[FEATURE] Enterprise protected context injection for policy enforcement

Resolved 💬 3 comments Opened Mar 16, 2026 by spurush1 Closed Mar 20, 2026

Problem Statement

Enterprise teams need Claude Code to apply organization-owned policy bundles (instructions, hooks, architecture/compliance guardrails) without storing sensitive artifacts in the monorepo.

Current gaps:

  • Sensitive policy artifacts are commonly committed in repo files and become readable by all contributors.
  • Multi-team monorepos need different policy bundles by repo path and environment.
  • Policy rollouts and emergency changes require repo edits, causing drift and slow response.

Proposed Solution

Add runtime protected-context injection so Claude Code can fetch enterprise policy bundles from external systems (secret manager/config service or broker) and deterministically merge them into session context.

Requested behavior:

  • Runtime retrieval from enterprise-controlled source.
  • Deterministic precedence rules (documented and testable), e.g. platform safety > enterprise protected bundle > local project instructions > user prompt.
  • Monorepo path/environment mapping support.
  • Configurable startup behavior:
  • fail_closed: refuse startup if required policy cannot load.
  • fail_open: continue with warning when policy is unavailable.
  • Per-session metadata capture: policy_id, policy_version, optional content hash.
  • Default redaction of policy content in UI/logs; metadata-only exposure unless explicit admin debug mode.
  • Hook policy controls where protected deny rules cannot be overridden by local repo hooks.

Alternative Solutions

Current workaround is committing policy/hook context into repo files or distributing local scripts, which does not satisfy least-privilege and creates policy drift.

Priority

High - Significant impact on productivity and enterprise adoption.

Feature Category

Configuration and settings

Use Case Example

  1. Developer opens Claude Code in repo/services/payments and receives the Payments policy bundle.
  2. Another developer opens repo/mobile and receives a different bundle.
  3. Security rotates a policy in the control plane.
  4. New Claude Code sessions pick up the new version immediately with no repo change.
  5. Session diagnostics show only policy metadata (ID/version/hash), enabling audit evidence without exposing policy contents.

Additional Context

Operational/security expectations:

  • Enterprise identity-based retrieval.
  • Encrypted transport.
  • Optional encrypted cache with TTL.
  • No automatic writing of protected bundles into workspace files.
  • No secret values in telemetry.
  • Startup latency target around p95 <= 500 ms with bounded retries and configurable timeout.

Source requirements are based on an enterprise implementation requirements document used for Codex/CLI policy injection planning.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗