Policy Ranger by Willow · Free · No signup

Meet Policy Ranger.
The Free Claude Code Policy Builder.

The free visual policy builder for Claude Code. Set permissions for bash, MCP servers, model config, and hooks, all crafted with industry best practices. Export for macOS, Windows, or Linux MDM. No signup, no catch.

Generate my policy. No signup.

No account. No credit card. Export in one click.

Trusted by

Demo

Watch Policy Ranger build a policy in 90 seconds

Pick a tier, change a rule, export the file your MDM can push.
No narration, no setup. That's the whole tool.

How it works

Build a Claude Code policy in three steps

1. Pick a tier

Start from scratch, Minimal, Standard, Strict, or Lockdown. Each seeds the editor with a real, defensible set of rules, not a blank file.

2. Customize

Adjust every permission in plain language. The editor shows you exactly what each rule does and who it affects.

3. Export and deploy

Download managed-settings.json, .mobileconfig, or .reg. Push through Jamf, Intune, or your MDM. Enforces system-wide, org-wide — developers can't override it.

Generate my policy. No signup.

The Editor

A visual editor for Claude Code managed settings

Start from a tier

Five hardened presets, Minimal to Lockdown. Pick the closest match, adjust every rule from there.

Edit visually

No hand-written JSON, no registry syntax. Set bash, MCP, model, and hook rules in a real interface.

Export for your MDM

managed-settings.json, .mobileconfig for macOS, .reg for Windows. One click, ready to push.

Why managed settings

Why managed settings, not local settings

Local settings are a suggestion. Managed settings are policy.

Local settings

Live in the developer's home directory

Any developer can edit, override, or delete them

Bypassed with one --dangerously-skip-permissions flag

Per machine, per person, no visibility

Managed settings

Pushed through your MDM

System-level, can't be edited away

The flag itself is disabled by policy

Org-wide, enforced on every session

This is how you say yes to Claude Code without betting your codebase on the honor system.

Full coverage

Every control in the Claude Code managed-settings spec

Policy Ranger covers every control Claude Code exposes through managed settings.

Bash commands

Allow, ask, or block per command. Stop curl, wget, sudo, git push, scp, and rsync before they run.

MCP servers

Managed servers only, or none at all. No developer wiring an unreviewed server into your repo.

Model configuration

Force Claude.ai account login, block raw API keys at startup, set the models and modes you allow.

Hooks

Disable hooks entirely, or scope exactly which ones can fire.

Secrets & files

Block reading .env, secrets/**, SSH keys, AWS credentials, and service-account files.

Network tools

Block WebFetch, WebSearch, curl, wget, and nc for true air-gapped sessions.

Bypass mode

Disable --dangerously-skip-permissions so no one can step around the policy.

Startup notice

Show your policy announcement every time Claude Code launches.

Spinner verbs

Down to the wording your org sees. Small thing, fully yours.

Trust & credibility

Crafted with industry best practices

Policy Ranger's tiers aren't guesses. Every rule is crafted with industry best practices and the deployment patterns we run with the companies that govern AI at scale, built on Anthropic's published Claude Code managed-settings spec.

You're not starting from a blank JSON file on a Friday afternoon. You're starting from a hardened baseline a real security team would ship. Free.

Built on Anthropic's Claude Code managed-settings spec

The reason

Why is Policy Ranger free?

We build Willow, the platform that governs every AI agent across the enterprise. Every security team we meet is writing its first Claude Code policy from a blank file. That doesn't need a sales call. It needs a tool.

So here it is. Policy Ranger, free, no signup, no credit card. When you're ready to enforce policy across every agent and every machine, not just Claude Code, we're right here. When you're not, ship your policy and go.

Learn about Willow

Generate my policy

FAQS

What is Policy Ranger?

Policy Ranger is a free Claude Code policy builder for security and platform teams. Create a Claude Code managed-settings policy in minutes, set permissions for bash commands, MCP servers, model configuration, and hooks, then export managed-settings.json, a macOS .mobileconfig, or a Windows .reg file to deploy through your MDM org-wide. No account required.

Is it actually free?

Yes. Unlimited policies, every tier, every export format. No signup to build, no signup to export.

Do you store my policy?

No. It builds in your browser. Close the tab and it's gone. The file you download is the only copy, which is the point.

What can I export?

managed-settings.json for Linux and file-based deployment, .mobileconfig for macOS MDM, and .reg for the Windows Registry.

Can developers override the policy?

No. Managed settings are enforced at the system level through your MDM. That is exactly what separates managed settings from local settings.

Is this an official Anthropic product?

No. Policy Ranger is built by Willow on Anthropic's published Claude Code managed-settings spec.

What's the catch?

None. We hope that when you're ready to govern every AI agent, not just Claude Code, you'll take a look at Willow. Until then, ship your policy.

Who built this?

Willow. We govern AI agents in production at Wix, Innovid, and Riskified. We built Policy Ranger because every Claude Code rollout we see starts with "we don't have a policy yet."

Your agents are already in the wild.

Give them a Basecamp. Go from AI chaos to AI work, in minutes.

Get Started

Book a Demo

Meet Policy Ranger.The Free Claude Code Policy Builder.