Search everything...

Stats

Actions

Available In

cowork-mdm

Name: cowork-mdm
Author: krislavten

By krislavten

Claude Desktop MDM: author .mobileconfig / plist profiles, manage the org plugin marketplace, diagnose hosts. Drives the cowork-mdm CLI via Bash.

npx claudepluginhub krislavten/cowork-mdm --plugin cowork-mdm

Popularity

Stars

Med: 0·Avg: 285

Installs

Med: 0·Avg: 1

What's Inside

Slash Commands4

Context

/deploy

Validate and preview an MDM profile before MDM-channel deployment

Context

/doctor

Diagnose the local Claude Desktop install using cowork-mdm doctor

Context

/new-profile

Interactively author a new Claude Desktop MDM profile

Context

/refresh-plugins

Update all Claude Desktop plugin marketplaces and clean dangling symlinks

Skills5

cowork-mdm

/cowork-mdm

Router for Claude Desktop enterprise administration — loads when the user mentions cowork-mdm by name or asks a generic question about Managed Preferences for Claude Desktop that doesn't clearly belong to profile authoring, deployment, plugins, or diagnostics. Hands off to a specialist sub-skill. Prefer the specialists directly when the user's intent is specific (writing a profile, deploying one, managing org plugins, or troubleshooting a host).

mdm-doctor

/mdm-doctor

Diagnosing a broken Claude Desktop install — the managed profile isn't being read, plugins aren't showing up, the app won't launch, or the user's config differs from what the admin pushed. Load when the user is troubleshooting rather than setting up — phrases like "Claude Desktop won't launch", "doctor", "diagnose this host", "why isn't my profile active", "debug Claude", "something's broken with Claude Desktop". Uses `cowork-mdm doctor` to enumerate host state.

mdm-plugins

/mdm-plugins

Managing Claude Desktop's org plugin library — cloning plugin marketplaces from git, updating them, linking individual plugins into the `org-plugins/` directory, and cleaning up dangling symlinks. Load when the user wants to install, update, or remove plugins/marketplaces for the Claude Desktop app (distinct from Claude Code plugins) — phrases like "install plugin", "add marketplace", "org-plugins", "plugin not showing up", "dangling symlink", "marketplace update", or asks about `/Library/Application Support/Claude/org-plugins/`.

mdm-profile-authoring

/mdm-profile-authoring

Authoring Claude Desktop Managed Preferences profiles — selecting the right inference provider (Bedrock, Vertex, Azure Foundry, generic gateway, or MCP-only), looking up schema keys, writing a profile YAML, generating .mobileconfig or .plist, and validating the result. Load when the user wants to create, edit, or inspect a Claude Desktop MDM config — phrases like "write a mobileconfig", "configure Bedrock/Vertex/Azure for Claude", "lock down MCP servers", "what keys are available", "profile new", "profile validate", or questions about specific MDM keys like inferenceProvider, inferenceModels, managedMcpServers, coworkEgressAllowedHosts.

mdm-profile-deploy

/mdm-profile-deploy

Deploying a Claude Desktop MDM profile to real user machines — choosing between MDM channel push (Jamf/Intune/Kandji/Mosyle) vs local apply, verifying status on a target host, and debugging profiles that don't take effect. Load when the user wants to push, install, activate, or verify an already-authored profile — phrases like "apply this mobileconfig", "push via Jamf/Intune", "profile status", "why isn't my config taking effect", "Claude Desktop isn't reading my settings", or anything about `/Library/Managed Preferences/`.

Stats

Version0.3.0

ReleasedMay 1, 2026

LanguageGo

Stars0

MaintenanceGood

LicenseMIT

Last CommitMay 2, 2026

AddedMay 2, 2026

Actions

View on GitHub View README Plugin Marketplace JSON

Own this plugin?

Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).

Available In

cowork-mdm

Safety Signals

Caution

Runs pre-commands

Contains inline bash commands via ! syntax

README

cowork-mdm

CLI toolkit for deploying Claude Desktop in the enterprise: MDM config profiles, plugin marketplace management, and per-host diagnostics.

Status: v0.3 — CLI + Claude Code plugin. The CLI delivers profile generation, plugin marketplace management, and diagnostics. v0.3 adds a Claude Code plugin layer (skills + slash commands) that teaches an agent how to drive the CLI on the user's behalf. Plugin v0.3.0 wraps CLI v0.3.0; both ship together.

Not affiliated with Anthropic. This project is an independent effort based on reverse-engineering the public Claude Desktop application.

Why

Anthropic's public enterprise documentation covers 8 of the 51 MDM keys that Claude.app actually reads. The remaining keys — inferenceProvider, inferenceBedrockRegion, managedMcpServers, coworkEgressAllowedHosts, bootstrapUrl, and more — are defined in the app's embedded zod schema (FJ = me({...})) but undocumented publicly.

Deploying Claude Desktop in 3rd-party inference mode (Bedrock, Vertex, LLM gateway, Azure Foundry) relies heavily on these undocumented keys. cowork-mdm surfaces the schema, generates correct config profiles (.mobileconfig / .reg / Jamf / Intune formats), manages the org plugin marketplace, and runs per-host diagnostics — so IT admins don't have to reverse-engineer the Electron bundle themselves.

Quick start

# macOS (Homebrew)
brew tap krislavten/tap
brew install cowork-mdm

# Or download a binary from the Releases page:
# https://github.com/krislavten/cowork-mdm/releases

Commands

# Schema + path reference
cowork-mdm schema list                     # all 51 keys (name, type, scope, appMin)
cowork-mdm schema show inferenceProvider   # details: description, example, allowed values
cowork-mdm paths show                      # host paths cowork-mdm reads
cowork-mdm paths show --os windows         # simulate a different platform

# Profile authoring (YAML → .mobileconfig / plist)
# --template and --from are mutually exclusive; pick one:
cowork-mdm profile templates
cowork-mdm profile new --template bedrock-basic --out my.mobileconfig  # built-in verbatim
cowork-mdm profile new --from overrides.yaml --out my.mobileconfig     # your own YAML
cowork-mdm profile validate my.mobileconfig
cowork-mdm profile status                  # what's currently active on this host

# Marketplace + plugin management (macOS)
cowork-mdm marketplace add https://github.com/anthropics/claude-plugins-official
cowork-mdm marketplace update
cowork-mdm plugin list
cowork-mdm plugin prune

# Diagnostics
cowork-mdm doctor
cowork-mdm doctor --fix

Every subcommand accepts --json for machine-readable output. Spec and task breakdown: specs/ + docs/execution/TASKS.md.

Use as a Claude Code plugin

v0.3 adds a Claude Code plugin layer: five skills + four slash commands that teach an agent how to drive the cowork-mdm CLI safely on a user's behalf. The plugin ships no new logic — it's a documentation bundle that makes the CLI self-driving inside Claude Code.

Install (in Claude Code)

/plugin marketplace add https://github.com/krislavten/cowork-mdm
/plugin install cowork-mdm@cowork-mdm

The CLI itself must still be installed via Homebrew (see Quick start) — the plugin reports "CLI missing, install via brew" and stops if cowork-mdm isn't on PATH.

What the agent gets

Skills — loaded automatically when the user's request matches:

Skill	Loaded when the user asks about …
`cowork-mdm`	generic Claude Desktop MDM questions (routes to a specialist)
`mdm-profile-authoring`	writing / editing a profile, looking up schema keys, Bedrock / Vertex / Azure / gateway recipes
`mdm-profile-deploy`	pushing a profile via Jamf / Intune / Kandji, verifying status, why a config isn't taking effect
`mdm-plugins`	installing or updating `org-plugins/` marketplaces, dangling symlinks
`mdm-doctor`	troubleshooting a broken Claude Desktop install

Slash commands — executable playbooks:

Command	What it does
`/cowork-mdm:new-profile`	interactive profile generator (pick provider → collect values → generate → validate)
`/cowork-mdm:deploy PATH`	validate + dry-run preview, diff against current host, hand off for MDM push
`/cowork-mdm:doctor`	run `cowork-mdm doctor --json`, interpret findings, suggest specific fixes
`/cowork-mdm:refresh-plugins`	`marketplace update` + `plugin prune` dry-run

Safety invariants the plugin enforces

View full README on GitHub

cowork-mdm

Popularity

What's Inside

Confidence

README

cowork-mdm

Why

Quick start

Commands

Use as a Claude Code plugin

Install (in Claude Code)

What the agent gets

Safety invariants the plugin enforces

Similar Plugins

ecc

fullstack-dev-skills

octo

nextjs-expert

dotnet-skills

everything-claude-code

More by krislavten

sparring

cowork-mdm

Why

Quick start

Commands

Use as a Claude Code plugin

Install (in Claude Code)

What the agent gets

Safety invariants the plugin enforces

Popularity

Health & Quality

More by krislavten

sparring

Similar Plugins

ecc

fullstack-dev-skills

octo

nextjs-expert

dotnet-skills

everything-claude-code