feat(config): add managed settings support for enterprise deployments #6441

Mishkun · 2025-12-30T12:57:33Z

Summary

Adds support for managed settings files that take precedence over all user settings, enabling enterprise administrators to enforce configurations that users cannot override easily

Closes #6358

Changes

Add platform-specific path for managed settings in Global.Path
Load and apply managed settings as final merge in config loading

Managed Settings Locations

Platform	Path
macOS	`/Library/Application Support/opencode/managed-settings.json`
Linux	`/etc/opencode/managed-settings.json`
Windows	`%ProgramData%\opencode\managed-settings.json`

Testing

Generated some tests. I was using env var to inject managed config location. But I think it might compromise the settings. I'm open to suggestions on how to resolve this issue.

Manual testing was performed via these commands:

Setup

sudo mkdir -p "/Library/Application Support/opencode/"
sudo bash -c 'cat > "/Library/Application Support/opencode/managed-settings.json" << EOF                  
{                                                                                                           
  "\$schema": "https://opencode.ai/config.json",
   "tools": {                                                                                                  
        "write": false,                                                                                           
        "bash": false,
        "edit": false
    }                                                                                                       
}                                                                                                         
EOF'

Check

this command should ask for permission when managed settings are present, or simply execute otherwise.

bun dev -p "write a joke to a file in current dir"

Cleanup

sudo rm "/Library/Application Support/opencode/managed-settings.json"
sudo rmdir "/Library/Application Support/opencode/"

Add support for a managed settings file that takes precedence over all user settings, allowing enterprise administrators to enforce configurations that users cannot override. Managed settings locations: - macOS: /Library/Application Support/opencode/managed-settings.json - Linux: /etc/opencode/managed-settings.json - Windows: %ProgramData%\opencode\managed-settings.json New configuration priority (highest to lowest): 1. Managed Settings (admin-controlled, read-only) 2. Environment variable overrides 3. Project settings 4. User settings 5. Schema defaults Closes sst#6358

Mishkun force-pushed the feature/managed-settings branch from dbd3e36 to 515af77 Compare December 30, 2025 14:18

Mishkun force-pushed the feature/managed-settings branch from 515af77 to a5479a8 Compare December 30, 2025 14:25

Mishkun marked this pull request as ready for review December 30, 2025 14:53

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat(config): add managed settings support for enterprise deployments #6441

feat(config): add managed settings support for enterprise deployments #6441

Mishkun commented Dec 30, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

feat(config): add managed settings support for enterprise deployments #6441

Are you sure you want to change the base?

feat(config): add managed settings support for enterprise deployments #6441

Conversation

Mishkun commented Dec 30, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Changes

Managed Settings Locations

Testing

Setup

Check

Cleanup

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Mishkun commented Dec 30, 2025 •

edited

Loading