Not the same as Managed CLI. That page covers CLI runtime management. This page is about managed configuration — org-distributed defaults and policy for the CLI config resolver.
Fully opt-in. With no managed source configured, resolution behaves exactly as before.
Quick Start
1
Point at a managed source
The shortest opt-in — one environment variable:PraisonAI now pulls team defaults from that URL. If it is unreachable, PraisonAI uses the last-good cached copy or skips the layer — it never blocks a run.
2
Or use a managed directory
For MDM / config-management tooling, drop Every
config.yaml in a directory and point the CLI at it:praisonai run on that machine reads from /etc/praisonai/managed/config.yaml. No network required.Precedence Ladder
The managed layer splits into two: enforced policy sits above your local config, while managed defaults sit below it — so teams can suggest without clobbering deliberate local choices.Enforcement vs. Advisory
Only two keys are treated as policy:permissions and model_allowlist. When enforced they replace (not merge or concat) their local counterpart wholesale — a local override of an enforced key is ignored, including nested local sub-keys the policy does not mention. Set enforce: false to make the entire managed source advisory.
Agent-Perspective Example
Org policy shapes what anyAgent(...) run can do — no code change needed on the developer’s side.
How to Configure
Three ways to set a managed source. Environment variables override the globalmanaged: block.
- Env vars
- Global config block
- Managed source content
Fail-Soft Behaviour
The managed layer never blocks a run on network I/O.- Short timeout via
PRAISONAI_MANAGED_CONFIG_TIMEOUT(default 3 seconds). - On-disk cache under
~/.praison/state/. - On failure: use the last-good cached copy, else skip the managed layer entirely.
- Only
https://URLs resolving to public IPs are fetched — an SSRF guard blockshttp://(except explicit loopback), private/link-local ranges, and cloud-metadata endpoints (e.g.169.254.169.254).
Enforcement Semantics
Policy keys are replaced, not merged — a local override of an enforced key is ignored.Policy replaces, never merges
Policy replaces, never merges
Enforced keys (Resolved result:
permissions, model_allowlist) swap out their local counterpart wholesale. A local permissions.default: allow or extra rules does not survive when the managed policy sets a different permissions block.permissions == {"bash": {"auto": False}} — the local default and rules are dropped.enforce: false → everything advisory
enforce: false → everything advisory
Set
enforce: false on the managed source and the entire source becomes advisory: all keys go to layer #2 (below local), none to layer #7. A local model_allowlist then concatenates with the managed default instead of being replaced.Advisory below, policy above
Advisory below, policy above
Advisory defaults sit below local config so teams suggest starting points a developer can override. Policy sits above local config so admins enforce rules that must not be overridden.
Provenance
resolve_with_provenance labels every resolved key with the layer that set it, so you can see exactly where a value came from.
Best Practices
Suggest defaults, enforce only what matters
Suggest defaults, enforce only what matters
Put team preferences (
agent.model, agent.provider) in the managed source as advisory defaults so projects can still override them. Reserve permissions and model_allowlist for what the org must guarantee.Prefer a managed directory for MDM
Prefer a managed directory for MDM
A directory drop (
/etc/praisonai/managed/config.yaml) needs no network and is the simplest path for config-management tools to push. It accepts config.yaml, config.yml, or config.json.Serve URLs over HTTPS from a public host
Serve URLs over HTTPS from a public host
The SSRF guard only fetches
https:// URLs resolving to public IPs. Host the managed config on a public HTTPS endpoint so it is never silently refused.Verify enforcement with provenance
Verify enforcement with provenance
After a rollout, run
resolve_with_provenance() and confirm the policy keys show layer: managed-policy:... and enforced: True.Related
Configuration
Local config-resolution basics and the precedence ladder.
Security
Organisation security posture and hardening.
Single Source Config
One project config file for model, tools, and RAG defaults.
Permissions
Pattern-based allow / deny / ask rules for tool calls.
Hierarchical Config
How global, project, and env layers merge.
Declarative Permissions
Declare permission policy in project config.

