 

41<Steps>

42 <Step title="Open the MCP menu">

43 In an interactive Claude Code session, run:

44 

45 ```text theme={null}

46 /mcp

47 ```

48 

49 Find `computer-use` in the server list. It shows as disabled.

50 </Step>

51 

52 <Step title="Enable the server">

53 Select `computer-use` and choose **Enable**. The setting persists per project, so you only do this once for each project where you want computer use.

54 </Step>

55 

56 <Step title="Grant macOS permissions">

57 The first time Claude tries to use your computer, you'll see a prompt to grant two macOS permissions:

58 

59 * **Accessibility**: lets Claude click, type, and scroll

60 * **Screen Recording**: lets Claude see what's on your screen

61 

62 The prompt includes links to open the relevant System Settings pane. Grant both, then select **Try again** in the prompt. macOS may require you to restart Claude Code after granting Screen Recording.

63 </Step>

64</Steps>

65 

66After setup, ask Claude to do something that needs the GUI:

67 

68```text theme={null}

69Build the app target, launch it, and click through each tab to make

70sure nothing crashes. Screenshot any error states you find.

71```

72 

73## Approve apps per session

74 

75Enabling the `computer-use` server doesn't grant Claude access to every app on your machine. The first time Claude needs a specific app in a session, a prompt appears in your terminal showing:

76 

77* Which apps Claude wants to control

78* Any extra permissions requested, such as clipboard access

79* How many other apps will be hidden while Claude works

80 

81Choose **Allow for this session** or **Deny**. Approvals last for the current session. You can approve multiple apps at once when Claude requests them together.

82 

83Apps with broad reach show an extra warning in the prompt so you know what approving them grants:

84 

85| Warning | Applies to |

86| :------------------------- | :----------------------------------------------------------- |

87| Equivalent to shell access | Terminal, iTerm, VS Code, Warp, and other terminals and IDEs |

88| Can read or write any file | Finder |

89| Can change system settings | System Settings |

90 

91These apps aren't blocked. The warning lets you decide whether the task warrants that level of access.

92 

93Claude's level of control also varies by app category: browsers and trading platforms are view-only, terminals and IDEs are click-only, and everything else gets full control. See [app permissions in Desktop](/en/desktop#app-permissions) for the complete tier breakdown.

94 

95## How Claude works on your screen

96 

97Understanding the flow helps you anticipate what Claude will do and how to intervene.

98 

99### One session at a time

100 

101Computer use holds a machine-wide lock while active. If another Claude Code session is already using your computer, new attempts fail with a message telling you which session holds the lock. Finish or exit that session first.

102 

103### Apps are hidden while Claude works

104 

105When Claude starts controlling your screen, other visible apps are hidden so Claude interacts with only the approved apps. Your terminal window stays visible and is excluded from screenshots, so you can watch the session and Claude never sees its own output.

106 

107When Claude finishes the turn, hidden apps are restored automatically.

108 

109### Stop at any time

110 

111When Claude acquires the lock, a macOS notification appears: "Claude is using your computer · press Esc to stop." Press `Esc` anywhere to abort the current action immediately, or press `Ctrl+C` in the terminal. Either way, Claude releases the lock, unhides your apps, and returns control to you.

112 

113A second notification appears when Claude is done.

114 

115## Safety and the trust boundary

116 

117<Warning>

118 Unlike the [sandboxed Bash tool](/en/sandboxing), computer use runs on your actual desktop with access to the apps you approve. Claude checks each action and flags potential prompt injection from on-screen content, but the trust boundary is different. See the [computer use safety guide](https://support.claude.com/en/articles/14128542) for best practices.

119</Warning>

120 

121The built-in guardrails reduce risk without requiring configuration:

122 

123* **Per-app approval**: Claude can only control apps you've approved in the current session.

124* **Sentinel warnings**: apps that grant shell, filesystem, or system settings access are flagged before you approve.

125* **Terminal excluded from screenshots**: Claude never sees your terminal window, so on-screen prompts in your session can't feed back into the model.

126* **Global escape**: the `Esc` key aborts computer use from anywhere, and the key press is consumed so prompt injection can't use it to dismiss dialogs.

127* **Lock file**: only one session can control your machine at a time.

128 

129## Example workflows

130 

131These examples show common ways to combine computer use with coding tasks.

132 

133### Validate a native build

134 

135After making changes to a macOS or iOS app, have Claude compile and verify in one pass:

136 

137```text theme={null}

138Build the MenuBarStats target, launch it, open the preferences window,

139and verify the interval slider updates the label. Screenshot the

140preferences window when you're done.

141```

142 

143Claude runs `xcodebuild`, launches the app, interacts with the UI, and reports what it finds.

144 

145### Reproduce a layout bug

146 

147When a visual bug only appears at certain window sizes, let Claude find it:

148 

149```text theme={null}

150The settings modal clips its footer on narrow windows. Resize the app

151window down until you can reproduce it, screenshot the clipped state,

152then check the CSS for the modal container.

153```

154 

155Claude resizes the window, captures the broken state, and reads the relevant stylesheets.

156 

157### Test a simulator flow

158 

159Drive the iOS Simulator without writing XCTest:

160 

161```text theme={null}

162Open the iOS Simulator, launch the app, tap through the onboarding

163screens, and tell me if any screen takes more than a second to load.

164```

165 

166Claude controls the simulator the same way you would with a mouse.

167 

168## Differences from the Desktop app

169 

170The CLI and Desktop surfaces share the same computer use engine. A few Desktop-specific controls aren't yet in the CLI:

171 

172| Feature | Desktop | CLI |

173| :------------------- | :--------------------------------------------- | :------------------------------ |

174| Enable | Toggle in **Settings > Desktop app > General** | Enable `computer-use` in `/mcp` |

175| Denied apps list | Configurable in Settings | Not yet available |

176| Auto-unhide toggle | Optional | Always on |

177| Dispatch integration | Dispatch-spawned sessions can use computer use | Not applicable |

178 

179## Troubleshooting

180 

181### "Computer use is in use by another Claude session"

182 

183Another Claude Code session holds the lock. Finish the task in that session or exit it. If the other session crashed, the lock is released automatically when Claude detects the process is no longer running.

184 

185### macOS permissions prompt keeps reappearing

186 

187macOS sometimes requires a restart of the requesting process after you grant Screen Recording. Quit Claude Code completely and start a new session. If the prompt persists, open **System Settings > Privacy & Security > Screen Recording** and confirm your terminal app is listed and enabled.

188 

189### `computer-use` doesn't appear in `/mcp`

190 

191The server only appears on eligible setups. Check that:

192 

193* You're on macOS. Computer use is not available on Linux or Windows.

194* You're running Claude Code v2.1.85 or later. Run `claude --version` to check.

195* You're on a Pro or Max plan. Run `/status` to confirm your subscription.

196* You're authenticated through claude.ai. Computer use is not available with third-party providers like Amazon Bedrock, Google Cloud Vertex AI, or Microsoft Foundry. If you access Claude exclusively through a third-party provider, you need a separate claude.ai account to use this feature.

197* You're in an interactive session. Computer use is not available in non-interactive mode with the `-p` flag.

198 

199## See also

200 

201* [Computer use in Desktop](/en/desktop#let-claude-use-your-computer): the same capability with a graphical settings page

202* [Claude in Chrome](/en/chrome): browser automation for web-based tasks

203* [MCP](/en/mcp): connect Claude to structured tools and APIs

204* [Sandboxing](/en/sandboxing): how Claude's Bash tool isolates filesystem and network access

205* [Computer use safety guide](https://support.claude.com/en/articles/14128542): best practices for safe computer use

59Permission modes control how much autonomy Claude has during a session: whether it asks before editing files, running commands, or both. You can switch modes at any time using the mode selector next to the send button. Start with Ask permissions to see exactly what Claude does, then move to Auto accept edits or Plan mode as you get comfortable.59Permission modes control how much autonomy Claude has during a session: whether it asks before editing files, running commands, or both. You can switch modes at any time using the mode selector next to the send button. Start with Ask permissions to see exactly what Claude does, then move to Auto accept edits or Plan mode as you get comfortable.

60 60 

61| Mode | Settings key | Behavior |61| Mode | Settings key | Behavior |

62| ---------------------- | ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |62| ---------------------- | ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |

63| **Ask permissions** | `default` | Claude asks before editing files or running commands. You see a diff and can accept or reject each change. Recommended for new users. |63| **Ask permissions** | `default` | Claude asks before editing files or running commands. You see a diff and can accept or reject each change. Recommended for new users. |

64| **Auto accept edits** | `acceptEdits` | Claude auto-accepts file edits but still asks before running terminal commands. Use this when you trust file changes and want faster iteration. |64| **Auto accept edits** | `acceptEdits` | Claude auto-accepts file edits but still asks before running terminal commands. Use this when you trust file changes and want faster iteration. |

65| **Plan mode** | `plan` | Claude analyzes your code and creates a plan without modifying files or running commands. Good for complex tasks where you want to review the approach first. |65| **Plan mode** | `plan` | Claude analyzes your code and creates a plan without modifying files or running commands. Good for complex tasks where you want to review the approach first. |

66| **Auto** | `auto` | Claude executes all actions with background safety checks that verify alignment with your request. Reduces permission prompts while maintaining oversight. Currently a research preview. Available on Team plans (Enterprise rolling out shortly). Requires Claude Sonnet 4.6 or Opus 4.6. Enable in your Settings → Claude Code. |66| **Auto** | `auto` | Claude executes all actions with background safety checks that verify alignment with your request. Reduces permission prompts while maintaining oversight. Currently a research preview. Available on Team, Enterprise, and API plans. Requires Claude Sonnet 4.6 or Opus 4.6. Enable in your Settings → Claude Code. |

67| **Bypass permissions** | `bypassPermissions` | Claude runs without any permission prompts, equivalent to `--dangerously-skip-permissions` in the CLI. Enable in your Settings → Claude Code under "Allow bypass permissions mode". Only use this in sandboxed containers or VMs. Enterprise admins can disable this option. |67| **Bypass permissions** | `bypassPermissions` | Claude runs without any permission prompts, equivalent to `--dangerously-skip-permissions` in the CLI. Enable in your Settings → Claude Code under "Allow bypass permissions mode". Only use this in sandboxed containers or VMs. Enterprise admins can disable this option. |

68 68 

69The `dontAsk` permission mode is available only in the [CLI](/en/permission-modes#allow-only-pre-approved-tools-with-dontask-mode).69The `dontAsk` permission mode is available only in the [CLI](/en/permission-modes#allow-only-pre-approved-tools-with-dontask-mode).

629| Session isolation | [`--worktree`](/en/cli-reference) flag | Automatic worktrees |629| Session isolation | [`--worktree`](/en/cli-reference) flag | Automatic worktrees |

630| Multiple sessions | Separate terminals | Sidebar tabs |630| Multiple sessions | Separate terminals | Sidebar tabs |

631| Recurring tasks | Cron jobs, CI pipelines | [Scheduled tasks](#schedule-recurring-tasks) |631| Recurring tasks | Cron jobs, CI pipelines | [Scheduled tasks](#schedule-recurring-tasks) |

632| Computer use | Not available | [App and screen control](#let-claude-use-your-computer) on macOS |632| Computer use | [Enable via `/mcp`](/en/computer-use) on macOS | [App and screen control](#let-claude-use-your-computer) on macOS |

633| Dispatch integration | Not available | [Dispatch sessions](#sessions-from-dispatch) in the sidebar |633| Dispatch integration | Not available | [Dispatch sessions](#sessions-from-dispatch) in the sidebar |

634| Scripting and automation | [`--print`](/en/cli-reference), [Agent SDK](/en/headless) | Not available |634| Scripting and automation | [`--print`](/en/cli-reference), [Agent SDK](/en/headless) | Not available |

635 635 

28 28 

29## Getting started in 4 steps29## Getting started in 4 steps

30 30 

311. Install VS Code and the Remote - Containers extension311. Install VS Code and the [Dev Containers extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-containers)

322. Clone the [Claude Code reference implementation](https://github.com/anthropics/claude-code/tree/main/.devcontainer) repository322. Clone the [Claude Code reference implementation](https://github.com/anthropics/claude-code/tree/main/.devcontainer) repository

333. Open the repository in VS Code333. Open the repository in VS Code

344. When prompted, click "Reopen in Container" (or use Command Palette: Cmd+Shift+P → "Remote-Containers: Reopen in Container")344. When prompted, click "Reopen in Container" (or use Command Palette: Cmd+Shift+P → "Dev Containers: Reopen in Container")

35 35 

36## Configuration breakdown36## Configuration breakdown

37 37 

1> ## Documentation Index

2> Fetch the complete documentation index at: https://code.claude.com/docs/llms.txt

3> Use this file to discover all available pages before exploring further.

4 

5# Claude Code with GitHub Enterprise Server

6 

7> Connect Claude Code to your self-hosted GitHub Enterprise Server instance for web sessions, code review, and plugin marketplaces.

8 

9<Note>

10 GitHub Enterprise Server support is available for Teams and Enterprise plans.

11</Note>

12 

13GitHub Enterprise Server (GHES) support lets your organization use Claude Code with repositories hosted on your self-managed GitHub instance instead of github.com. Once an admin connects your GHES instance, developers can run web sessions, get automated code reviews, and install plugins from internal marketplaces without any per-repository configuration.

14 

15For repositories on github.com, see [Claude Code on the web](/en/claude-code-on-the-web) and [Code Review](/en/code-review). To run Claude in your own CI infrastructure, see [GitHub Actions](/en/github-actions).

16 

17## What works with GitHub Enterprise Server

18 

19The table below shows which Claude Code features support GHES and any differences from github.com behavior.

20 

21| Feature | GHES support | Notes |

22| :--------------------- | :-------------- | :--------------------------------------------------------------------------------------------------------------------------- |

23| Claude Code on the web | ✅ Supported | Admin connects the GHES instance once; developers use `claude --remote` or [claude.ai/code](https://claude.ai/code) as usual |

24| Code Review | ✅ Supported | Same automated PR reviews as github.com |

25| Teleport sessions | ✅ Supported | Move sessions between web and terminal with `/teleport` |

26| Plugin marketplaces | ✅ Supported | Use full git URLs instead of `owner/repo` shorthand |

27| Contribution metrics | ✅ Supported | Delivered via webhooks to the [analytics dashboard](/en/analytics) |

28| GitHub Actions | ✅ Supported | Requires manual workflow setup; `/install-github-app` is github.com only |

29| GitHub MCP server | ❌ Not supported | The GitHub MCP server does not work with GHES instances |

30 

31## Admin setup

32 

33An admin connects your GHES instance to Claude Code once. After that, developers in your organization can use GHES repositories without any additional configuration. You need admin access to your Claude organization and permission to create GitHub Apps on your GHES instance.

34 

35The guided setup generates a GitHub App manifest and redirects you to your GHES instance to create the app in one click. If your environment blocks the redirect flow, an [alternative manual setup](#manual-setup) is available.

36 

37<Steps>

38 <Step title="Open Claude Code admin settings">

39 Go to [claude.ai/admin-settings/claude-code](https://claude.ai/admin-settings/claude-code) and find the GitHub Enterprise Server section.

40 </Step>

41 

42 <Step title="Start the guided setup">

43 Click **Connect**. Enter a display name for the connection and your GHES hostname, for example `github.example.com`. If your GHES instance uses a self-signed or private certificate authority, paste the CA certificate in the optional field.

44 </Step>

45 

46 <Step title="Create the GitHub App">

47 Click **Continue to GitHub Enterprise**. Your browser redirects to your GHES instance with a pre-filled app manifest. Review the configuration and click **Create GitHub App**. GHES redirects you back to Claude with the app credentials stored automatically.

48 </Step>

49 

50 <Step title="Install the app on your repositories">

51 From the GitHub App page on your GHES instance, install the app on the repositories or organizations you want Claude to access. You can start with a subset and add more later.

52 </Step>

53 

54 <Step title="Enable features">

55 Return to [claude.ai/admin-settings/claude-code](https://claude.ai/admin-settings/claude-code) and enable [Code Review](/en/code-review#set-up-code-review) and [contribution metrics](/en/analytics#enable-contribution-metrics) for your GHES repositories using the same configuration as github.com.

56 </Step>

57</Steps>

58 

59### GitHub App permissions

60 

61The manifest configures the GitHub App with the permissions and webhook events Claude needs across web sessions, Code Review, and contribution metrics:

62 

63| Permission | Access | Used for |

64| :--------------- | :------------- | :------------------------------------------ |

65| Contents | Read and write | Cloning repositories and pushing branches |

66| Pull requests | Read and write | Creating PRs and posting review comments |

67| Issues | Read and write | Responding to issue mentions |

68| Checks | Read and write | Posting Code Review check runs |

69| Actions | Read | Reading CI status for auto-fix |

70| Repository hooks | Read and write | Receiving webhooks for contribution metrics |

71| Metadata | Read | Required by GitHub for all apps |

72 

73The app subscribes to `pull_request`, `issue_comment`, `pull_request_review_comment`, `pull_request_review`, and `check_run` events.

74 

75### Manual setup

76 

77If the guided redirect flow is blocked by your network configuration, click **Add manually** instead of Connect. Create a GitHub App on your GHES instance with the [permissions and events above](#github-app-permissions), then enter the app credentials in the form: hostname, OAuth client ID and secret, GitHub App ID, client ID, client secret, webhook secret, and private key.

78 

79### Network requirements

80 

81Your GHES instance must be reachable from Anthropic infrastructure so Claude can clone repositories and post review comments. If your GHES instance is behind a firewall, allowlist the [Anthropic API IP addresses](https://platform.claude.com/docs/en/api/ip-addresses).

82 

83## Developer workflow

84 

85Once your admin has connected the GHES instance, no developer-side configuration is needed. Claude Code detects your GHES hostname automatically from the git remote in your working directory.

86 

87Clone a repository from your GHES instance as you normally would:

88 

89```bash theme={null}

90git clone git@github.example.com:platform/api-service.git

91cd api-service

92```

93 

94Then start a web session. Claude detects the GHES host from your git remote and routes the session through your organization's configured instance:

95 

96```bash theme={null}

97claude --remote "Add retry logic to the payment webhook handler"

98```

99 

100The session runs on Anthropic infrastructure, clones your repository from GHES, and pushes changes back to a branch. Monitor progress with `/tasks` or at [claude.ai/code](https://claude.ai/code). See [Claude Code on the web](/en/claude-code-on-the-web) for the full remote session workflow including diff review, auto-fix, and scheduled tasks.

101 

102### Teleport sessions to your terminal

103 

104Pull a web session into your local terminal with `/teleport` or `claude --teleport`. Teleport verifies you're in a checkout of the same GHES repository before fetching the branch and loading the session history. See [teleport requirements](/en/claude-code-on-the-web#requirements-for-teleporting) for details.

105 

106## Plugin marketplaces on GHES

107 

108Host plugin marketplaces on your GHES instance to distribute internal tooling across your organization. The marketplace structure is identical to github.com-hosted marketplaces; the only difference is how you reference them.

109 

110### Add a GHES marketplace

111 

112The `owner/repo` shorthand always resolves to github.com. For GHES-hosted marketplaces, use the full git URL:

113 

114```bash theme={null}

115/plugin marketplace add git@github.example.com:platform/claude-plugins.git

116```

117 

118HTTPS URLs work as well:

119 

120```bash theme={null}

121/plugin marketplace add https://github.example.com/platform/claude-plugins.git

122```

123 

124See [Create and distribute a plugin marketplace](/en/plugin-marketplaces) for the full guide to building marketplaces.

125 

126### Allowlist GHES marketplaces in managed settings

127 

128If your organization uses [managed settings](/en/settings) to restrict which marketplaces developers can add, use the `hostPattern` source type to allow all marketplaces from your GHES instance without enumerating each repository:

129 

130```json theme={null}

131{

132 "strictKnownMarketplaces": [

133 {

134 "source": "hostPattern",

135 "hostPattern": "^github\\.example\\.com$"

136 }

137 ]

138}

139```

140 

141You can also pre-register marketplaces for developers so they appear without manual setup. This example makes an internal tools marketplace available organization-wide:

142 

143```json theme={null}

144{

145 "extraKnownMarketplaces": {

146 "internal-tools": {

147 "source": {

148 "source": "git",

149 "url": "git@github.example.com:platform/claude-plugins.git"

150 }

151 }

152 }

153}

154```

155 

156See the [strictKnownMarketplaces](/en/settings#strictknownmarketplaces) and [extraKnownMarketplaces](/en/settings#extraknownmarketplaces) settings reference for the complete schema.

157 

158## Limitations

159 

160A few features behave differently on GHES than on github.com. The [feature table](#what-works-with-github-enterprise-server) summarizes support; this section covers the workarounds.

161 

162* **`/install-github-app` command**: follow the [admin setup](#admin-setup) flow on claude.ai instead. If you also want GitHub Actions workflows on GHES, adapt the [example workflow](https://github.com/anthropics/claude-code-action/blob/main/examples/claude.yml) manually.

163* **GitHub MCP server**: use the `gh` CLI configured for your GHES host instead. Run `gh auth login --hostname github.example.com` to authenticate, then Claude can use `gh` commands in sessions.

164 

165## Troubleshooting

166 

167### Web session fails to clone repository

168 

169If `claude --remote` fails with a clone error, verify that your admin has completed setup for your GHES instance and that the GitHub App is installed on the repository you're working in. Check with your admin that the instance hostname registered in Claude settings matches the hostname in your git remote.

170 

171### Marketplace add fails with a policy error

172 

173If `/plugin marketplace add` is blocked for your GHES URL, your organization has restricted marketplace sources. Ask your admin to add a `hostPattern` entry for your GHES hostname in [managed settings](#allowlist-ghes-marketplaces-in-managed-settings).

174 

175### GHES instance not reachable

176 

177If reviews or web sessions time out, your GHES instance may not be reachable from Anthropic infrastructure. Confirm your firewall allows inbound connections from the [Anthropic API IP addresses](https://platform.claude.com/docs/en/api/ip-addresses).

178 

179## Related resources

180 

181These pages cover the features referenced throughout this guide in more depth:

182 

183* [Claude Code on the web](/en/claude-code-on-the-web): run Claude Code sessions on cloud infrastructure

184* [Code Review](/en/code-review): automated PR reviews

185* [Plugin marketplaces](/en/plugin-marketplaces): build and distribute plugin catalogs

186* [Analytics](/en/analytics): track usage and contribution metrics

187* [Managed settings](/en/settings): organization-wide policy configuration

188* [Network configuration](/en/network-config): firewall and IP allowlist requirements

85 85 

86### Control the model users run on86### Control the model users run on

87 87 

88To fully control the model experience, use `availableModels` together with the `model` setting:88The `model` setting is an initial selection, not enforcement. It sets which model is active when a session starts, but users can still open `/model` and pick Default, which resolves to the system default for their tier regardless of what `model` is set to.

89 89 

90* **availableModels**: restricts what users can switch to90To fully control the model experience, combine three settings:

91* **model**: sets the explicit model override, taking precedence over the Default

92 91 

93This example ensures all users run Sonnet 4.6 and can only choose between Sonnet and Haiku:92* **`availableModels`**: restricts which named models users can switch to

93* **`model`**: sets the initial model selection when a session starts

94* **`ANTHROPIC_DEFAULT_SONNET_MODEL`** / **`ANTHROPIC_DEFAULT_OPUS_MODEL`** / **`ANTHROPIC_DEFAULT_HAIKU_MODEL`**: control what the Default option and the `sonnet`, `opus`, and `haiku` aliases resolve to

95 

96This example starts users on Sonnet 4.5, limits the picker to Sonnet and Haiku, and pins Default to resolve to Sonnet 4.5 rather than the latest release:

94 97 

95```json theme={null}98```json theme={null}

96{99{

97 "model": "sonnet",100 "model": "claude-sonnet-4-5",

98 "availableModels": ["sonnet", "haiku"]101 "availableModels": ["claude-sonnet-4-5", "haiku"],

102 "env": {

103 "ANTHROPIC_DEFAULT_SONNET_MODEL": "claude-sonnet-4-5"

104 }

99}105}

100```106```

101 107 

108Without the `env` block, a user who selects Default in the picker would get the latest Sonnet release, bypassing the version pin in `model` and `availableModels`.

109 

102### Merge behavior110### Merge behavior

103 111 

104When `availableModels` is set at multiple levels, such as user settings and project settings, arrays are merged and deduplicated. To enforce a strict allowlist, set `availableModels` in managed or policy settings which take highest priority.112When `availableModels` is set at multiple levels, such as user settings and project settings, arrays are merged and deduplicated. To enforce a strict allowlist, set `availableModels` in managed or policy settings which take highest priority.

93 93 

94[Claude Code on the web](/en/claude-code-on-the-web) and [Code Review](/en/code-review) connect to your repositories from Anthropic-managed infrastructure. If your GitHub Enterprise Cloud organization restricts access by IP address, enable [IP allow list inheritance for installed GitHub Apps](https://docs.github.com/en/enterprise-cloud@latest/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization#allowing-access-by-github-apps). The Claude GitHub App registers its IP ranges, so enabling this setting allows access without manual configuration. To [add the ranges to your allow list manually](https://docs.github.com/en/enterprise-cloud@latest/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization#adding-an-allowed-ip-address) instead, or to configure other firewalls, see the [Anthropic API IP addresses](https://platform.claude.com/docs/en/api/ip-addresses).94[Claude Code on the web](/en/claude-code-on-the-web) and [Code Review](/en/code-review) connect to your repositories from Anthropic-managed infrastructure. If your GitHub Enterprise Cloud organization restricts access by IP address, enable [IP allow list inheritance for installed GitHub Apps](https://docs.github.com/en/enterprise-cloud@latest/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization#allowing-access-by-github-apps). The Claude GitHub App registers its IP ranges, so enabling this setting allows access without manual configuration. To [add the ranges to your allow list manually](https://docs.github.com/en/enterprise-cloud@latest/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization#adding-an-allowed-ip-address) instead, or to configure other firewalls, see the [Anthropic API IP addresses](https://platform.claude.com/docs/en/api/ip-addresses).

95 95 

96For self-hosted [GitHub Enterprise Server](/en/github-enterprise-server) instances behind a firewall, allowlist the same [Anthropic API IP addresses](https://platform.claude.com/docs/en/api/ip-addresses) so Anthropic infrastructure can reach your GHES host to clone repositories and post review comments.

97 

96## Additional resources98## Additional resources

97 99 

98* [Claude Code settings](/en/settings)100* [Claude Code settings](/en/settings)

23 23 

24<Tabs>24<Tabs>

25 <Tab title="CLI">25 <Tab title="CLI">

26 **During a session**: press `Shift+Tab` to cycle through `default` → `acceptEdits` → `plan` → `auto`. The current mode appears in the status bar. `auto` does not appear in the cycle until you pass `--enable-auto-mode` at startup. Auto also requires a Team (or Enterprise/API once available) plan and Claude Sonnet 4.6 or Opus 4.6, so the option may remain unavailable even with the flag. If `bypassPermissions` is also enabled, it appears in the cycle between `plan` and `auto`.26 **During a session**: press `Shift+Tab` to cycle through `default` → `acceptEdits` → `plan` → `auto`. The current mode appears in the status bar. `auto` does not appear in the cycle until you pass `--enable-auto-mode` at startup. Auto also requires a Team, Enterprise, or API plan and Claude Sonnet 4.6 or Opus 4.6, so the option may remain unavailable even with the flag. If `bypassPermissions` is also enabled, it appears in the cycle between `plan` and `auto`.

27 27 

28 **At startup**: pass the mode as a CLI flag:28 **At startup**: pass the mode as a CLI flag:

29 29 

69 | Auto | `auto` |69 | Auto | `auto` |

70 | Bypass permissions | `bypassPermissions` |70 | Bypass permissions | `bypassPermissions` |

71 71 

72 Auto and Bypass permissions appear only after you enable **Allow dangerously skip permissions** in the extension settings. Auto also requires a Team plan and Claude Sonnet 4.6 or Opus 4.6, so the option may remain unavailable even with the toggle on.72 Auto and Bypass permissions appear only after you enable **Allow dangerously skip permissions** in the extension settings. Auto also requires a Team, Enterprise, or API plan and Claude Sonnet 4.6 or Opus 4.6, so the option may remain unavailable even with the toggle on.

73 73 

74 See the [VS Code guide](/en/vs-code) for extension-specific details.74 See the [VS Code guide](/en/vs-code) for extension-specific details.

75 </Tab>75 </Tab>

164 164 

165## Eliminate prompts with auto mode165## Eliminate prompts with auto mode

166 166 

167Auto mode is available on Team plans, with Enterprise and API support rolling out shortly. On Team and Enterprise, an admin must enable it in [Claude Code admin settings](https://claude.ai/admin-settings/claude-code) before users can turn it on. It requires Claude Sonnet 4.6 or Claude Opus 4.6, and is not available on Haiku, claude-3 models, or third-party providers (Bedrock, Vertex, Foundry).167Auto mode is available on Team, Enterprise, and API plans. On Team and Enterprise, an admin must enable it in [Claude Code admin settings](https://claude.ai/admin-settings/claude-code) before users can turn it on. It requires Claude Sonnet 4.6 or Claude Opus 4.6, and is not available on Haiku, claude-3 models, or third-party providers (Bedrock, Vertex, Foundry).

168 168 

169Auto mode lets Claude execute actions without showing permission prompts. Before each action runs, a separate classifier model reviews the conversation and decides whether the action matches what you asked for: it blocks actions that escalate beyond the task scope, target infrastructure the classifier doesn't recognize as trusted, or appear to be driven by hostile content encountered in a file or web page. For a deeper look at how the classifier is designed, see the [auto mode announcement](https://claude.com/blog/auto-mode).169Auto mode lets Claude execute actions without showing permission prompts. Before each action runs, a separate classifier model reviews the conversation and decides whether the action matches what you asked for. It blocks actions that escalate beyond the task scope, target infrastructure the classifier doesn't recognize as trusted, or appear to be driven by prompt injection: hostile instructions embedded in a file, web page, or tool result that attempt to redirect Claude toward actions you never asked for. The defense is layered: a server-side probe scans incoming tool results and flags suspicious content before Claude reads it, while the classifier itself is never shown tool results, so injected instructions cannot influence its approval decisions. For a deeper look at how these layers work together, see the [auto mode announcement](https://claude.com/blog/auto-mode) and the [engineering deep dive](https://www.anthropic.com/engineering/claude-code-auto-mode).

170 170 

171<Warning>171<Warning>

172 Auto mode is a research preview. It reduces prompts but does not guarantee safety. It provides more protection than `bypassPermissions` but is not as thorough as manually reviewing each action. Use it for tasks where you trust the general direction, not as a replacement for review on sensitive operations.172 Auto mode is a research preview. It reduces prompts but does not guarantee safety. It provides more protection than `bypassPermissions` but is not as thorough as manually reviewing each action. Use it for tasks where you trust the general direction, not as a replacement for review on sensitive operations.

247 247 

248## Skip all checks with bypassPermissions mode248## Skip all checks with bypassPermissions mode

249 249 

250`bypassPermissions` mode disables all permission prompts and safety checks. Every tool call executes immediately without any verification. Only use this in isolated environments like containers, VMs, or devcontainers without internet access, where Claude Code cannot cause damage to your host system.250`bypassPermissions` mode disables permission prompts and safety checks. Tool calls execute immediately, except for writes to `.git`, `.vscode`, and `.idea`, which still prompt to prevent accidental corruption of repository state and local configuration. Writes to `.claude` also prompt, except for `.claude/commands`, `.claude/agents`, and `.claude/skills` where Claude routinely creates skills, subagents, and commands. Only use this mode in isolated environments like containers, VMs, or devcontainers without internet access, where Claude Code cannot cause damage to your host system.

251 251 

252```bash theme={null}252```bash theme={null}

253claude --permission-mode bypassPermissions253claude --permission-mode bypassPermissions

14 14 

15| Platform | Best for | What you get |15| Platform | Best for | What you get |

16| :-------------------------------- | :------------------------------------------------------------------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------- |16| :-------------------------------- | :------------------------------------------------------------------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------- |

17| [CLI](/en/quickstart) | Terminal workflows, scripting, remote servers | Full feature set, [Agent SDK](/en/headless), third-party providers |17| [CLI](/en/quickstart) | Terminal workflows, scripting, remote servers | Full feature set, [Agent SDK](/en/headless), [computer use](/en/computer-use) on Pro and Max, third-party providers |

18| [Desktop](/en/desktop) | Visual review, parallel sessions, managed setup | Diff viewer, app preview, [computer use](/en/desktop#let-claude-use-your-computer) and [Dispatch](/en/desktop#sessions-from-dispatch) on Pro and Max |18| [Desktop](/en/desktop) | Visual review, parallel sessions, managed setup | Diff viewer, app preview, [computer use](/en/desktop#let-claude-use-your-computer) and [Dispatch](/en/desktop#sessions-from-dispatch) on Pro and Max |

19| [VS Code](/en/vs-code) | Working inside VS Code without switching to a terminal | Inline diffs, integrated terminal, file context |19| [VS Code](/en/vs-code) | Working inside VS Code without switching to a terminal | Inline diffs, integrated terminal, file context |

20| [JetBrains](/en/jetbrains) | Working inside IntelliJ, PyCharm, WebStorm, or other JetBrains IDEs | Diff viewer, selection sharing, terminal session |20| [JetBrains](/en/jetbrains) | Working inside IntelliJ, PyCharm, WebStorm, or other JetBrains IDEs | Diff viewer, selection sharing, terminal session |

65### Integrations65### Integrations

66 66 

67* [Chrome](/en/chrome): automate browser tasks with your logged-in sessions67* [Chrome](/en/chrome): automate browser tasks with your logged-in sessions

68* [Computer use](/en/computer-use): let Claude open apps and control your screen on macOS

68* [GitHub Actions](/en/github-actions): run Claude in your CI pipeline69* [GitHub Actions](/en/github-actions): run Claude in your CI pipeline

69* [GitLab CI/CD](/en/gitlab-ci-cd): the same for GitLab70* [GitLab CI/CD](/en/gitlab-ci-cd): the same for GitLab

70* [Code Review](/en/code-review): automatic review on every pull request71* [Code Review](/en/code-review): automatic review on every pull request

627}627}

628```628```

629 629 

630Allow all marketplaces from an internal git server using regex pattern matching on the host:630Allow all marketplaces from an internal git server using regex pattern matching on the host. This is the recommended approach for [GitHub Enterprise Server](/en/github-enterprise-server#plugin-marketplaces-on-ghes) or self-hosted GitLab instances:

631 631 

632```json theme={null}632```json theme={null}

633{633{

314The sandbox isolates Bash subprocesses. Other tools operate under different boundaries:314The sandbox isolates Bash subprocesses. Other tools operate under different boundaries:

315 315 

316* **Built-in file tools**: Read, Edit, and Write use the permission system directly rather than running through the sandbox. See [permissions](/en/permissions).316* **Built-in file tools**: Read, Edit, and Write use the permission system directly rather than running through the sandbox. See [permissions](/en/permissions).

317* **Computer use on Desktop**: when Claude opens apps and controls your screen on macOS, it runs on your actual desktop rather than in an isolated environment. Per-app permission prompts gate each application. See [computer use](/en/desktop#let-claude-use-your-computer).317* **Computer use**: when Claude opens apps and controls your screen on macOS, it runs on your actual desktop rather than in an isolated environment. Per-app permission prompts gate each application. See [computer use in the CLI](/en/computer-use) or [computer use in Desktop](/en/desktop#let-claude-use-your-computer).

318 318 

319## See also319## See also

320 320 

244| `ask` | Array of permission rules to ask for confirmation upon tool use. See [Permission rule syntax](#permission-rule-syntax) below | `[ "Bash(git push *)" ]` |244| `ask` | Array of permission rules to ask for confirmation upon tool use. See [Permission rule syntax](#permission-rule-syntax) below | `[ "Bash(git push *)" ]` |

245| `deny` | Array of permission rules to deny tool use. Use this to exclude sensitive files from Claude Code access. See [Permission rule syntax](#permission-rule-syntax) and [Bash permission limitations](/en/permissions#tool-specific-permission-rules) | `[ "WebFetch", "Bash(curl *)", "Read(./.env)", "Read(./secrets/**)" ]` |245| `deny` | Array of permission rules to deny tool use. Use this to exclude sensitive files from Claude Code access. See [Permission rule syntax](#permission-rule-syntax) and [Bash permission limitations](/en/permissions#tool-specific-permission-rules) | `[ "WebFetch", "Bash(curl *)", "Read(./.env)", "Read(./secrets/**)" ]` |

246| `additionalDirectories` | Additional [working directories](/en/permissions#working-directories) that Claude has access to | `[ "../docs/" ]` |246| `additionalDirectories` | Additional [working directories](/en/permissions#working-directories) that Claude has access to | `[ "../docs/" ]` |

247| `defaultMode` | Default [permission mode](/en/permission-modes) when opening Claude Code | `"acceptEdits"` |247| `defaultMode` | Default [permission mode](/en/permission-modes) when opening Claude Code. Valid values: `default`, `acceptEdits`, `plan`, `auto`, `dontAsk`, `bypassPermissions`. The `--permission-mode` CLI flag overrides this setting for a single session | `"acceptEdits"` |

248| `disableBypassPermissionsMode` | Set to `"disable"` to prevent `bypassPermissions` mode from being activated. Disables the `--dangerously-skip-permissions` flag. Most useful in [managed settings](/en/permissions#managed-settings) where users cannot override it | `"disable"` |248| `disableBypassPermissionsMode` | Set to `"disable"` to prevent `bypassPermissions` mode from being activated. Disables the `--dangerously-skip-permissions` flag. Most useful in [managed settings](/en/permissions#managed-settings) where users cannot override it | `"disable"` |

249 249 

250### Permission rule syntax250### Permission rule syntax

14 14 

15## Requirements15## Requirements

16 16 

17Voice dictation uses a streaming speech-to-text service that is only available when you authenticate with a Claude.ai account. It is not available when Claude Code is configured to use an Anthropic API key directly, Amazon Bedrock, Google Vertex AI, or Microsoft Foundry.17Voice dictation streams your recorded audio to Anthropic's servers for transcription. Audio is not processed locally. The speech-to-text service is only available when you authenticate with a Claude.ai account, and is not available when Claude Code is configured to use an Anthropic API key directly, Amazon Bedrock, Google Vertex AI, or Microsoft Foundry. See [data usage](/en/data-usage) for how Anthropic handles your data.

18 18 

19Voice dictation also needs local microphone access, so it does not work in remote environments such as [Claude Code on the web](/en/claude-code-on-the-web) or SSH sessions. In WSL, voice dictation requires WSLg for audio access, which is included with WSL2 on Windows 11. On Windows 10 or WSL1, run Claude Code in native Windows instead.19Voice dictation also needs local microphone access, so it does not work in remote environments such as [Claude Code on the web](/en/claude-code-on-the-web) or SSH sessions. In WSL, voice dictation requires WSLg for audio access, which is included with WSL2 on Windows 11. On Windows 10 or WSL1, run Claude Code in native Windows instead.

20 20 

273### Extension settings273### Extension settings

274 274 

275| Setting | Default | Description |275| Setting | Default | Description |

276| --------------------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |276| --------------------------------- | --------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |

277| `selectedModel` | `default` | Model for new conversations. Change per-session with `/model`. |277| `selectedModel` | `default` | Model for new conversations. Change per-session with `/model`. |

278| `useTerminal` | `false` | Launch Claude in terminal mode instead of graphical panel |278| `useTerminal` | `false` | Launch Claude in terminal mode instead of graphical panel |

279| `initialPermissionMode` | `default` | Controls approval prompts for new conversations: `default`, `plan`, `acceptEdits`, `auto`, or `bypassPermissions`. See [permission modes](/en/permission-modes). |279| `initialPermissionMode` | `default` | Controls approval prompts for new conversations: `default`, `plan`, `acceptEdits`, `auto`, or `bypassPermissions`. See [permission modes](/en/permission-modes). |

285| `respectGitIgnore` | `true` | Exclude .gitignore patterns from file searches |285| `respectGitIgnore` | `true` | Exclude .gitignore patterns from file searches |

286| `environmentVariables` | `[]` | Set environment variables for the Claude process. Use Claude Code settings instead for shared config. |286| `environmentVariables` | `[]` | Set environment variables for the Claude process. Use Claude Code settings instead for shared config. |

287| `disableLoginPrompt` | `false` | Skip authentication prompts (for third-party provider setups) |287| `disableLoginPrompt` | `false` | Skip authentication prompts (for third-party provider setups) |

288| `allowDangerouslySkipPermissions` | `false` | Adds [Auto](/en/permission-modes#eliminate-prompts-with-auto-mode) and Bypass permissions to the mode selector. Auto requires a Team plan and Claude Sonnet 4.6 or Opus 4.6, so the option may remain unavailable even with this toggle on. Use Bypass permissions only in sandboxes with no internet access. |288| `allowDangerouslySkipPermissions` | `false` | Adds [Auto](/en/permission-modes#eliminate-prompts-with-auto-mode) and Bypass permissions to the mode selector. Auto requires a Team, Enterprise, or API plan and Claude Sonnet 4.6 or Opus 4.6, so the option may remain unavailable even with this toggle on. Use Bypass permissions only in sandboxes with no internet access. |

289| `claudeProcessWrapper` | - | Executable path used to launch the Claude process |289| `claudeProcessWrapper` | - | Executable path used to launch the Claude process |

290 290 

291## VS Code extension vs. Claude Code CLI291## VS Code extension vs. Claude Code CLI

104| Weekdays | Same as Daily but skips Saturday and Sunday. |104| Weekdays | Same as Daily but skips Saturday and Sunday. |

105| Weekly | Runs once per week on the day and time you specify. |105| Weekly | Runs once per week on the day and time you specify. |

106 106 

107For custom intervals like every 2 hours or first of each month, pick the closest preset and update the schedule from the CLI with `/schedule update` to set a specific schedule.107For custom intervals like every 2 hours or first of each month, pick the closest preset and update the schedule from the CLI with `/schedule update` to set a specific cron expression. The minimum interval is 1 hour. Expressions that fire more frequently, such as `*/30 * * * *`, are rejected.

108 108 

109### Repositories and branch permissions109### Repositories and branch permissions

110 110