Agent-Ex

Settings & Policy

Tool configuration, managed settings, command rules, and organizational controls

Amazon Kiro
Extension Name Enterprise Governance and Settings
Vendor Terms Kiro Profile, admin settings, .kiroignore, content exclusion, MCP governance, model governance
Scopes
Organization / EnterpriseUser / HomeProject / Repo RootMachine / Admin
Interfaces IDE, CLI
Availability current (explicit)
Trust Model Admin-controlled via AWS console with client-side enforcement; .kiroignore blocks files from agent context
Notes Kiro Profile controls encryption, prompt logging, MCP, web tools, model allow-lists, and API key generation; MCP governance via registry allow-list; content exclusion via .kiroignore; CLI tool permissions default to read-trusted with per-request approval for writes; SSO with Okta and Microsoft Entra ID
Enterprise settings ↗Enterprise governance ↗CLI permissions ↗
Claude Code
Extension Name Settings and Managed Settings
Vendor Terms settings.json, managed settings, managed-settings.json, server-managed settings
Scopes
Organization / EnterpriseUser / HomeProject / Repo Root
Interfaces terminal CLI, VS Code, Desktop, web, JetBrains
Availability current (explicit)
Trust Model Admin-delivered managed settings cannot be overridden; controls permissions, hooks, environment variables, and model defaults
Notes Four-tier scope (managed > local > project > user); 60+ settings keys; server-managed settings via Claude.ai admin console; MDM delivery via macOS plist, Windows registry, or file-based; JSON schema at schemastore.org
Settings ↗Server-managed settings ↗
GitHub Copilot
Extension Name Policies, Settings, and Content Exclusion
Vendor Terms policies, content exclusion, MCP allowlist, BYOK, Copilot Memory policy
Scopes
User / HomeOrganization / EnterpriseMachine / Admin
Interfaces GitHub.com, VS Code, Visual Studio, JetBrains, Eclipse, Xcode, CLI
Availability current (explicit)
Trust Model Admin-defined policies that lower tiers cannot override; MCP allowlists restrict permitted servers
Notes Three policy types (feature, privacy, model); content exclusion does not apply to CLI, cloud agent, or Agent mode; agentic audit log events for monitoring; BYOK in preview
Copilot policies ↗Content exclusion ↗Policy conflicts ↗
OpenAI Codex
Extension Name Configuration, Rules, and Requirements
Vendor Terms config.toml, requirements.toml, managed configuration, rules, profiles
Scopes
User / HomeProject / Repo RootSubdirectory / FolderMachine / AdminCloud / Web SessionOrganization / Enterprise
Interfaces CLI, IDE extension, app, web
Availability current (explicit)
Trust Model Admin-enforced requirements cannot be overridden; OS-level sandbox (macOS Seatbelt, Linux bwrap+seccomp)
Notes Requirements are admin-enforced and cannot be overridden; cloud-managed requirements for Business/Enterprise; rules (experimental) use Starlark-based prefix_rule; 4-level feature maturity taxonomy
Config basics ↗Configuration reference ↗Managed configuration ↗
Data last updated 2026-04-19 · Auto-generated from upstream docs and may be inaccurate · Source on GitHub