Governance configuration: organizational policies for command, file, and content restrictions
Resolved 💬 5 comments Opened Feb 18, 2026 by imran-siddique Closed Mar 8, 2026
Proposal: Governance Configuration for Claude Code
Summary
Add support for a .claude/governance.yaml configuration file that allows organizations to define policies for what Claude Code can do in a repository — command restrictions, file path protections, content filters, and audit logging.
Motivation
Claude Code is increasingly used in enterprise environments where organizations need governance controls:
- Command restrictions — Block dangerous commands (
rm -rf /,curl | bash), require approval for others (sudo,docker) - File protections — Prevent modifications to
.env,*.key,.git/config, production configs - Content policies — Ensure generated code doesn't contain hardcoded secrets, bypass security checks, or introduce known vulnerable patterns
- Audit logging — Log all commands executed and files modified for compliance (SOX, SOC2, HIPAA)
Proposed Configuration
# .claude/governance.yaml
governance:
level: moderate # permissive | moderate | strict
commands:
blocked_patterns: ["rm -rf /", "curl * | bash", "eval("]
require_approval: ["sudo", "docker", "kubectl"]
files:
protected: [".env*", "*.key", "*.pem", "secrets/"]
read_only: ["LICENSE", "CODEOWNERS"]
content:
block_patterns: ["password=", "api_key=", "AWS_SECRET"]
require_review: ["eval(", "exec(", "subprocess.call"]
audit:
enabled: true
log_path: ".claude/audit.jsonl"
Integration with Existing Features
This would complement:
- CLAUDE.md — Project instructions (what to do) vs governance (what NOT to do)
- Permissions system — Current permission model controls tool access; governance adds organizational policy layer
- Security review action — claude-code-security-review scans PRs; governance prevents issues before they're created
Context
We maintain Agent-OS governance framework. Filed governance proposals across the ecosystem:
- anthropics/skills #412 — Governance skill
- anthropics/claude-plugins-official #415 — Governance plugin
- anthropics/claude-agent-sdk-python #587 — Governance hooks
- openai/codex #12190 — Similar proposal for Codex CLI
This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗