theorydeltaclaim-fidelity audits
built 2026-07-17dossiers: 5last verified 2026-07-09independent · evidence-traced · no vendor influence
← back to Claude Code dossier

CLAIM 13 / Claude Code

"Managed settings: cannot be overridden by any other level, including command line arguments"

partial

Observed

True as currently shipped per release review, but the guarantee has failed twice: before v2.1.74, a user-level allow rule or a committed skill's allowed-tools frontmatter silently won over enterprise managed ask policies — a privilege escalation path in managed deployments — and v2.1.80 fixed managed settings (enabledPlugins, permissions.defaultMode, policy-set env vars) not being applied at startup when remote-settings.json was cached from a prior session. Both fixes are release-reviewed; TD has not re-executed the managed-policy precedence matrix.

  1. UPDATE 2026-06-28: a new active regression — an HTTP 304 response zeroes out the local managed-settings.json, silently dropping all deny/allow rules (#70181, open 2026-06-23).

Evidence

Verification

verified 2026-07-16 · by probe-ci · probe probes/claude-code/claim-13/

theorydelta.com · 2026independent · evidence-backed · every claim sourced or labelledabout ·glossary ·rss ·mcp ·llms.txt