Lesson 461 of 2116
Settings.json: Permissions, Env Vars, Model Overrides
Settings.json is where the harness — not the model — gets configured. It is also where most surprises live, so understanding the layers saves debugging time.
Lesson map
What this lesson covers
Learning path
The main moves in order
- 1What settings.json controls
- 2settings.json
- 3permission model
- 4config layering
Concept cluster
Terms to connect while reading
Section 1
What settings.json controls
Settings.json is the place to configure everything the model isn't deciding for itself: which permissions auto-approve, which env vars get exposed, which model the session defaults to, which hooks fire, which MCP servers connect. The model reads its own instructions; the harness reads settings.json.
The three config layers
Compare the options
| Layer | Path | Scope |
|---|---|---|
| User | ~/.claude/settings.json | All your sessions |
| Project | .claude/settings.json | Anyone in this repo |
| Local | .claude/settings.local.json | Just you, this repo (gitignored) |
What goes where
- User: personal model preference, default permissions, your global hooks
- Project: shared permissions, project-specific hooks, MCP servers everyone uses, env vars the project needs exposed
- Local: per-repo overrides for just you (an MCP server only you have credentials for)
Permission entries that pay off
Common permission setup. Allow the safe, repeated commands; explicitly deny the destructive ones.
{
"permissions": {
"allow": [
"Bash(pnpm test:*)",
"Bash(pnpm lint:*)",
"Bash(git status)",
"Bash(git diff:*)",
"Read(**)"
],
"deny": [
"Bash(git push --force:*)",
"Bash(rm -rf:*)"
]
}
}Env vars and overrides
Settings.json can expose env vars to the harness — useful for things like alternate API keys or AI Gateway URLs. It can also override the default model for a project (handy when one repo wants Sonnet and another wants Opus). The override happens at the harness level, before the model ever sees the request.
Apply: audit your settings tonight
- 1Open ~/.claude/settings.json
- 2Read every permission entry; ask 'would I be okay if this fired right now without asking?'
- 3Move team-wide entries to project settings
- 4Move personal/secret entries to local settings
- 5Commit the project settings; gitignore the local
Key terms in this lesson
The big idea: settings.json is the harness contract. Audit it like you audit credentials, layer it like you layer dotfiles.
End-of-lesson quiz
Check what stuck
15 questions · Score saves to your progress.
Tutor
Curious about “Settings.json: Permissions, Env Vars, Model Overrides”?
Ask anything about this lesson. I’ll answer using just what you’re reading — short, friendly, grounded.
Progress saved locally in this browser. Sign in to sync across devices.
Related lessons
Keep going
Creators · 8 min
Switching The Underlying Model In Pro
Pro lets you pick which LLM Perplexity uses for the final answer. The choice shifts tone, depth, and refusal behavior — sometimes more than the search itself.
Creators · 45 min
Structured Outputs: Make the Model Return Data You Can Trust
For production apps, pretty prose is often the wrong output. Learn when to use structured outputs, function calling, and schema validation.
Creators · 9 min
Pro Search vs Default: When To Spend The Compute
Pro Search runs more queries, reads more pages, and routes to a stronger model. It is not always worth the wait — knowing when it is is the skill.