Claude Code Gets Version Gating for Enterprise Teams

Lachlan Reed

Welcome to the show everyone! I'm Lachlan Reed, here with James Turner. And James, mate, [chuckles] if you're managing a team of developers using Claude Code, Anthropic just handed you a massive win for your sanity. They've introduced proper configuration scopes and version gating. No more wild west with developers running whatever rogue version they stepped on.

James Turner

Oh, thank goodness. [excited] Because security drift is real. When you have fifty devs running fifty different versions of an agentic CLI tool, keeping your compliance straight is a total nightmare. So how are they centralizing this?

Lachlan Reed

It's all about managed configuration scopes. Platform teams can now lock down the exact version range of Claude Code that's allowed to run. They do this by setting two specific JSON properties in a global file: `requiredMinimumVersion` and `requiredMaximumVersion`. If a dev tries to spin up Claude Code and their local install falls outside that bracket, [matter-of-fact] it flat out refuses to run.

James Turner

Wait, it just blocks them? [laughs] I love that. No gentle suggestions, just "go update your tool." But where does this config actually live? Because if it's just in the user's home directory, a dev can just delete it or change it, right?

Lachlan Reed

Spot on, and that's the clever bit. It reads from system-wide directories that regular users shouldn't have write access to. On Linux, you're dropping a file called `managed-settings.json` into `/etc/claude-code/`. On macOS, it goes into `/Library/Application Support/claude-code/managed-settings.json`.

James Turner

Ah, root-owned directories. [thoughtfully] So unless your devs have local admin and want to actively bypass company policy, they're locked into whatever version the platform team vetted. That's a massive checkbox ticked for enterprise security compliance. What does the actual JSON look like? Just a basic object?

Lachlan Reed

Dead simple, mate. It's literally just a JSON object. You open curly braces, write `"requiredMinimumVersion": "0.2.0"`, comma, `"requiredMaximumVersion": "0.2.5"`, and close it. That's it. When the CLI boots up, it checks this system path first, parses those semantic version strings, and compares it against its own build.

James Turner

That's super clean. [pauses] But speaking of versions, what about the developer experience when they actually do need to update? Because nothing is worse than typing `claude update` and just praying it doesn't break your environment.

Lachlan Reed

They actually fixed that! [laughs] They added some great quality-of-life tweaks. Now, when you run `claude update`, the CLI explicitly prints the exact destination version it's about to grab before it starts downloading anything. It gives you that final chance to look at it and go, "Wait, no, my project's node version isn't ready for that," and hit cancel.

James Turner

Yes! [excited] No more blind downloads. And I heard they also fixed how slash commands behave in the terminal. That was driving me slightly crazy.

Lachlan Reed

Oh, the autocomplete behavior? Yeah, absolute lifesaver. Previously, if you used autocomplete on a slash command, it would just fire off instantly. Now, it populates the command into your prompt line first. [relieved]

James Turner

So you actually get to look at the populated command, edit the arguments, or back out before pressing enter. [warmly] It's the little things that keep us from accidentally nuking a directory.

Lachlan Reed

Exactly. It gives you back control. Well, that's us for today. Go lock down those Claude Code versions, mates. See you next time!

James Turner

Catch you later!