Desktop app SSH mode overrides remote Vertex/Bedrock config via CLAUDE_CODE_PROVIDER_MANAGED_BY_HOST[FEATURE]

Resolved 💬 3 comments Opened Apr 17, 2026 by haroonhassan Closed Apr 21, 2026

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

When connecting to a remote machine via the Claude Code desktop app's SSH mode, the host injects CLAUDE_CODE_PROVIDER_MANAGED_BY_HOST=1, ANTHROPIC_BASE_URL=https://api.anthropic.com, and an OAuth token into the session. This overrides any provider configuration on the remote (env vars, ~/.claude/settings.json, ~/.ssh/environment) and forces inference through the Anthropic API via the user's Claude subscription.

For users who have deliberately configured Vertex AI (or Bedrock) on a remote machine for data sovereignty reasons, this means SSH mode cannot be used — inference leaves the VM's network boundary and hits api.anthropic.com, defeating the purpose of the Vertex setup.

Environment

  • Claude Code desktop app (macOS)
  • Claude Code on remote: 2.1.112
  • Remote configured for Vertex via CLAUDE_CODE_USE_VERTEX=1, ANTHROPIC_VERTEX_PROJECT_ID, CLOUD_ML_REGION, GOOGLE_APPLICATION_CREDENTIALS (service account JSON)

Reproduction

  1. Configure a remote VM for Vertex: set Vertex env vars in ~/.ssh/environment (with PermitUserEnvironment yes) and/or in ~/.claude/settings.json
  2. Verify via direct SSH: ssh remote 'echo $CLAUDE_CODE_USE_VERTEX' returns 1, and running claude in an interactive session shows API provider: Google Vertex AI
  3. Connect to the same remote via the desktop app's SSH mode
  4. In the session, run env | grep -E 'CLAUDE|ANTHROPIC|VERTEX'

Observed

  • CLAUDE_CODE_USE_VERTEX is unset
  • ANTHROPIC_BASE_URL=https://api.anthropic.com
  • CLAUDE_CODE_OAUTH_TOKEN=sk-ant-oat01-...
  • CLAUDE_CODE_PROVIDER_MANAGED_BY_HOST=1
  • Asking the session which provider it's using confirms it's routing through the Anthropic API, not Vertex

Why this matters

Vertex/Bedrock configurations on remote machines are typically driven by compliance requirements — data residency, regulated industries (finance, healthcare), enterprise contracts that require inference to stay within a specific cloud tenant. For these users, the desktop app's SSH mode is currently unusable: the GUI benefits (diff review, integrated terminal, parallel sessions, scheduled tasks) come at the cost of breaking their data sovereignty model. The workaround is to fall back to CLI over plain SSH, which loses the desktop app's value proposition.

The OAuth-via-host behavior makes sense as a default for users without a remote provider config. But when the remote is explicitly configured for Vertex or Bedrock, overriding that config silently is surprising and problematic.

Proposed Solution

When the remote has an explicit provider configuration, the desktop app should not inject CLAUDE_CODE_PROVIDER_MANAGED_BY_HOST=1 and should let the remote's config take effect.

Options, in rough order of preference:

  1. Auto-detect remote provider config — skip PROVIDER_MANAGED_BY_HOST injection if CLAUDE_CODE_USE_VERTEX=1 or CLAUDE_CODE_USE_BEDROCK=1 is present on the remote
  2. Per-connection toggle in the SSH connection dialog: "Use remote provider configuration (Vertex/Bedrock)"
  3. Global setting in desktop app preferences to disable host-managed provider injection
  4. Warning at connection time if the remote has conflicting config, letting the user choose which takes precedence

Happy to test any of these.

Alternative Solutions

_No response_

Priority

Critical - Blocking my work

Feature Category

CLI commands and flags

Use Case Example

_No response_

Additional Context

_No response_

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗