Config Guard
Config Guard is Sielum's feature for deploying, monitoring, and enforcing OS-level AI tool settings on every enrolled endpoint. For Claude Code, it writes a managed settings file with the highest possible priority — overriding user settings, CLI arguments, and project configuration in a way that developers cannot bypass.
Why Config Guard
Claude Code's configuration precedence is:
Config Guard file → CLI args → Local project → Shared project → User settings
This means that disableBypassPermissionsMode: "disable" in the Config Guard file blocks --dangerously-skip-permissions even as a CLI flag — something that writing to the user-level settings.json cannot achieve.
How it works
- An admin configures the Config Guard policy in the Sielum dashboard (Config Guard page).
- Sielum distributes the policy to all enrolled agents via the gRPC heartbeat.
- Each agent writes the policy to the OS-level path and monitors it for tampering.
- If a developer deletes or modifies the file, the agent restores it within 60 seconds and raises a tamper alert.
Deployed file path
| OS | Path |
|---|---|
| Linux | /etc/claude/managed_settings.json |
| macOS | /Library/Application Support/Claude/managed_settings.json |
| Windows | C:\ProgramData\Claude\managed_settings.json |
Config Guard can only enforce settings when the agent runs with sufficient privileges to write to the target path.
- Linux: run the agent as a systemd service (
sielum-agent.service) — it runs as root. - macOS / Windows: admin rights are required.
When the agent runs in user-mode (non-root), it cannot write /etc/claude/managed_settings.json. The dashboard shows a "user-mode: cannot enforce" badge for affected endpoints. No tamper alert is raised — this is a deployment configuration issue, not an attack.
Available policy settings
| Setting | Description |
|---|---|
| Disable Bypass Permissions Mode | Blocks --dangerously-skip-permissions and bypassPermissions config. |
| Allow Managed Permission Rules Only | Only admin-defined allow/deny tool rules apply. Users cannot set allowedTools: '*'. |
| Allow Managed MCP Servers Only | Only approved MCP servers (from the allow-list) can run. All others are blocked by Claude Code. |
| Allow Managed Hooks Only | Prevents user-defined hooks that could bypass policy checks. |
| Allow Remote Sessions | Whether Claude Code may accept remote session connections. |
Compliance monitoring
The Config Guard page in the dashboard shows real-time compliance status for all endpoints:
- Total endpoints covered by the policy
- Compliant / Non-Compliant split
- Per-endpoint tamper type (
missing,modified,user-mode: cannot enforce) and details
Tamper events generate a high-severity alert visible in the Alerts page.
Configuring the policy
Navigate to Config Guard in the sidebar. Changes take effect within 60 seconds (next agent heartbeat).
Enable Disable Bypass Permissions Mode and Allow Managed Permission Rules Only for all environments. Enable Allow Managed MCP Servers Only only after defining an MCP server allow-list.