From 3adc97d9016ca2da46ec029ac0a2f20ba37d4e9a Mon Sep 17 00:00:00 2001
From: docker-claude <user@docker-claude.local>
Date: Tue, 14 Apr 2026 22:55:02 +0200
Subject: [PATCH] feat(policy): restrict available models to sonnet, opus,
 haiku

Add /etc/claude-code/managed-settings.json with availableModels set to
the three Anthropic model families. The file is root-owned inside the
container so the node user cannot modify it. Managed settings cannot be
bypassed via --model flag, /model command, or ANTHROPIC_MODEL env var.
---
 claude/Dockerfile            | 4 ++++
 claude/managed-settings.json | 3 +++
 2 files changed, 7 insertions(+)
 create mode 100644 claude/managed-settings.json

diff --git a/claude/Dockerfile b/claude/Dockerfile
index 1a70a05..3025650 100644
--- a/claude/Dockerfile
+++ b/claude/Dockerfile
@@ -11,6 +11,10 @@ RUN apk add --no-cache \
 # Entrypoint used by the webui service (ttyd wrapping claude)
 COPY --chmod=755 webui-entrypoint.sh /usr/local/bin/webui-entrypoint.sh
 
+# System-level Claude Code policy — owned by root, not writable by the node user.
+# Restricts available models; cannot be bypassed via CLI flags or env vars.
+COPY managed-settings.json /etc/claude-code/managed-settings.json
+
 # Install Claude Code globally
 RUN npm install -g @anthropic-ai/claude-code
 
diff --git a/claude/managed-settings.json b/claude/managed-settings.json
new file mode 100644
index 0000000..f43cb85
--- /dev/null
+++ b/claude/managed-settings.json
@@ -0,0 +1,3 @@
+{
+  "availableModels": ["sonnet", "opus", "haiku"]
+}