Tygart Media

Claude Code for Teams: What to Commit, What to .gitignore, and What Actually Survives a Pull Request

Claude Notion editorial image 25

Written by

Will Tygart

in

,

Most teams I see roll out Claude Code by handing every engineer the install command and walking away. Three weeks later, half the repo has personal preferences committed to .claude/settings.json, the other half has a CLAUDE.md that contradicts the actual review process, and someone’s customized subagent is silently making code changes nobody else on the team understands.

There is a better way, and it lives in the split between three files: CLAUDE.md, .claude/settings.json, and .claude/settings.local.json. Get this split right, and Claude Code becomes a force multiplier for the team. Get it wrong, and you are shipping AI-generated code that nobody owns.

The Three-File Split

Here is the rule, no exceptions:

CLAUDE.md — committed. Project root. Every engineer’s session reads this at startup. Put your architectural decisions, preferred libraries, naming conventions, and a review checklist here. If you would not write it on a whiteboard for a new hire, it does not belong here.

.claude/settings.json — committed. Team-wide tool permissions, default models, and hooks. This is the file that keeps personal flagship-model enthusiasts from blowing through your team’s budget when claude-sonnet-4-6 would have done the job. If you let everyone default to claude-opus-4-7 for routine refactors, your monthly invoice will tell you about it.

.claude/settings.local.json — gitignored. Personal preferences, individual MCP server configs, anything that varies by engineer. Add this line to your .gitignore on day one:

.claude/settings.local.json

If you do not, someone will commit credentials by Friday. Audit your existing repo right now: git log --all --full-history -- .claude/settings.local.json will surface any history that needs scrubbing.

The mistake I see most often is teams committing settings.local.json because someone copied a tutorial that did not make the distinction clear. That copy-paste error is the single most common Claude Code rollout failure I have seen this year.

Shared Subagents Are the Real Win

Project subagents live in .claude/agents/ and they ship with the repo. This is where teams compound value. A subagent for security review, one for accessibility audits, one for SQL migration safety — defined once, used by every engineer, every PR.

A subagent definition is a markdown file with YAML frontmatter and a system prompt. When you commit it, every teammate’s claude invocation can call it. The subagent inherits your CLAUDE.md context automatically, so you do not have to redefine the project’s coding standards inside each agent.

Here is the trap: do not put twelve subagents in there on day one. Start with one. The team’s most painful repeated review task is the right candidate. Whatever takes a long time and pulls in multiple engineers per PR — that is your first subagent. After two weeks of using it, you will know whether the second one is worth defining.

CLAUDE.md Is a Living Document, Not a Manifesto

The longest CLAUDE.md files I see are the worst-performing. Engineers do not read 4,000-word context files, and neither does Claude in any useful way — at some point you are paying for tokens that just dilute the signal.

The CLAUDE.md files that actually shape behavior are usually compact, structured around three things:

  1. What this codebase is and what it is not.
  2. The handful of rules that get a PR rejected — test coverage, naming, error handling, dependency policy.
  3. A pointer to where deeper documentation lives.

If your CLAUDE.md has a “philosophy” section, delete it. If it has a “history of the project” section, delete it. The file is read every session — make every line earn its tokens.

CI/CD: Run Claude Code on PRs, Not in Place of Reviewers

The pattern that works in CI is automated triage, not automated approval. A GitHub Actions workflow that runs Claude Code on every PR to check for things humans miss — missing tests, secrets in logs, public APIs without docstrings — adds value. A workflow that approves and merges PRs adds liability.

Anthropic’s official GitHub Actions integration handles the auth and runs Claude Code headlessly. The realistic use cases:

  • Comment on PRs with a structured review (not a merge gate).
  • Auto-label PRs based on the diff.
  • Flag suspected regressions before a human reviewer opens the PR.

Avoid: anything that auto-merges, anything that posts directly to production-facing systems, anything that calls a paid API on every commit to a feature branch. The bill compounds quickly when CI fires Claude on every push to every developer branch. Gate the workflow on PR-target branches only, or on labels.

Where Claude Code for Teams Loses Today

The honest list:

  • No native role-based permissions inside a single repo. If you want a junior engineer’s Claude Code to be more restricted than a senior’s, you have to enforce it through settings.json and trust everyone to not edit it. The Enterprise plan adds SSO, SCIM, and audit logs at the workspace level, but inside the repo, Claude Code itself does not differentiate by role.
  • No first-class secret scanning before commits. Hooks can plug this gap, but you have to wire pre-commit yourself.
  • Shared MCP servers are still per-developer auth. A team-shared Linear or Jira MCP, for example, still requires each engineer to authenticate individually.

The Team plan addresses workspace-level governance through Premium seats, which is the tier that actually unlocks Claude Code for teammates. The Enterprise plan layers on SSO, SCIM, and audit logs. Neither makes the in-repo configuration questions go away — those are still your team’s problem to solve.

Model Selection Is a Team Decision

This one matters more than people realize. Default everyone in .claude/settings.json to claude-sonnet-4-6 for day-to-day work, with claude-opus-4-7 available for explicitly hard tasks. The current Anthropic lineup as of this writing — flagship claude-opus-4-7, workhorse claude-sonnet-4-6, fast claude-haiku-4-5-20251001 — is documented at docs.anthropic.com/en/docs/about-claude/models, and the model strings change frequently enough that hard-coding them in scripts has bitten me twice this year. Read that page, do not memorize it.

A team that defaults to flagship for everything and a team that defaults to workhorse with selective escalation will see meaningfully different invoices for substantially the same productivity. Make the choice consciously.

The 20-Minute Setup

If you are rolling Claude Code out to a team next week:

  1. Add .claude/settings.local.json to .gitignore. First commit, today.
  2. Write a focused CLAUDE.md covering review-blocking rules. Ship it short.
  3. Create one subagent in .claude/agents/ for the team’s most painful review task.
  4. Add a single GitHub Actions workflow that runs Claude Code on PRs in comment-only mode.
  5. Schedule a 30-minute team review of the CLAUDE.md every two weeks. Delete more than you add.

That is it. Everything else is iteration. The teams that succeed with Claude Code treat the configuration as code — versioned, reviewed, and pruned. The teams that fail treat it as a personal productivity tool that happens to be in a shared repo.

Decide which kind of team you want to be before the third engineer commits.

What to explore next
.clauderules & Configuration
We Published Hundreds of Articles About Claude — And Some of Them Were Wrong. Here’s Everything We’re Doing About It.
Same room
AI in Restoration
The End-in-Mind Principle in Restoration: What Covey Actually Meant for Service Businesses
You may also explore
Deep dive
The Studio
The Split Brain — Claude & Gemini Dual Intelligence
Deep dive

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts

HomeClaude Code for Teams