Settings & Policy
Tool configuration, managed settings, command rules, and organizational controls
Extension Name IDE Extensions and Extension Registry
Vendor Terms IDE extensions, OpenVSX, extension registry, product.json
Scopes
Machine / AdminOrganization / Enterprise
Interfaces IDE
Availability current (explicit)
Trust Model Standard IDE extension trust with an explicit governance hook for curated registries
Notes Admins can point Kiro to a private registry by editing product.json; deployable via MDM/endpoint management
Extension Name Settings and Managed Settings
Vendor Terms settings.json, settings.local.json, managed settings, managed-settings.json, managed-settings.d/, server-managed settings, ~/.claude.json, managed preferences (plist), registry policies
Scopes
Organization / EnterpriseUser / HomeProject / Repo Root
Interfaces terminal CLI, VS Code, Desktop, web
Availability current (explicit)
Trust Model Formal policy/config layer with documented precedence; managed settings delivered by server policy or OS-level device management cannot be overridden; controls permissions, hooks, environment variables, model defaults
Notes Four-tier scope: Managed > CLI args > Local > Project > User. 50+ settings keys covering permissions, sandbox, hooks, env, plugins, auto-mode, and more. Server-managed settings via Claude.ai admin console for Teams/Enterprise. MDM delivery via macOS plist, Windows registry, or file-based managed-settings.json with drop-in directory. Managed-only settings cannot be overridden.
Extension Name Policies, Settings, and Content Exclusion
Vendor Terms policies, feature policies, privacy policies, model policies, AI controls, MCP management, MCP registry, MCP allowlist, content exclusion, IDE settings, policy conflicts
Scopes
User / HomeOrganization / EnterpriseMachine / Admin
Interfaces GitHub.com, VS Code, Visual Studio, JetBrains, Eclipse, Xcode, CLI
Availability current (explicit)
Trust Model Enterprise owners define policies that org owners cannot override; feature, privacy, and model policies control what licensed users can access; MCP allowlists restrict which servers are permitted; content exclusion configurable at repo, org, and enterprise levels
Notes Enterprise AI controls tab with Agents, Copilot, and MCP sections; three policy types: feature, privacy, and models; content exclusion does NOT apply to Copilot CLI, cloud agent, or Agent mode in IDEs; policy conflict resolution uses least-restrictive for most features, most-restrictive for sensitive ones
Extension Name Configuration, Rules, and Requirements
Vendor Terms config.toml, requirements.toml, managed configuration, rules, .rules files, profiles, feature flags, managed_config.toml, cloud-managed requirements, prefix_rule, permissions profiles, granular approval policy, enforce_residency
Scopes
User / HomeProject / Repo RootSubdirectory / FolderMachine / AdminCloud / Web SessionOrganization / Enterprise
Interfaces CLI, IDE extension, app
Availability current (explicit)
Trust Model Layered trust: requirements (admin-enforced, can't override) > managed defaults (admin-set starting values) > user config. Cloud-managed requirements use signed cache with expiry. Project-scoped config only loaded for trusted projects. Protected paths (.git, .codex, .agents) read-only even in workspace-write. OS-level sandbox (macOS Seatbelt, Linux bwrap+seccomp).
Notes Config, requirements, and managed configuration are current. Rules (.codex/rules/ with Starlark-based prefix_rule) and profiles are experimental. Cloud-managed requirements support group-based assignment for Business/Enterprise plans. MDM support for macOS. Precedence: CLI flags > Profile > Project config > User config > System config > Defaults. Requirements are admin-enforced and cannot be overridden.