[FEATURE] Enterprise protected context injection for policy enforcement
Problem Statement
Enterprise teams need Claude Code to apply organization-owned policy bundles (instructions, hooks, architecture/compliance guardrails) without storing sensitive artifacts in the monorepo.
Current gaps:
- Sensitive policy artifacts are commonly committed in repo files and become readable by all contributors.
- Multi-team monorepos need different policy bundles by repo path and environment.
- Policy rollouts and emergency changes require repo edits, causing drift and slow response.
Proposed Solution
Add runtime protected-context injection so Claude Code can fetch enterprise policy bundles from external systems (secret manager/config service or broker) and deterministically merge them into session context.
Requested behavior:
- Runtime retrieval from enterprise-controlled source.
- Deterministic precedence rules (documented and testable), e.g. platform safety > enterprise protected bundle > local project instructions > user prompt.
- Monorepo path/environment mapping support.
- Configurable startup behavior:
fail_closed: refuse startup if required policy cannot load.fail_open: continue with warning when policy is unavailable.- Per-session metadata capture:
policy_id,policy_version, optional content hash. - Default redaction of policy content in UI/logs; metadata-only exposure unless explicit admin debug mode.
- Hook policy controls where protected deny rules cannot be overridden by local repo hooks.
Alternative Solutions
Current workaround is committing policy/hook context into repo files or distributing local scripts, which does not satisfy least-privilege and creates policy drift.
Priority
High - Significant impact on productivity and enterprise adoption.
Feature Category
Configuration and settings
Use Case Example
- Developer opens Claude Code in
repo/services/paymentsand receives the Payments policy bundle. - Another developer opens
repo/mobileand receives a different bundle. - Security rotates a policy in the control plane.
- New Claude Code sessions pick up the new version immediately with no repo change.
- Session diagnostics show only policy metadata (ID/version/hash), enabling audit evidence without exposing policy contents.
Additional Context
Operational/security expectations:
- Enterprise identity-based retrieval.
- Encrypted transport.
- Optional encrypted cache with TTL.
- No automatic writing of protected bundles into workspace files.
- No secret values in telemetry.
- Startup latency target around p95 <= 500 ms with bounded retries and configurable timeout.
Source requirements are based on an enterprise implementation requirements document used for Codex/CLI policy injection planning.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗