feat(selfserve): scope-aware config/identity paths, user settings merge, version fallback#276
Open
michiosw wants to merge 1 commit into
Open
feat(selfserve): scope-aware config/identity paths, user settings merge, version fallback#276michiosw wants to merge 1 commit into
michiosw wants to merge 1 commit into
Conversation
Contributor
Author
This was referenced Jun 11, 2026
Greptile SummaryThis PR adds self-serve managed-observe foundations while keeping the existing enterprise path intact. It changes:
Confidence Score: 5/5This looks safe to merge.
Reviews (3): Last reviewed commit: "feat(selfserve): scope-aware config/iden..." | Re-trigger Greptile |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
michiosw
force-pushed
the
selfserve-paths-foundations
branch
from
1ba7ba8 to
55ae7c5
Compare
Contributor
Author
…ge, version fallback Foundations for self-serve (non-MDM) managed observe: - managedconfig.ResolvePath: env override > system /Library (MDM always wins, including on stat errors — never silently shadowed) > user ~/Library path written by the upcoming 'kontext setup' - installation.UserPath + daemon ties identity scope to config scope; enterprise defaults byte-identical - claudemanaged user-settings merge: idempotent install/remove of the five managed hooks in ~/.claude/settings.json, preserving all foreign content and file permissions; disjoint from Guard hooks - deployment version fallback: MDM marker wins, brew installs report cli-<version> Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
michiosw
force-pushed
the
selfserve-paths-foundations
branch
from
55ae7c5 to
8d585d0
Compare
Contributor
Author
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What & why
Foundations for self-serve on the CLI side (ENG-442) — the changes that let one binary serve both an MDM-managed Mac and a self-serve one, with enterprise behaviour byte-identical. No user-facing command yet; that's #277.
managedconfig.ResolvePath()resolves env override > system/Library(if present) > user~/Library, andLoad()records theScope. System (MDM) config always wins; an invalid system file is an error, never a silent fall-through to user scope. Installation identity follows the same scope so a user config reads a userinstallation.json, never the MDM one.~/.claude/settings.jsonhooks merge (internal/claudemanaged/usersettings.go): remove-ours-then-append-canonical per event, operating onmap[string]anyso all foreign content survives. Ownership is the sharedIsManagedHookCommandpredicate (disjoint from Guard hooks). Writes preserve the existing file mode, create new files0600, and back up first.cli-<version>deployment-version fallback reported to the ledger when no MDM package marker exists (self-serve brew installs).How to review / test — pure Go, nothing to install
The behaviour is fully covered by unit tests — no real filesystem-of-record, keychain, or daemon needed:
managedconfig/config_test.go: the env/system/user resolution matrix incl. invalid-system-no-fall-through.installation/state_test.go: scope-derived identity path.claudemanaged/usersettings_test.go: foreign-content preservation, stale-path replacement, Guard hooks left untouched, idempotency, malformed JSON, mode preservation.Risk
The enterprise default path is unchanged: with no env override and a system
/Libraryconfig present, resolution and the installation path are identical to pre-self-serve. Only the new user-scope branch is added.Part of the ENG-442 kontext-cli stack: #276 -> #277 -> #278.