utils/managedEnvConstants.ts at main

oppi.li / claude-code
fork atom
source dump of claude code
fork atom
claude-code / utils / managedEnvConstants.ts
at main 191 lines 6.8 kB view raw
wrap content
oppi.li dump from zip 3d ago
63aada3f
  1/**
  2 * Environment variables that control inference routing: which provider to use,
  3 * which endpoint to hit, and which model IDs to send.
  4 *
  5 * When CLAUDE_CODE_PROVIDER_MANAGED_BY_HOST is truthy in the spawn env, these
  6 * are stripped from settings-sourced env so the host's routing config isn't
  7 * overridden by a user's ~/.claude/settings.json — e.g. a Bedrock setup for
  8 * terminal CLI that would break a host that only supports first-party auth.
  9 *
 10 * @[MODEL LAUNCH]: New models usually don't need changes here —
 11 * VERTEX_REGION_CLAUDE_* is prefix-matched. New providers or new routing
 12 * config vars (endpoint, project, region, auth) do.
 13 */
 14const PROVIDER_MANAGED_ENV_VARS = new Set([
 15  // The flag itself — settings can't unset it once the host set it
 16  'CLAUDE_CODE_PROVIDER_MANAGED_BY_HOST',
 17  // Provider selection
 18  'CLAUDE_CODE_USE_BEDROCK',
 19  'CLAUDE_CODE_USE_VERTEX',
 20  'CLAUDE_CODE_USE_FOUNDRY',
 21  // Endpoint config (base URLs, project/resource identifiers)
 22  'ANTHROPIC_BASE_URL',
 23  'ANTHROPIC_BEDROCK_BASE_URL',
 24  'ANTHROPIC_VERTEX_BASE_URL',
 25  'ANTHROPIC_FOUNDRY_BASE_URL',
 26  'ANTHROPIC_FOUNDRY_RESOURCE',
 27  'ANTHROPIC_VERTEX_PROJECT_ID',
 28  // Region routing (per-model VERTEX_REGION_CLAUDE_* handled by prefix below)
 29  'CLOUD_ML_REGION',
 30  // Auth
 31  'ANTHROPIC_API_KEY',
 32  'ANTHROPIC_AUTH_TOKEN',
 33  'CLAUDE_CODE_OAUTH_TOKEN',
 34  'AWS_BEARER_TOKEN_BEDROCK',
 35  'ANTHROPIC_FOUNDRY_API_KEY',
 36  'CLAUDE_CODE_SKIP_BEDROCK_AUTH',
 37  'CLAUDE_CODE_SKIP_VERTEX_AUTH',
 38  'CLAUDE_CODE_SKIP_FOUNDRY_AUTH',
 39  // Model defaults — often set to provider-specific ID formats
 40  'ANTHROPIC_MODEL',
 41  'ANTHROPIC_DEFAULT_HAIKU_MODEL',
 42  'ANTHROPIC_DEFAULT_HAIKU_MODEL_DESCRIPTION',
 43  'ANTHROPIC_DEFAULT_HAIKU_MODEL_NAME',
 44  'ANTHROPIC_DEFAULT_HAIKU_MODEL_SUPPORTED_CAPABILITIES',
 45  'ANTHROPIC_DEFAULT_OPUS_MODEL',
 46  'ANTHROPIC_DEFAULT_OPUS_MODEL_DESCRIPTION',
 47  'ANTHROPIC_DEFAULT_OPUS_MODEL_NAME',
 48  'ANTHROPIC_DEFAULT_OPUS_MODEL_SUPPORTED_CAPABILITIES',
 49  'ANTHROPIC_DEFAULT_SONNET_MODEL',
 50  'ANTHROPIC_DEFAULT_SONNET_MODEL_DESCRIPTION',
 51  'ANTHROPIC_DEFAULT_SONNET_MODEL_NAME',
 52  'ANTHROPIC_DEFAULT_SONNET_MODEL_SUPPORTED_CAPABILITIES',
 53  'ANTHROPIC_SMALL_FAST_MODEL',
 54  'ANTHROPIC_SMALL_FAST_MODEL_AWS_REGION',
 55  'CLAUDE_CODE_SUBAGENT_MODEL',
 56])
 57
 58const PROVIDER_MANAGED_ENV_PREFIXES = [
 59  // Per-model Vertex region overrides — scales with model releases, so
 60  // prefix-matched to avoid drift on each launch.
 61  'VERTEX_REGION_CLAUDE_',
 62]
 63
 64export function isProviderManagedEnvVar(key: string): boolean {
 65  const upper = key.toUpperCase()
 66  return (
 67    PROVIDER_MANAGED_ENV_VARS.has(upper) ||
 68    PROVIDER_MANAGED_ENV_PREFIXES.some(p => upper.startsWith(p))
 69  )
 70}
 71
 72/**
 73 * Dangerous shell settings that can execute arbitrary shell code
 74 */
 75export const DANGEROUS_SHELL_SETTINGS = [
 76  'apiKeyHelper',
 77  'awsAuthRefresh',
 78  'awsCredentialExport',
 79  'gcpAuthRefresh',
 80  'otelHeadersHelper',
 81  'statusLine',
 82] as const
 83
 84/**
 85 * Safe environment variables that can be applied before trust dialog.
 86 * These are Claude Code specific settings that don't pose security risks.
 87 *
 88 * IMPORTANT: This is the source of truth for which env vars are safe.
 89 * Any env var NOT in this list is considered dangerous and will trigger
 90 * a security dialog when set via remote managed settings.
 91 *
 92 * Dangerous env vars (NOT in this list):
 93 *
 94 * === REDIRECT TO ATTACKER-CONTROLLED SERVER ===
 95 * - ANTHROPIC_BASE_URL, ANTHROPIC_BEDROCK_BASE_URL, ANTHROPIC_FOUNDRY_BASE_URL, ANTHROPIC_VERTEX_BASE_URL
 96 * - HTTP_PROXY, HTTPS_PROXY, NO_PROXY, http_proxy, https_proxy, no_proxy
 97 * - OTEL_EXPORTER_OTLP_ENDPOINT, OTEL_EXPORTER_OTLP_LOGS_ENDPOINT, OTEL_EXPORTER_OTLP_METRICS_ENDPOINT
 98 *
 99 * === TRUST ATTACKER-CONTROLLED SERVER ===
100 * - NODE_TLS_REJECT_UNAUTHORIZED
101 * - NODE_EXTRA_CA_CERTS
102 *
103 * === SWITCH TO ATTACKER-CONTROLLED PROJECT ===
104 * - ANTHROPIC_FOUNDRY_RESOURCE
105 * - ANTHROPIC_API_KEY, ANTHROPIC_AUTH_TOKEN
106 * - AWS_BEARER_TOKEN_BEDROCK
107 */
108export const SAFE_ENV_VARS = new Set([
109  'ANTHROPIC_CUSTOM_HEADERS',
110  'ANTHROPIC_CUSTOM_MODEL_OPTION',
111  'ANTHROPIC_CUSTOM_MODEL_OPTION_DESCRIPTION',
112  'ANTHROPIC_CUSTOM_MODEL_OPTION_NAME',
113  'ANTHROPIC_DEFAULT_HAIKU_MODEL',
114  'ANTHROPIC_DEFAULT_HAIKU_MODEL_DESCRIPTION',
115  'ANTHROPIC_DEFAULT_HAIKU_MODEL_NAME',
116  'ANTHROPIC_DEFAULT_HAIKU_MODEL_SUPPORTED_CAPABILITIES',
117  'ANTHROPIC_DEFAULT_OPUS_MODEL',
118  'ANTHROPIC_DEFAULT_OPUS_MODEL_DESCRIPTION',
119  'ANTHROPIC_DEFAULT_OPUS_MODEL_NAME',
120  'ANTHROPIC_DEFAULT_OPUS_MODEL_SUPPORTED_CAPABILITIES',
121  'ANTHROPIC_DEFAULT_SONNET_MODEL',
122  'ANTHROPIC_DEFAULT_SONNET_MODEL_DESCRIPTION',
123  'ANTHROPIC_DEFAULT_SONNET_MODEL_NAME',
124  'ANTHROPIC_DEFAULT_SONNET_MODEL_SUPPORTED_CAPABILITIES',
125  'ANTHROPIC_FOUNDRY_API_KEY',
126  'ANTHROPIC_MODEL',
127  'ANTHROPIC_SMALL_FAST_MODEL_AWS_REGION',
128  'ANTHROPIC_SMALL_FAST_MODEL',
129  'AWS_DEFAULT_REGION',
130  'AWS_PROFILE',
131  'AWS_REGION',
132  'BASH_DEFAULT_TIMEOUT_MS',
133  'BASH_MAX_OUTPUT_LENGTH',
134  'BASH_MAX_TIMEOUT_MS',
135  'CLAUDE_BASH_MAINTAIN_PROJECT_WORKING_DIR',
136  'CLAUDE_CODE_API_KEY_HELPER_TTL_MS',
137  'CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS',
138  'CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC',
139  'CLAUDE_CODE_DISABLE_TERMINAL_TITLE',
140  'CLAUDE_CODE_ENABLE_TELEMETRY',
141  'CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS',
142  'CLAUDE_CODE_IDE_SKIP_AUTO_INSTALL',
143  'CLAUDE_CODE_MAX_OUTPUT_TOKENS',
144  'CLAUDE_CODE_SKIP_BEDROCK_AUTH',
145  'CLAUDE_CODE_SKIP_FOUNDRY_AUTH',
146  'CLAUDE_CODE_SKIP_VERTEX_AUTH',
147  'CLAUDE_CODE_SUBAGENT_MODEL',
148  'CLAUDE_CODE_USE_BEDROCK',
149  'CLAUDE_CODE_USE_FOUNDRY',
150  'CLAUDE_CODE_USE_VERTEX',
151  'DISABLE_AUTOUPDATER',
152  'DISABLE_BUG_COMMAND',
153  'DISABLE_COST_WARNINGS',
154  'DISABLE_ERROR_REPORTING',
155  'DISABLE_FEEDBACK_COMMAND',
156  'DISABLE_TELEMETRY',
157  'ENABLE_TOOL_SEARCH',
158  'MAX_MCP_OUTPUT_TOKENS',
159  'MAX_THINKING_TOKENS',
160  'MCP_TIMEOUT',
161  'MCP_TOOL_TIMEOUT',
162  'OTEL_EXPORTER_OTLP_HEADERS',
163  'OTEL_EXPORTER_OTLP_LOGS_HEADERS',
164  'OTEL_EXPORTER_OTLP_LOGS_PROTOCOL',
165  'OTEL_EXPORTER_OTLP_METRICS_CLIENT_CERTIFICATE',
166  'OTEL_EXPORTER_OTLP_METRICS_CLIENT_KEY',
167  'OTEL_EXPORTER_OTLP_METRICS_HEADERS',
168  'OTEL_EXPORTER_OTLP_METRICS_PROTOCOL',
169  'OTEL_EXPORTER_OTLP_PROTOCOL',
170  'OTEL_EXPORTER_OTLP_TRACES_HEADERS',
171  'OTEL_LOG_TOOL_DETAILS',
172  'OTEL_LOG_USER_PROMPTS',
173  'OTEL_LOGS_EXPORT_INTERVAL',
174  'OTEL_LOGS_EXPORTER',
175  'OTEL_METRIC_EXPORT_INTERVAL',
176  'OTEL_METRICS_EXPORTER',
177  'OTEL_METRICS_INCLUDE_ACCOUNT_UUID',
178  'OTEL_METRICS_INCLUDE_SESSION_ID',
179  'OTEL_METRICS_INCLUDE_VERSION',
180  'OTEL_RESOURCE_ATTRIBUTES',
181  'USE_BUILTIN_RIPGREP',
182  'VERTEX_REGION_CLAUDE_3_5_HAIKU',
183  'VERTEX_REGION_CLAUDE_3_5_SONNET',
184  'VERTEX_REGION_CLAUDE_3_7_SONNET',
185  'VERTEX_REGION_CLAUDE_4_0_OPUS',
186  'VERTEX_REGION_CLAUDE_4_0_SONNET',
187  'VERTEX_REGION_CLAUDE_4_1_OPUS',
188  'VERTEX_REGION_CLAUDE_4_5_SONNET',
189  'VERTEX_REGION_CLAUDE_4_6_SONNET',
190  'VERTEX_REGION_CLAUDE_HAIKU_4_5',
191])