managedEnvConstants.ts
utils/managedEnvConstants.ts
No strong subsystem tag
192
Lines
6813
Bytes
3
Exports
0
Imports
10
Keywords
What this is
This page documents one file from the repository and includes its full source so you can read it without leaving the docs site.
Beginner explanation
This file is one piece of the larger system. Its name, directory, imports, and exports show where it fits. Start by reading the exports and related files first.
How it is used
Start from the exports list and related files. Those are the easiest clues for where this file fits into the system.
Expert explanation
Architecturally, this file intersects with general runtime concerns. It contains 192 lines, 0 detected imports, and 3 detected exports.
Important relationships
Detected exports
isProviderManagedEnvVarDANGEROUS_SHELL_SETTINGSSAFE_ENV_VARS
Keywords
settingsroutingwhichmodelendpointhostconfigauthvertex_region_claude_vars
Detected imports
- No import paths detected.
Source notes
This page embeds the full file contents. Small or leaf files are still indexed honestly instead of being over-explained.
Full source
/**
* Environment variables that control inference routing: which provider to use,
* which endpoint to hit, and which model IDs to send.
*
* When CLAUDE_CODE_PROVIDER_MANAGED_BY_HOST is truthy in the spawn env, these
* are stripped from settings-sourced env so the host's routing config isn't
* overridden by a user's ~/.claude/settings.json — e.g. a Bedrock setup for
* terminal CLI that would break a host that only supports first-party auth.
*
* @[MODEL LAUNCH]: New models usually don't need changes here —
* VERTEX_REGION_CLAUDE_* is prefix-matched. New providers or new routing
* config vars (endpoint, project, region, auth) do.
*/
const PROVIDER_MANAGED_ENV_VARS = new Set([
// The flag itself — settings can't unset it once the host set it
'CLAUDE_CODE_PROVIDER_MANAGED_BY_HOST',
// Provider selection
'CLAUDE_CODE_USE_BEDROCK',
'CLAUDE_CODE_USE_VERTEX',
'CLAUDE_CODE_USE_FOUNDRY',
// Endpoint config (base URLs, project/resource identifiers)
'ANTHROPIC_BASE_URL',
'ANTHROPIC_BEDROCK_BASE_URL',
'ANTHROPIC_VERTEX_BASE_URL',
'ANTHROPIC_FOUNDRY_BASE_URL',
'ANTHROPIC_FOUNDRY_RESOURCE',
'ANTHROPIC_VERTEX_PROJECT_ID',
// Region routing (per-model VERTEX_REGION_CLAUDE_* handled by prefix below)
'CLOUD_ML_REGION',
// Auth
'ANTHROPIC_API_KEY',
'ANTHROPIC_AUTH_TOKEN',
'CLAUDE_CODE_OAUTH_TOKEN',
'AWS_BEARER_TOKEN_BEDROCK',
'ANTHROPIC_FOUNDRY_API_KEY',
'CLAUDE_CODE_SKIP_BEDROCK_AUTH',
'CLAUDE_CODE_SKIP_VERTEX_AUTH',
'CLAUDE_CODE_SKIP_FOUNDRY_AUTH',
// Model defaults — often set to provider-specific ID formats
'ANTHROPIC_MODEL',
'ANTHROPIC_DEFAULT_HAIKU_MODEL',
'ANTHROPIC_DEFAULT_HAIKU_MODEL_DESCRIPTION',
'ANTHROPIC_DEFAULT_HAIKU_MODEL_NAME',
'ANTHROPIC_DEFAULT_HAIKU_MODEL_SUPPORTED_CAPABILITIES',
'ANTHROPIC_DEFAULT_OPUS_MODEL',
'ANTHROPIC_DEFAULT_OPUS_MODEL_DESCRIPTION',
'ANTHROPIC_DEFAULT_OPUS_MODEL_NAME',
'ANTHROPIC_DEFAULT_OPUS_MODEL_SUPPORTED_CAPABILITIES',
'ANTHROPIC_DEFAULT_SONNET_MODEL',
'ANTHROPIC_DEFAULT_SONNET_MODEL_DESCRIPTION',
'ANTHROPIC_DEFAULT_SONNET_MODEL_NAME',
'ANTHROPIC_DEFAULT_SONNET_MODEL_SUPPORTED_CAPABILITIES',
'ANTHROPIC_SMALL_FAST_MODEL',
'ANTHROPIC_SMALL_FAST_MODEL_AWS_REGION',
'CLAUDE_CODE_SUBAGENT_MODEL',
])
const PROVIDER_MANAGED_ENV_PREFIXES = [
// Per-model Vertex region overrides — scales with model releases, so
// prefix-matched to avoid drift on each launch.
'VERTEX_REGION_CLAUDE_',
]
export function isProviderManagedEnvVar(key: string): boolean {
const upper = key.toUpperCase()
return (
PROVIDER_MANAGED_ENV_VARS.has(upper) ||
PROVIDER_MANAGED_ENV_PREFIXES.some(p => upper.startsWith(p))
)
}
/**
* Dangerous shell settings that can execute arbitrary shell code
*/
export const DANGEROUS_SHELL_SETTINGS = [
'apiKeyHelper',
'awsAuthRefresh',
'awsCredentialExport',
'gcpAuthRefresh',
'otelHeadersHelper',
'statusLine',
] as const
/**
* Safe environment variables that can be applied before trust dialog.
* These are Claude Code specific settings that don't pose security risks.
*
* IMPORTANT: This is the source of truth for which env vars are safe.
* Any env var NOT in this list is considered dangerous and will trigger
* a security dialog when set via remote managed settings.
*
* Dangerous env vars (NOT in this list):
*
* === REDIRECT TO ATTACKER-CONTROLLED SERVER ===
* - ANTHROPIC_BASE_URL, ANTHROPIC_BEDROCK_BASE_URL, ANTHROPIC_FOUNDRY_BASE_URL, ANTHROPIC_VERTEX_BASE_URL
* - HTTP_PROXY, HTTPS_PROXY, NO_PROXY, http_proxy, https_proxy, no_proxy
* - OTEL_EXPORTER_OTLP_ENDPOINT, OTEL_EXPORTER_OTLP_LOGS_ENDPOINT, OTEL_EXPORTER_OTLP_METRICS_ENDPOINT
*
* === TRUST ATTACKER-CONTROLLED SERVER ===
* - NODE_TLS_REJECT_UNAUTHORIZED
* - NODE_EXTRA_CA_CERTS
*
* === SWITCH TO ATTACKER-CONTROLLED PROJECT ===
* - ANTHROPIC_FOUNDRY_RESOURCE
* - ANTHROPIC_API_KEY, ANTHROPIC_AUTH_TOKEN
* - AWS_BEARER_TOKEN_BEDROCK
*/
export const SAFE_ENV_VARS = new Set([
'ANTHROPIC_CUSTOM_HEADERS',
'ANTHROPIC_CUSTOM_MODEL_OPTION',
'ANTHROPIC_CUSTOM_MODEL_OPTION_DESCRIPTION',
'ANTHROPIC_CUSTOM_MODEL_OPTION_NAME',
'ANTHROPIC_DEFAULT_HAIKU_MODEL',
'ANTHROPIC_DEFAULT_HAIKU_MODEL_DESCRIPTION',
'ANTHROPIC_DEFAULT_HAIKU_MODEL_NAME',
'ANTHROPIC_DEFAULT_HAIKU_MODEL_SUPPORTED_CAPABILITIES',
'ANTHROPIC_DEFAULT_OPUS_MODEL',
'ANTHROPIC_DEFAULT_OPUS_MODEL_DESCRIPTION',
'ANTHROPIC_DEFAULT_OPUS_MODEL_NAME',
'ANTHROPIC_DEFAULT_OPUS_MODEL_SUPPORTED_CAPABILITIES',
'ANTHROPIC_DEFAULT_SONNET_MODEL',
'ANTHROPIC_DEFAULT_SONNET_MODEL_DESCRIPTION',
'ANTHROPIC_DEFAULT_SONNET_MODEL_NAME',
'ANTHROPIC_DEFAULT_SONNET_MODEL_SUPPORTED_CAPABILITIES',
'ANTHROPIC_FOUNDRY_API_KEY',
'ANTHROPIC_MODEL',
'ANTHROPIC_SMALL_FAST_MODEL_AWS_REGION',
'ANTHROPIC_SMALL_FAST_MODEL',
'AWS_DEFAULT_REGION',
'AWS_PROFILE',
'AWS_REGION',
'BASH_DEFAULT_TIMEOUT_MS',
'BASH_MAX_OUTPUT_LENGTH',
'BASH_MAX_TIMEOUT_MS',
'CLAUDE_BASH_MAINTAIN_PROJECT_WORKING_DIR',
'CLAUDE_CODE_API_KEY_HELPER_TTL_MS',
'CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS',
'CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC',
'CLAUDE_CODE_DISABLE_TERMINAL_TITLE',
'CLAUDE_CODE_ENABLE_TELEMETRY',
'CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS',
'CLAUDE_CODE_IDE_SKIP_AUTO_INSTALL',
'CLAUDE_CODE_MAX_OUTPUT_TOKENS',
'CLAUDE_CODE_SKIP_BEDROCK_AUTH',
'CLAUDE_CODE_SKIP_FOUNDRY_AUTH',
'CLAUDE_CODE_SKIP_VERTEX_AUTH',
'CLAUDE_CODE_SUBAGENT_MODEL',
'CLAUDE_CODE_USE_BEDROCK',
'CLAUDE_CODE_USE_FOUNDRY',
'CLAUDE_CODE_USE_VERTEX',
'DISABLE_AUTOUPDATER',
'DISABLE_BUG_COMMAND',
'DISABLE_COST_WARNINGS',
'DISABLE_ERROR_REPORTING',
'DISABLE_FEEDBACK_COMMAND',
'DISABLE_TELEMETRY',
'ENABLE_TOOL_SEARCH',
'MAX_MCP_OUTPUT_TOKENS',
'MAX_THINKING_TOKENS',
'MCP_TIMEOUT',
'MCP_TOOL_TIMEOUT',
'OTEL_EXPORTER_OTLP_HEADERS',
'OTEL_EXPORTER_OTLP_LOGS_HEADERS',
'OTEL_EXPORTER_OTLP_LOGS_PROTOCOL',
'OTEL_EXPORTER_OTLP_METRICS_CLIENT_CERTIFICATE',
'OTEL_EXPORTER_OTLP_METRICS_CLIENT_KEY',
'OTEL_EXPORTER_OTLP_METRICS_HEADERS',
'OTEL_EXPORTER_OTLP_METRICS_PROTOCOL',
'OTEL_EXPORTER_OTLP_PROTOCOL',
'OTEL_EXPORTER_OTLP_TRACES_HEADERS',
'OTEL_LOG_TOOL_DETAILS',
'OTEL_LOG_USER_PROMPTS',
'OTEL_LOGS_EXPORT_INTERVAL',
'OTEL_LOGS_EXPORTER',
'OTEL_METRIC_EXPORT_INTERVAL',
'OTEL_METRICS_EXPORTER',
'OTEL_METRICS_INCLUDE_ACCOUNT_UUID',
'OTEL_METRICS_INCLUDE_SESSION_ID',
'OTEL_METRICS_INCLUDE_VERSION',
'OTEL_RESOURCE_ATTRIBUTES',
'USE_BUILTIN_RIPGREP',
'VERTEX_REGION_CLAUDE_3_5_HAIKU',
'VERTEX_REGION_CLAUDE_3_5_SONNET',
'VERTEX_REGION_CLAUDE_3_7_SONNET',
'VERTEX_REGION_CLAUDE_4_0_OPUS',
'VERTEX_REGION_CLAUDE_4_0_SONNET',
'VERTEX_REGION_CLAUDE_4_1_OPUS',
'VERTEX_REGION_CLAUDE_4_5_SONNET',
'VERTEX_REGION_CLAUDE_4_6_SONNET',
'VERTEX_REGION_CLAUDE_HAIKU_4_5',
])