Claude Code Changelogs Recent Archive Source-level · unofficial Updates
← All changelogs v2.1.167 claude · claude-sonnet-4-6
Claude Code · Source-level changelog

Version 2.1.167

This is a small patch release focused on improvements to host-managed provider deployments. When CLAUDE_CODE_PROVIDER_MANAGED_BY_HOST is explicitly set, auth validation now short-circuits cleanly and auth-helper settings are filtered from the configuration overlay. Proxy environment variables (HTTP_PROXY, HTTPS_PROXY, NO_PROXY) are now tracked in their own dedicated set internally.

Package @anthropic-ai/claude-code Diff v2.1.166 → v2.1.167Provider claudeModel claude-sonnet-4-6
4
Features & Changes
0
Bug Fixes
0
In Development
0
Env Vars / Flags

Changes

4 items

Auth validation bypass for host-managed providers #

When Claude Code is running inside a host environment that manages its own authentication (i.e., CLAUDE_CODE_PROVIDER_MANAGED_BY_HOST is set), the auth validation function now returns { valid: true } immediately instead of evaluating force-login org UUID or force-login method pin restrictions. Previously this path was absent; pin-based restrictions would still be evaluated even under full host management, which could produce spurious validation failures.

A telemetry event (auth_force_login_org with value managed_by_host_under_pin) is emitted if a force-login policy is configured, so operators can detect and clean up stale policies.

Evidence

early-return added to the auth validation function (search for "managed_by_host_under_pin")

Finer-grained managedByHost flag tracking #

The internal host-management state object now distinguishes between two cases that previously both set managedByHost = true:

  • CLAUDE_CODE_PROVIDER_MANAGED_BY_HOST set → managedByHost: true, managedByHostFlag: true
  • CLAUDE_CODE_HOST_AUTH_ENV_VAR set → managedByHost: true, managedByHostFlag: false

Only the first case — explicit host provider management — now also activates the settings-filtering behavior described below. The second case (host auth env var only) keeps its existing behavior unchanged.

Evidence

managedByHostFlag field added to host state initialization (search for "managedByHostFlag")

Auth-helper settings filtered under explicit host management #

When managedByHostFlag is true (i.e., CLAUDE_CODE_PROVIDER_MANAGED_BY_HOST is explicitly set), auth-related settings such as apiKeyHelper and awsAuthRefresh are now stripped from the configuration overlay that the host applies. Previously only a narrower set of settings was filtered. This prevents host-controlled auth helpers from being inadvertently overridden by project or user-level settings when the host is fully managing the provider.

Evidence

additional continue branch in the settings-filter loop that skips xF7-listed keys when Lb$.managedByHostFlag is true (search for "managedByHostFlag")

Proxy environment variables tracked in dedicated set #

HTTP_PROXY, HTTPS_PROXY, and NO_PROXY are now collected in their own named set (qL5) alongside the existing named env-var groups (e.g., VERTEX_REGION_CLAUDE_ prefixes). This allows these proxy variables to be handled consistently in env-var passthrough and filtering logic elsewhere in the codebase.

Evidence

qL5 = new Set(["HTTP_PROXY", "HTTPS_PROXY", "NO_PROXY"]) added to env-var constant initialization (search for "HTTP_PROXY" near "HTTPS_PROXY")