Skip to main content
Point PraisonAI at a URL or directory your organisation controls to distribute team defaults and enforce policy from one source of truth.
Not the same as Managed CLI. That page covers CLI runtime management. This page is about managed configuration — org-distributed defaults and policy for the CLI config resolver.
Fully opt-in. With no managed source configured, resolution behaves exactly as before.

Quick Start

1

Point at a managed source

The shortest opt-in — one environment variable:
PraisonAI now pulls team defaults from that URL. If it is unreachable, PraisonAI uses the last-good cached copy or skips the layer — it never blocks a run.
2

Or use a managed directory

For MDM / config-management tooling, drop config.yaml in a directory and point the CLI at it:
Every praisonai run on that machine reads from /etc/praisonai/managed/config.yaml. No network required.
A managed config file looks like any other PraisonAI config, with optional policy keys:

Precedence Ladder

The managed layer splits into two: enforced policy sits above your local config, while managed defaults sit below it — so teams can suggest without clobbering deliberate local choices.

Enforcement vs. Advisory

Only two keys are treated as policy: permissions and model_allowlist. When enforced they replace (not merge or concat) their local counterpart wholesale — a local override of an enforced key is ignored, including nested local sub-keys the policy does not mention. Set enforce: false to make the entire managed source advisory.
Enforcement is a wholesale replace, not a merge. A managed permissions.bash.auto: false completely replaces any local permissions — none of the local sub-keys survive. This is easy to get wrong when reasoning about deep merges.

Agent-Perspective Example

Org policy shapes what any Agent(...) run can do — no code change needed on the developer’s side.

How to Configure

Three ways to set a managed source. Environment variables override the global managed: block.

Fail-Soft Behaviour

The managed layer never blocks a run on network I/O.
  • Short timeout via PRAISONAI_MANAGED_CONFIG_TIMEOUT (default 3 seconds).
  • On-disk cache under ~/.praison/state/.
  • On failure: use the last-good cached copy, else skip the managed layer entirely.
  • Only https:// URLs resolving to public IPs are fetched — an SSRF guard blocks http:// (except explicit loopback), private/link-local ranges, and cloud-metadata endpoints (e.g. 169.254.169.254).

Enforcement Semantics

Policy keys are replaced, not merged — a local override of an enforced key is ignored.
Enforced keys (permissions, model_allowlist) swap out their local counterpart wholesale. A local permissions.default: allow or extra rules does not survive when the managed policy sets a different permissions block.
Resolved result: permissions == {"bash": {"auto": False}} — the local default and rules are dropped.
Set enforce: false on the managed source and the entire source becomes advisory: all keys go to layer #2 (below local), none to layer #7. A local model_allowlist then concatenates with the managed default instead of being replaced.
Advisory defaults sit below local config so teams suggest starting points a developer can override. Policy sits above local config so admins enforce rules that must not be overridden.

Provenance

resolve_with_provenance labels every resolved key with the layer that set it, so you can see exactly where a value came from.

Best Practices

Put team preferences (agent.model, agent.provider) in the managed source as advisory defaults so projects can still override them. Reserve permissions and model_allowlist for what the org must guarantee.
A directory drop (/etc/praisonai/managed/config.yaml) needs no network and is the simplest path for config-management tools to push. It accepts config.yaml, config.yml, or config.json.
The SSRF guard only fetches https:// URLs resolving to public IPs. Host the managed config on a public HTTPS endpoint so it is never silently refused.
After a rollout, run resolve_with_provenance() and confirm the policy keys show layer: managed-policy:... and enforced: True.

Configuration

Local config-resolution basics and the precedence ladder.

Security

Organisation security posture and hardening.

Single Source Config

One project config file for model, tools, and RAG defaults.

Permissions

Pattern-based allow / deny / ask rules for tool calls.

Hierarchical Config

How global, project, and env layers merge.

Declarative Permissions

Declare permission policy in project config.