This page is about CLI configuration distribution. It is unrelated to
ManagedAgent runtime pages, which document Anthropic-hosted agents.Fully opt-in. With no managed source configured, resolution behaves byte-for-byte identical to before — no managed layer is added.
Quick Start
Point at a remote URL
Precedence Ladder
The managed layer splits into two: enforced policy sits above your local config, while managed defaults sit below it — so teams can suggest without clobbering deliberate local choices.| Order (highest wins) | Layer |
|---|---|
| 7 | Managed policy (permissions, model_allowlist) — enforced above local |
| 6 | CLI args |
| 5 | Environment variables |
| 4 | Project config (walk-up) |
| 3 | Global user config |
| 2 | Managed non-policy defaults — below local so teams suggest, not clobber |
| 1 | Built-in defaults |
Enforcement vs. Advisory
Only two keys are treated as policy:permissions and model_allowlist. When enforced they replace (not merge or concat) their local counterpart wholesale — a local override of an enforced key is ignored, including nested local sub-keys the policy does not mention. Set enforce: false to make the entire managed source advisory.
Agent-Perspective Example
Org policy shapes what anyAgent(...) run can do — no code change needed on the developer’s side.
Configuration Keys
Set these under amanaged: section in your global config, or via environment variables (env overrides the global section):
| Key | Type | Default | Description |
|---|---|---|---|
managed.url | str | None | Remote URL to fetch (https, or loopback http) |
managed.dir | str | None | Managed/enterprise directory (config.yaml/.yml/.json) |
managed.timeout | float | 3.0 | Fetch timeout in seconds |
managed.enforce | bool | True | false makes the whole source advisory |
model_allowlist | list[str] | None | Allowed models (enforceable policy key) |
permissions | dict | {} | Permission policy shape (enforceable policy key) |
managed: section):
| Variable | Maps to |
|---|---|
PRAISONAI_MANAGED_CONFIG_URL | managed.url |
PRAISONAI_MANAGED_CONFIG_DIR | managed.dir |
PRAISONAI_MANAGED_CONFIG_TIMEOUT | managed.timeout |
Provenance
ConfigResolver.resolve_with_provenance() reports, per key, which layer set it. Enforced keys are marked enforced: True.
managed: for defaults and managed-policy: for enforced keys.
Failure Modes
Offline behaviour
Offline behaviour
No network? The cached copy at
~/.praison/state/managed-config-<hash>.json is used. With no cache, resolution proceeds as local-only.SSRF guard (security)
SSRF guard (security)
Only
https (or explicit loopback http) URLs resolving to a public host are fetched. Private, loopback, link-local, and cloud-metadata hosts (e.g. 169.254.169.254) are refused. file:// and other non-http(s) schemes are refused. A rejected URL fails soft to the cache and is never fetched.Directory + URL together
Directory + URL together
If both
dir and url are set, the managed directory loads first and the remote URL layers on top of it.Best Practices
Suggest defaults, enforce only what matters
Suggest defaults, enforce only what matters
Put team preferences (
agent.model, agent.provider) in the managed source as defaults so projects can still override them. Reserve permissions and model_allowlist for what the org must guarantee.Prefer a managed directory for MDM
Prefer a managed directory for MDM
A directory drop (
/etc/praisonai/config.yaml) needs no network and is the simplest path for config-management tools to push.Serve URLs over HTTPS from a public host
Serve URLs over HTTPS from a public host
The SSRF guard only fetches
https:// URLs resolving to public IPs. Host the managed config on a public HTTPS endpoint so it is never silently refused.Verify enforcement with provenance
Verify enforcement with provenance
After a rollout, run
resolve_with_provenance() and confirm the policy keys show layer: managed-policy:... and enforced: True.Related
Hierarchical Config
Project-aware config walk-up and deep merge
Permissions
The permission policy shape enforced by managed config
Config CLI
Inspect and edit resolved config
Policy CLI
Team policy controls

