The Code tab in Cowork on third-party (3P) is the embedded Claude Code interface. It runs the same Claude Code engine as the standalone CLI, with a graphical session manager, and it inherits your Cowork on 3P configuration automatically.Documentation Index
Fetch the complete documentation index at: https://claude.com/docs/llms.txt
Use this file to discover all available pages before exploring further.
How configuration propagates
When the app starts a Code session, it translates your Cowork on 3P configuration keys into the equivalent Claude Code settings and passes them to the session. You configure one profile, and both tabs honor it. Each key reaches Claude Code through one of two mechanisms, and the distinction matters if you also deploy Claude Code’s own managed settings (see the next section).Always applied
These keys are passed directly to the Claude Code process as environment variables or launch options. They take effect on every Code session and cannot be overridden by user-level Claude Code settings or by a separately deployedmanaged-settings.json.
| Cowork on 3P key | Effect in Code sessions |
|---|---|
inferenceProvider and all provider credential keys (inferenceGateway*, inferenceVertex*, inferenceBedrock*, inferenceFoundry*, inferenceCredentialHelper*) | Selects the inference backend and supplies credentials. Code sessions use the same provider, endpoint, and credentials as the Cowork tab. |
inferenceModels | Populates the model picker. The first entry is the default for new Code sessions. |
disabledBuiltinTools | Removes the listed tools from Code sessions. Tools your provider does not support, such as WebSearch on Amazon Bedrock, are removed automatically in addition to your list. |
managedMcpServers | Makes the same managed MCP servers available in Code sessions. The app handles the connection and authentication; the Code session sees only the resulting tool list. |
otlpEndpoint, otlpProtocol, otlpHeaders, otlpResourceAttributes | Routes Claude Code’s OpenTelemetry metrics and logs to your collector. See Telemetry. |
disableEssentialTelemetry, disableNonessentialTelemetry | Disables Claude Code’s crash reporting and usage telemetry to Anthropic, mirroring the Cowork tab. |
disableAutoUpdates | The embedded Claude Code engine never self-updates regardless of this key; its version is managed by the app’s own updater. |
inferenceMaxTokensPerWindow, inferenceTokenWindowHours | The token budget is shared across the Cowork and Code tabs and enforced before each turn. |
Applied as managed policy
These keys are translated into Claude Code managed settings and supplied to the session as policy. They take precedence over user and project settings, but they participate in Claude Code’s managed-settings precedence if you have also deployed a separate Claude Code policy.| Cowork on 3P key | Claude Code policy it produces |
|---|---|
coworkEgressAllowedHosts | A network sandbox restricted to your hosts plus the inference and telemetry endpoints, WebFetch permission rules for the same hosts, and allowManagedDomainsOnly. |
allowedWorkspaceFolders | Filesystem sandbox and Read/Edit permission rules scoped to your allowed roots, plus additionalDirectories. The app also refuses to start a Code session outside an allowed root. |
managedMcpServers | An allowedMcpServers list containing only your managed servers, with allowManagedMcpServersOnly set so users cannot add their own from Claude Code’s side. |
Interaction with Claude Code’s own managed settings
Claude Code can also be configured directly by deploying amanaged-settings.json file, an OS configuration profile for Claude Code, or (with Anthropic authentication) server-managed settings. If a device has any of these, Claude Code treats it as the administrator policy and, by default, ignores the policy values Cowork supplies from the Applied as managed policy table. The Always applied keys are unaffected.
To have Cowork’s restrictions apply on top of your Claude Code policy, set parentSettingsBehavior to "merge" in the Claude Code managed settings you deploy:
managed-settings.json
"merge", Cowork’s policy values are layered under your Claude Code policy. Your values win any conflict, deny and allow lists are unioned, and Cowork’s values are filtered so they can only tighten policy, never loosen it. See parentSettingsBehavior in the Claude Code settings reference. Requires Claude Code v2.1.133 or later, which ships with Cowork on 3P.
In a third-party deployment there is no Anthropic authentication, so Claude Code’s server-managed settings tier is never present. If you have not separately deployed a Claude Code
managed-settings.json or OS profile, Cowork’s policy applies automatically and you do not need to set parentSettingsBehavior.Further reading
Disabling the Code tab
To remove the Code tab entirely, setisClaudeCodeForDesktopEnabled to false in your Cowork on 3P configuration. Users see only the Cowork tab.