feat: add macOS managed preferences support for enterprise MDM deployments#19178
Merged
rekram1-node merged 8 commits intoanomalyco:devfrom Apr 2, 2026
Merged
Conversation
github-actions
bot
added
needs:compliance
Contributor
|
Thanks for updating your PR! It now meets our contributing guidelines. 👍 |
lennyvaknine43
force-pushed
the
feat/macos-managed-preferences
branch
from
c87ac50 to
1668da0
Compare
erran
reviewed
Mar 26, 2026
| */ | ||
| async function readManagedPreferences(): Promise<Info> { | ||
| // Skip OS-level plist reading when test isolation is active | ||
| if (process.env.OPENCODE_TEST_MANAGED_CONFIG_DIR) return {} |
There was a problem hiding this comment.
I think this branch should be removed to avoid users setting this at runtime. Instead existsSync and Process.run could be mocked.
Contributor
Author
There was a problem hiding this comment.
yep you're right, removed it. the parsing/stripping logic is in a separate exported parseManagedPlist() function that the tests call directly with JSON strings — no env var branches, no mocking
lennyvaknine43
force-pushed
the
feat/macos-managed-preferences
branch
2 times, most recently
from
fc82ee9 to
9ca67d3
Compare
…ments Adds parseManagedPlist() and readManagedPreferences() to the config loader. On macOS, reads from /Library/Managed Preferences/ under the ai.opencode.managed preference domain (deployed via .mobileconfig / Jamf / Kandji / FleetDM). Settings merge at the highest priority tier, above all other config sources. parseManagedPlist() is a pure function that strips MDM metadata keys and parses through the config schema — fully unit-testable with no OS interaction. readManagedPreferences() handles the OS-level plist reading via plutil. No env var overrides are exposed. Includes docs in config.mdx covering file-based and MDM managed settings, mobileconfig creation, and MDM deployment instructions. Closes anomalyco#19158
lennyvaknine43
force-pushed
the
feat/macos-managed-preferences
branch
from
9ca67d3 to
571bd0b
Compare
Resolve conflicts in config.ts: - Accept upstream InstallInput type and lock-based installDependencies - Accept upstream getGlobal() merge in loadInstanceState - Reposition managed preferences merge after all other config sources
Collaborator
|
Dax said we can ship this for now but I think we are going to have a better approach that should work better across the board later on |
hugojosefson
pushed a commit
to hugojosefson/opencode
that referenced
this pull request
Apr 6, 2026
…ments (anomalyco#19178) Co-authored-by: Lenny Vaknine <lvaknine@gitlab.com> Co-authored-by: Aiden Cline <63023139+rekram1-node@users.noreply.github.com>
NicholasDominici
added a commit
to jairad26/opencode
that referenced
this pull request
Apr 6, 2026
* refactor(init): tighten AGENTS guidance (anomalyco#20422) * refactor(shell): use Effect ChildProcess for shell command execution (anomalyco#20494) * refactor: use Effect services instead of async facades in provider, auth, and file (anomalyco#20480) * chore: generate * chore: update nix node_modules hashes * Update VOUCHED list anomalyco#20482 (comment) * test(app): migrate more e2e suites to isolated backend (anomalyco#20505) * fix(account): coalesce concurrent console token refreshes (anomalyco#20503) * test(app): fix isolated backend follow-ups (anomalyco#20513) * wip: zen * refactor: replace BunProc with Npm module using @npmcli/arborist (anomalyco#18308) Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> Co-authored-by: Brendan Allan <git@brendonovich.dev> Co-authored-by: Aiden Cline <aidenpcline@gmail.com> * zen: sync * fix: normalize filepath in FileTime to prevent Windows path mismatch (anomalyco#20367) Co-authored-by: JosXa <info@josxa.dev> Co-authored-by: Luke Parker <10430890+Hona@users.noreply.github.com> * resolve subpath only packages for plugins (anomalyco#20555) * Fix selection expansion by retaining focused input selections during global key events (anomalyco#20205) * feat: add new provider plugin hook for resolving models and sync models from github models endpoint (falls back to models.dev) (anomalyco#20533) * fix(tui): apply scroll configuration uniformly across all scrollboxes (anomalyco#14735) * chore(tui): clean up scroll config follow-up (anomalyco#20561) * fix(opencode): batch snapshot revert without reordering (anomalyco#20564) * fix(test): auto-acknowledge tool-result follow-ups in mock LLM server (anomalyco#20528) * chore: generate * refactor: add Effect-returning versions of MessageV2 functions (anomalyco#20374) * refactor(bash): use Effect ChildProcess for bash tool execution (anomalyco#20496) * chore: generate * Refactor plugin/config loading, add theme-only plugin package support (anomalyco#20556) * fix(test): use effect helper in snapshot race test (anomalyco#20567) * refactor(revert): yield SessionSummary.Service directly (anomalyco#20541) * fix: show model display name in message footer and transcript (anomalyco#20539) * flock npm.add (anomalyco#20557) * fix(account): refresh console tokens before expiry (anomalyco#20558) * chore: add User-Agent headers for Cloudflare providers (anomalyco#20538) Co-authored-by: Aiden Cline <63023139+rekram1-node@users.noreply.github.com> * fix(build): replace require() with dynamic import() in cross-spawn-spawner (anomalyco#20580) * chore: generate * tui: add consent dialog when sharing for the first time (anomalyco#20525) * test(app): block real llm calls in e2e prompts (anomalyco#20579) * refactor(instruction): migrate to Effect service pattern (anomalyco#20542) * fix(cli): use simple logo in CLI (anomalyco#20585) * fix(core): prevent agent loop from stopping after tool calls with OpenAI-compatible providers (anomalyco#14973) Co-authored-by: Aiden Cline <63023139+rekram1-node@users.noreply.github.com> Co-authored-by: Aiden Cline <aidenpcline@gmail.com> * fix(session): compaction agent responds in same language as conversation (anomalyco#20581) Co-authored-by: Aaron Zhu <aaron@Aarons-MacBook-Air.local> * refactor(account): share token freshness helper (anomalyco#20591) * fix(cli): restore colored help logo (anomalyco#20592) * feat(opencode): Add Venice AI package as dependency (anomalyco#20570) * chore: generate * cli: update usage exceeded error * chore: update nix node_modules hashes * fix(node): set OPENCODE_CHANNEL during build (anomalyco#20616) * zen: friendly trial ended message * refactor: simplify solid reactivity across app and web (anomalyco#20497) * use solid-primitives/resize-observer across web code (anomalyco#20613) * cleanup event listeners with solid-primitives/event-listener (anomalyco#20619) * chore: update nix node_modules hashes * refactor: split up models.dev and config model definitions to prevent coupling (anomalyco#20605) * chore: generate * feat: add optional messageID to ShellInput (anomalyco#20657) * chore: generate * ignore: fix typecheck in dev (anomalyco#20702) * fix(format): use biome format instead of check to prevent import removal (anomalyco#20545) Co-authored-by: Aiden Cline <63023139+rekram1-node@users.noreply.github.com> * tweak: add abort signal timeout to the github copilot model fetch to prevent infinite blocking (anomalyco#20705) * Add MiMo-V2 models to Go UI and docs (anomalyco#20709) * refactor(format): update formatter interface to return command from enabled() (anomalyco#20703) * app: unify auto scroll ref handling (anomalyco#20716) * go: add mimo * electron: add basic context menu for inspect element (anomalyco#20723) * feat: add macOS managed preferences support for enterprise MDM deployments (anomalyco#19178) Co-authored-by: Lenny Vaknine <lvaknine@gitlab.com> Co-authored-by: Aiden Cline <63023139+rekram1-node@users.noreply.github.com> * chore: generate * feat(acp): Add messageID and emit user_message_chunk on prompt/command (anomalyco#18625) Co-authored-by: Aiden Cline <63023139+rekram1-node@users.noreply.github.com> * chore: generate * test(app): add a golden path for mocked e2e prompts (anomalyco#20593) * chore: update nix node_modules hashes * docs(effect): refresh migration status (anomalyco#20665) * test(opencode): remove temporary e2e url repro (anomalyco#20729) * refactor(app): unexport internal e2e helpers (anomalyco#20730) * test(app): emit junit artifacts for playwright (anomalyco#20732) * refactor(todo): effectify session todo (anomalyco#20595) * Adds TUI prompt traits, refs, and plugin slots (anomalyco#20741) * chore: update nix node_modules hashes * dialog aware prompt cursor (anomalyco#20753) * fix(opencode): honor model limit.input overrides (anomalyco#16306) Co-authored-by: Aiden Cline <63023139+rekram1-node@users.noreply.github.com> * refactor(effect): prune unused facades (anomalyco#20748) * fix: rm dynamic part from bash tool description again to restore cache hits across projects (anomalyco#20771) * refactor(share): effectify share next (anomalyco#20596) * fix: call models.dev once instead of twice on start (anomalyco#20765) * fix: prevent Tool.define() wrapper accumulation on object-defined tools (anomalyco#16952) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * chore: generate * add automatic heap snapshots for high-memory cli processes (anomalyco#20788) * feat: Send x-session-affinity and x-parent-session-id headers (anomalyco#20744) * fix(sdk): handle Windows opencode spawn and shutdown (anomalyco#20772) * chore: update nix node_modules hashes * electron: better menus (anomalyco#20878) * fix(core): fix restoring earlier messages in a reverted chain (anomalyco#20780) * fix(session): delay jump-to-bottom button (anomalyco#20853) * fix(prompt): unmount model controls in shell mode (anomalyco#20886) * fix(session): disable todo dock auto-scroll (anomalyco#20840) * feat(ui): redesign modified files section in session turn (anomalyco#20348) Co-authored-by: David Hill <iamdavidhill@gmail.com> * fix(app): hide default session timestamps (anomalyco#20892) * refactor(effect): resolve built tools through the registry (anomalyco#20787) * fix: restore prompt focus after footer selection (anomalyco#20841) * feat: restore git-backed review modes (anomalyco#20845) * chore: generate * fix(app): show correct submit icon when typing follow up * chore(app): remove queued follow-ups for now * refactor(effect): build todowrite tool from Todo service (anomalyco#20789) Co-authored-by: Juan Pablo Carranza Hurtado <52012198+jpcarranza94@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * test(ci): publish unit reports in actions (anomalyco#20547) * chore: rm models snapshot (anomalyco#20929) * notes on v2 (anomalyco#20941) * chore: generate * refactor(provider): stop custom loaders using facades (anomalyco#20776) Co-authored-by: luanweslley77 <213105503+luanweslley77@users.noreply.github.com> * perf(opencode): batch snapshot diffFull blob reads (anomalyco#20752) Co-authored-by: Nate Williams <50088025+natewill@users.noreply.github.com> * fix(ci): create JUnit output dirs before tests (anomalyco#20959) * release: v1.3.14 * refactor: remove redundant Kimi skill section (anomalyco#20393) Co-authored-by: dongyuxin <dongyuxin@dev.dongyuxin.msh-dev.svc.cluster.local> Co-authored-by: Aiden Cline <63023139+rekram1-node@users.noreply.github.com> * fix(npm): Arborist reify fails on compiled binary — Bun pre-resolves node-gyp path at build time (anomalyco#21040) * release: v1.3.15 * fix: ensure reasoning tokens arent double counted when calculating usage (anomalyco#21047) * feat(tui): show console-managed providers (anomalyco#20956) * refactor(effect): move read tool onto defineEffect (anomalyco#21016) * chore: generate * fix(tui): only show org switch affordances when useful (anomalyco#21054) * chore: generate * test: add regression test for double counting bug (anomalyco#21053) * doc: udpate doc * tweak: add newline between <content> and first line of read tool output to prevent confusion (anomalyco#21070) * fix(plugin): parse package specifiers with npm-package-arg and sanitize win32 cache paths (anomalyco#21135) * chore: update nix node_modules hashes * feat(tui): make the mouse disablable (anomalyco#6824, anomalyco#7926) (anomalyco#13748) * fix(core): implement proper configOptions for acp (anomalyco#21134) * fix: pass both 'openai' and 'azure' providerOptions keys for @ai-sdk/azure (anomalyco#20272) Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Aiden Cline <63023139+rekram1-node@users.noreply.github.com> * fix(tui): default Ctrl+Z to undo on Windows (anomalyco#21138) * release: v1.3.16 * zen: remove header check * zen: normalize ipv6 * fix: show clear error when Cloudflare provider env vars are missing (anomalyco#20399) Co-authored-by: Aiden Cline <63023139+rekram1-node@users.noreply.github.com> Co-authored-by: Aiden Cline <aidenpcline@gmail.com> * fix(tui): revert kitty keyboard events workaround on windows (anomalyco#20180) * release: v1.3.17 * fix(lsp): MEMORY LEAK: ensure typescript server uses native project config (anomalyco#19953) * chore: generate * docs: update Cloudflare provider setup to reflect /connect prompt flow (anomalyco#20589) * refactor: replace Bun.serve with Node http.createServer in OAuth handlers (anomalyco#18327) Co-authored-by: LukeParkerDev <10430890+Hona@users.noreply.github.com> * upgrade opentui to 0.1.97 (anomalyco#21137) * refactor(server): replace Bun serve with Hono node adapters (anomalyco#18335) Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> Co-authored-by: Luke Parker <10430890+Hona@users.noreply.github.com> Co-authored-by: Adam <2363879+adamdotdevin@users.noreply.github.com> Co-authored-by: Brendan Allan <git@brendonovich.dev> * chore: update nix node_modules hashes * tweak: ensure copilot anthropic models have same reasoning effort model as copilot cli, also fix qwen incorrectly having variants (anomalyco#21212) * tweak: adjust chat.params hook to allow altering of the maxOutputTokens (anomalyco#21220) * tweak: move the max token exclusions to plugins @rekram1-node (anomalyco#21225) * fix: bump openrouter ai sdk pkg to fix openrouter issues (anomalyco#21242) --------- Co-authored-by: Shoubhit Dash <shoubhit2005@gmail.com> Co-authored-by: Kit Langton <kit.langton@gmail.com> Co-authored-by: opencode-agent[bot] <opencode-agent[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Frank <frank@anoma.ly> Co-authored-by: Dax <mail@thdxr.com> Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> Co-authored-by: Brendan Allan <git@brendonovich.dev> Co-authored-by: Aiden Cline <aidenpcline@gmail.com> Co-authored-by: Joscha Götzer <joscha.goetzer@gmail.com> Co-authored-by: JosXa <info@josxa.dev> Co-authored-by: Luke Parker <10430890+Hona@users.noreply.github.com> Co-authored-by: Sebastian <hasta84@gmail.com> Co-authored-by: Aiden Cline <63023139+rekram1-node@users.noreply.github.com> Co-authored-by: MC <mchen@cloudflare.com> Co-authored-by: Valentin Vivaldi <valentin.vivaldi@etendo.software> Co-authored-by: Aaron Zhu <139607425+aaron-he-zhu@users.noreply.github.com> Co-authored-by: Aaron Zhu <aaron@Aarons-MacBook-Air.local> Co-authored-by: dpuyosa <dpuyosa@users.noreply.github.com> Co-authored-by: Brendan Allan <brendonovich@outlook.com> Co-authored-by: Noam Bressler <noamzbr@gmail.com> Co-authored-by: Burak Yigit Kaya <byk@sentry.io> Co-authored-by: Jack <jack@anoma.ly> Co-authored-by: Lenny Vaknine <lenny.vaknine@gmail.com> Co-authored-by: Lenny Vaknine <lvaknine@gitlab.com> Co-authored-by: ykswang <ykswang@users.noreply.github.com> Co-authored-by: Juan Pablo Carranza Hurtado <52012198+jpcarranza94@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Kevin Flansburg <kevin.flansburg@gmail.com> Co-authored-by: Nate Williams <50088025+natewill@users.noreply.github.com> Co-authored-by: David Hill <iamdavidhill@gmail.com> Co-authored-by: Adam <2363879+adamdotdevin@users.noreply.github.com> Co-authored-by: luanweslley77 <213105503+luanweslley77@users.noreply.github.com> Co-authored-by: opencode <opencode@sst.dev> Co-authored-by: Yuxin Dong <yxdong9805@gmail.com> Co-authored-by: dongyuxin <dongyuxin@dev.dongyuxin.msh-dev.svc.cluster.local> Co-authored-by: Gautier DI FOLCO <gautier.difolco@gmail.com> Co-authored-by: George Harker <george@georgeharker.com> Co-authored-by: Corné Steenhuis <cornesteenhuis@hotmail.com> Co-authored-by: Derek Barrera <derekbarrera@gmail.com>
balcsida
pushed a commit
to balcsida/opencode
that referenced
this pull request
Apr 8, 2026
…ments (anomalyco#19178) Co-authored-by: Lenny Vaknine <lvaknine@gitlab.com> Co-authored-by: Aiden Cline <63023139+rekram1-node@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue for this PR
Closes #19158
Type of change
What does this PR do?
Adds support for reading macOS managed preferences deployed via .mobileconfig / MDM (Jamf, Kandji, FleetDM). On macOS,
readManagedPreferences()checks for a plist at/Library/Managed Preferences/under theai.opencode.managedpreference domain, converts it to JSON viaplutil, strips MDM metadata keys (PayloadUUID,_manualProfile, etc.), and merges the result at the highest priority tier — above file-based managed config, project config, and user config.This is the standard macOS mechanism for enterprise config enforcement (same pattern as Claude Code's
com.anthropic.claudecodedomain). The plist is root-owned and only writable by MDM, so users cannot override it. Every existingopencode.jsonkey works as a plist key — no schema changes needed.The changes are ~35 lines in
config.ts, 2 lines inpreload.tsfor test isolation, and 5 tests covering override behavior and graceful missing-plist handling.Available settings reference
Every key from
opencode.jsonworks as a managed preference key. The plist structure maps 1:1 to the JSON config:share"manual"|"auto"|"disabled"autoupdatetrue|false|"notify"model"provider/model"(e.g."anthropic/claude-sonnet-4-5")small_model"provider/model"— model for lightweight tasksdefault_agent"build","plan", or custom)usernameenabled_providersdisabled_providerssnapshotserver.hostname"127.0.0.1")server.portserver.mdnsserver.corspermission.*"ask"|"allow"|"deny"permission.read"ask"|"allow"|"deny"or{ "pattern": "action" }permission.editpermission.bashpermission.glob"ask"|"allow"|"deny"permission.grep"ask"|"allow"|"deny"permission.list"ask"|"allow"|"deny"permission.task"ask"|"allow"|"deny"permission.skill"ask"|"allow"|"deny"permission.webfetch"ask"|"allow"|"deny"permission.websearch"ask"|"allow"|"deny"permission.todowrite"ask"|"allow"|"deny"permission.external_directory"ask"|"allow"|"deny"permission.doom_loop"ask"|"allow"|"deny"permission.lsp"ask"|"allow"|"deny"permission.<path-glob>"~/.ssh/*": "deny")compaction.autocompaction.prunemcp.<name>.type"local"|"remote"mcp.<name>.urlmcp.<name>.commandmcp.<name>.enabledinstructionspluginUsage guide for MDM admins
1. Create a .mobileconfig
The plist keys map directly to
opencode.jsonfields:2. Deploy via MDM
Jamf Pro: Computers > Configuration Profiles > Upload > scope to target devices
FleetDM: Add the .mobileconfig under
mdm.macos_settings.custom_settingsand runfleetctl apply3. Verify on a device
Double-click the .mobileconfig to install locally for testing (shows in System Settings > Privacy & Security > Profiles), then:
plutil -p "/Library/Managed Preferences/$(whoami)/ai.opencode.managed.plist" opencode debug configHow did you verify your code works?
/Library/Managed Preferences/on a Jamf-enrolled macOS devicebun dev debug configresolved all managed settings correctly~/.config/opencode/opencode.json(e.g.share: auto,bash: allow) and confirmed MDM settings override themScreenshots / recordings
N/A — no UI changes.
Checklist