Context
APW today reads operator config from ~/.apw/config.json (per-user, mode 0600). Enterprise rollouts via MDM (Jamf, Kandji, Mosyle, Intune for Mac) typically push managed configuration via defaults domains or configuration profiles, not by writing to ~/.
There is no documented way for an MDM admin to:
- Pre-populate
supportedDomains for a fleet.
- Pin a
fallbackProvider and absolute path organization-wide.
- Disable the
APW_DEMO path on managed hosts.
Proposed Fix
- Read managed defaults from
dev.omt.apw (or equivalent bundle id) preference domain, layered under user config (managed > user > built-in defaults).
- Document the supported MDM keys and a sample configuration profile in a new
docs/ENTERPRISE.md.
- Have
apw doctor report whether managed config is in effect and which keys it overrides.
Acceptance criteria
Context
APW today reads operator config from
~/.apw/config.json(per-user, mode0600). Enterprise rollouts via MDM (Jamf, Kandji, Mosyle, Intune for Mac) typically push managed configuration viadefaultsdomains or configuration profiles, not by writing to~/.There is no documented way for an MDM admin to:
supportedDomainsfor a fleet.fallbackProviderand absolute path organization-wide.APW_DEMOpath on managed hosts.Proposed Fix
dev.omt.apw(or equivalent bundle id) preference domain, layered under user config (managed > user > built-in defaults).docs/ENTERPRISE.md.apw doctorreport whether managed config is in effect and which keys it overrides.Acceptance criteria
CFPreferences(or equivalent) before falling back to~/.apw/config.json.apw doctor --jsonindicates managed-vs-user config provenance per setting..mobileconfigpublished indocs/ENTERPRISE.md.