fix: set CLAUDE_CODE_API_KEY_HELPER env var for credential isolation (#851)

Claude · lpcox · web-flow · commit 886168a74fe2 · 2026-02-14T09:31:52.000-08:00
* Initial plan

* fix: set CLAUDE_CODE_API_KEY_HELPER env var for credential isolation

When api-proxy is enabled with an Anthropic key, set the
CLAUDE_CODE_API_KEY_HELPER environment variable to point to the
get-claude-key.sh script. This ensures Claude Code CLI properly uses
the API key helper for credential isolation.

Previously, only ANTHROPIC_BASE_URL was set, but Claude Code requires
either a config file with apiKeyHelper or the environment variable
to actually use the helper script. Without this, Claude Code would
not read the config and authentication would fail.

This fix:
- Sets CLAUDE_CODE_API_KEY_HELPER=/usr/local/bin/get-claude-key.sh when
  api-proxy is enabled with Anthropic key
- Adds comprehensive tests for the new environment variable
- Updates type documentation to reflect the new env var

Co-authored-by: lpcox &lt;15877973+lpcox@users.noreply.github.com&gt;

---------

Co-authored-by: anthropic-code-agent[bot] &lt;242468646+Claude@users.noreply.github.com&gt;
Co-authored-by: lpcox &lt;15877973+lpcox@users.noreply.github.com&gt;
diff --git a/src/docker-manager.test.ts b/src/docker-manager.test.ts
@@ -1568,6 +1568,7 @@ describe('docker-manager', () => {
         const agent = result.services.agent;
         const env = agent.environment as Record<string, string>;
         expect(env.ANTHROPIC_BASE_URL).toBe('http://172.30.0.30:10001');
+        expect(env.CLAUDE_CODE_API_KEY_HELPER).toBe('/usr/local/bin/get-claude-key.sh');
       });
 
       it('should set both BASE_URL variables when both keys are provided', () => {
@@ -1577,6 +1578,7 @@ describe('docker-manager', () => {
         const env = agent.environment as Record<string, string>;
         expect(env.OPENAI_BASE_URL).toBe('http://172.30.0.30:10000');
         expect(env.ANTHROPIC_BASE_URL).toBe('http://172.30.0.30:10001');
+        expect(env.CLAUDE_CODE_API_KEY_HELPER).toBe('/usr/local/bin/get-claude-key.sh');
       });
 
       it('should not set OPENAI_BASE_URL in agent when only Anthropic key is provided', () => {
@@ -1586,6 +1588,7 @@ describe('docker-manager', () => {
         const env = agent.environment as Record<string, string>;
         expect(env.OPENAI_BASE_URL).toBeUndefined();
         expect(env.ANTHROPIC_BASE_URL).toBe('http://172.30.0.30:10001');
+        expect(env.CLAUDE_CODE_API_KEY_HELPER).toBe('/usr/local/bin/get-claude-key.sh');
       });
 
       it('should not set ANTHROPIC_BASE_URL in agent when only OpenAI key is provided', () => {
@@ -1614,6 +1617,22 @@ describe('docker-manager', () => {
         expect(env.no_proxy).toContain('172.30.0.30');
       });
 
+      it('should set CLAUDE_CODE_API_KEY_HELPER when Anthropic key is provided', () => {
+        const configWithProxy = { ...mockConfig, enableApiProxy: true, anthropicApiKey: 'sk-ant-test-key' };
+        const result = generateDockerCompose(configWithProxy, mockNetworkConfigWithProxy);
+        const agent = result.services.agent;
+        const env = agent.environment as Record<string, string>;
+        expect(env.CLAUDE_CODE_API_KEY_HELPER).toBe('/usr/local/bin/get-claude-key.sh');
+      });
+
+      it('should not set CLAUDE_CODE_API_KEY_HELPER when only OpenAI key is provided', () => {
+        const configWithProxy = { ...mockConfig, enableApiProxy: true, openaiApiKey: 'sk-test-key' };
+        const result = generateDockerCompose(configWithProxy, mockNetworkConfigWithProxy);
+        const agent = result.services.agent;
+        const env = agent.environment as Record<string, string>;
+        expect(env.CLAUDE_CODE_API_KEY_HELPER).toBeUndefined();
+      });
+
       it('should not leak ANTHROPIC_API_KEY to agent when api-proxy is enabled', () => {
         // Simulate the key being in process.env (as it would be in real usage)
         const origKey = process.env.ANTHROPIC_API_KEY;
diff --git a/src/docker-manager.ts b/src/docker-manager.ts
@@ -997,6 +997,11 @@ export function generateDockerCompose(
     if (config.anthropicApiKey) {
       environment.ANTHROPIC_BASE_URL = `http://${networkConfig.proxyIp}:10001`;
       logger.debug(`Anthropic API will be proxied through sidecar at http://${networkConfig.proxyIp}:10001`);
+
+      // Set API key helper for Claude Code CLI to use credential isolation
+      // The helper script returns a placeholder key; real authentication happens via ANTHROPIC_BASE_URL
+      environment.CLAUDE_CODE_API_KEY_HELPER = '/usr/local/bin/get-claude-key.sh';
+      logger.debug('Claude Code API key helper configured: /usr/local/bin/get-claude-key.sh');
     }
 
     logger.info('API proxy sidecar enabled - API keys will be held securely in sidecar container');
diff --git a/src/types.ts b/src/types.ts
@@ -398,6 +398,7 @@ export interface WrapperConfig {
    * variables are set in the agent container:
    * - OPENAI_BASE_URL=http://api-proxy:10000 (set when OPENAI_API_KEY is provided)
    * - ANTHROPIC_BASE_URL=http://api-proxy:10001 (set when ANTHROPIC_API_KEY is provided)
+   * - CLAUDE_CODE_API_KEY_HELPER=/usr/local/bin/get-claude-key.sh (set when ANTHROPIC_API_KEY is provided)
    *
    * API keys are passed via environment variables:
    * - OPENAI_API_KEY - Optional OpenAI API key for Codex

Original file line number	Diff line number	Diff line change
`@@ -398,6 +398,7 @@ export interface WrapperConfig {`
`398`	`398`	`* variables are set in the agent container:`
`399`	`399`	`* - OPENAI_BASE_URL=http://api-proxy:10000 (set when OPENAI_API_KEY is provided)`
`400`	`400`	`* - ANTHROPIC_BASE_URL=http://api-proxy:10001 (set when ANTHROPIC_API_KEY is provided)`
	`401`	`+ * - CLAUDE_CODE_API_KEY_HELPER=/usr/local/bin/get-claude-key.sh (set when ANTHROPIC_API_KEY is provided)`
`401`	`402`	`*`
`402`	`403`	`* API keys are passed via environment variables:`
`403`	`404`	`* - OPENAI_API_KEY - Optional OpenAI API key for Codex`