[BUG] Empty server-managed settings (304 cached) zero out local managed-settings.json — deny/allow rules never enforced

Open 💬 4 comments Opened Jun 23, 2026 by kratsg

Platform: Linux (RHEL 9)
Claude Code version: current (tested 2026-06-22)

Problem

When a facility deploys /etc/claude-code/managed-settings.json with permissions.allow and permissions.deny rules, those rules are silently discarded at startup. All policySettings destinations end up with 0 rules regardless of what the file contains.

Root cause (from debug log)

The documented precedence is server-managed > managed-settings.json. When the deployment has no server-managed policy configured with Anthropic, the server returns an empty/cached 304 response. Claude Code treats this as "server-managed policy = zero rules" and replaces policySettings with empty arrays, overwriting the local file.

\\\
[DEBUG] MDM settings load completed in 2ms # local file read
[DEBUG] Remote managed settings loaded # empty 304 from Anthropic
[DEBUG] Replacing all allow rules for destination 'policySettings' with 0 rule(s): []
[DEBUG] Replacing all deny rules for destination 'policySettings' with 0 rule(s): []
\
\\

The local file is valid and readable (managed-settings.json is world-readable, no symlink issues).

Expected behavior

An empty/absent server-managed response should be treated as "not configured" and fall through to managed-settings.json. It should not be treated as a configured policy of zero rules that overrides the local file.

Actual behavior

All policySettings allow/deny rules are zeroed out. Any rules in managed-settings.json — including deny rules meant to restrict tool access — are never enforced.

Impact

Facility-wide deny rules (e.g., Bash(condor_*)) are never enforced on shared systems. Users can run any command without restriction, defeating the purpose of managed settings for shared multi-user environments.

Reproduction

  1. Deploy /etc/claude-code/managed-settings.json with deny rules on a Linux system with no Anthropic enterprise/server-managed policy configured
  2. Run claude --debug-file /tmp/debug.log -p hello
  3. Grep for policySettings in the debug log — all rules show 0 rule(s): [] despite the valid local file

Example managed-settings.json

{
  "permissions": {
    "allow": ["Bash(pixi*)", "Bash(du*)", "Bash(df*)"],
    "deny": ["Bash(condor_*)"]
  }
}

Notes

  • The same behavior occurs with managed-settings.d/ drop-in files (tested prior to switching to managed-settings.json)
  • The debug log confirms the file is being watched: Watching for changes in setting files ... /etc/claude-code/managed-settings.json... and drop-in directory /etc/claude-code/managed-settings.d
  • The remote settings fetch returns 304 (cached), suggesting this affects any deployment without a paid Anthropic enterprise MDM policy

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗