You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
feat(claude-code): add managed_settings input for /etc/claude-code policy delivery
The module currently configures permission posture by writing
bypassPermissionsModeAccepted, autoModeAccepted, and primaryApiKey
directly into the user-writable ~/.claude.json, and forces
--dangerously-skip-permissions on every task launch regardless of the
configured permission_mode. Both bypass Claude Code's permission system
rather than configuring it.
This adds a managed_settings input that renders to
/etc/claude-code/managed-settings.d/10-coder.json, the sanctioned
drop-in directory Claude Code reads at highest precedence. The file is
root-owned so users cannot override it from inside the workspace, and
the mechanism is purely client-side so it works with any inference
backend (Anthropic API, Bedrock, Vertex, AI Gateway).
permission_mode, allowed_tools, and disallowed_tools are deprecated in
favor of managed_settings.permissions and are shimmed into the policy
file for one release when managed_settings is not set.
start.sh now only adds --dangerously-skip-permissions for tasks when no
explicit permission_mode is configured (same approach as #846), and
install.sh no longer writes permission-acceptance flags or the API key
into ~/.claude.json.
Copy file name to clipboardExpand all lines: registry/coder/modules/claude-code/README.md
+30-1Lines changed: 30 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -21,7 +21,7 @@ module "claude-code" {
21
21
```
22
22
23
23
> [!WARNING]
24
-
> **Security Notice**: This module uses the `--dangerously-skip-permissions`flag when running Claude Code tasks. This flag bypasses standard permission checks and allows Claude Code broader access to your system than normally permitted. While this enables more functionality, it also means Claude Code can potentially execute commands with the same privileges as the user running it. Use this module _only_ in trusted environments and be aware of the security implications.
24
+
> **Security Notice**: When no `permission_mode` or `managed_settings` policy is configured, this module passes `--dangerously-skip-permissions`to Claude Code tasks for backward compatibility. That flag bypasses all permission checks. For production use, set `managed_settings.permissions.defaultMode` (see [Enterprise policy via managed settings](#enterprise-policy-via-managed-settings)) so Claude Code runs under an explicit, admin-controlled permission posture instead.
25
25
26
26
> [!NOTE]
27
27
> By default, this module is configured to run the embedded chat interface as a path-based application. In production, we recommend that you configure a [wildcard access URL](https://coder.com/docs/admin/setup#wildcard-access-url) and set `subdomain = true`. See [here](https://coder.com/docs/tutorials/best-practices/security-best-practices#disable-path-based-apps) for more details.
@@ -32,6 +32,35 @@ module "claude-code" {
32
32
- You can get the API key from the [Anthropic Console](https://console.anthropic.com/dashboard).
33
33
- You can get the Session Token using the `claude setup-token` command. This is a long-lived authentication token (requires Claude subscription)
34
34
35
+
### Enterprise policy via managed settings
36
+
37
+
The `managed_settings` input writes a policy file to `/etc/claude-code/managed-settings.d/10-coder.json` inside the workspace. Claude Code reads this directory at startup with the highest configuration precedence, so users cannot override these values in their own `~/.claude/settings.json`. This is a local file mechanism and works with any inference backend (Anthropic API, AWS Bedrock, Google Vertex AI, or AI Bridge / AI Gateway).
See the [Claude Code settings reference](https://docs.anthropic.com/en/docs/claude-code/settings) for the full schema (`permissions`, `env`, `hooks`, `apiKeyHelper`, `model`, and more).
60
+
61
+
> [!NOTE]
62
+
> The legacy `permission_mode`, `allowed_tools`, and `disallowed_tools` variables are deprecated in favor of `managed_settings.permissions`. For one release they are automatically mapped into the policy file when `managed_settings` is not set.
63
+
35
64
### Session Resumption Behavior
36
65
37
66
By default, Claude Code automatically resumes existing conversations when your workspace restarts. Sessions are tracked per workspace directory, so conversations continue where you left off. If no session exists (first start), your `ai_prompt` will run normally. To disable this behavior and always start fresh, set `continue = false`
description="Permission mode for the cli, check https://docs.anthropic.com/en/docs/claude-code/iam#permission-modes"
161
+
description="Deprecated: use managed_settings.permissions.defaultMode instead. Permission mode for the cli, check https://docs.anthropic.com/en/docs/claude-code/iam#permission-modes"
description="A list of tools that should be allowed without prompting the user for permission, in addition to settings.json files."
183
+
description="Deprecated: use managed_settings.permissions.allow instead. A comma-separated list of tools that should be allowed without prompting the user for permission."
184
184
default=""
185
185
}
186
186
187
187
variable"disallowed_tools" {
188
188
type=string
189
-
description="A list of tools that should be disallowed without prompting the user for permission, in addition to settings.json files."
189
+
description="Deprecated: use managed_settings.permissions.deny instead. A comma-separated list of tools that should be disallowed without prompting the user for permission."
190
190
default=""
191
+
}
191
192
193
+
variable"managed_settings" {
194
+
type=any
195
+
description="Policy settings written to /etc/claude-code/managed-settings.d/10-coder.json. Highest-precedence client config; works with any inference backend (Anthropic API, Bedrock, Vertex, AI Gateway). See https://docs.anthropic.com/en/docs/claude-code/settings for the schema."
0 commit comments