Desktop app SSH mode overrides remote Vertex/Bedrock config via CLAUDE_CODE_PROVIDER_MANAGED_BY_HOST[FEATURE]
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
When connecting to a remote machine via the Claude Code desktop app's SSH mode, the host injects CLAUDE_CODE_PROVIDER_MANAGED_BY_HOST=1, ANTHROPIC_BASE_URL=https://api.anthropic.com, and an OAuth token into the session. This overrides any provider configuration on the remote (env vars, ~/.claude/settings.json, ~/.ssh/environment) and forces inference through the Anthropic API via the user's Claude subscription.
For users who have deliberately configured Vertex AI (or Bedrock) on a remote machine for data sovereignty reasons, this means SSH mode cannot be used — inference leaves the VM's network boundary and hits api.anthropic.com, defeating the purpose of the Vertex setup.
Environment
- Claude Code desktop app (macOS)
- Claude Code on remote: 2.1.112
- Remote configured for Vertex via
CLAUDE_CODE_USE_VERTEX=1,ANTHROPIC_VERTEX_PROJECT_ID,CLOUD_ML_REGION,GOOGLE_APPLICATION_CREDENTIALS(service account JSON)
Reproduction
- Configure a remote VM for Vertex: set Vertex env vars in
~/.ssh/environment(withPermitUserEnvironment yes) and/or in~/.claude/settings.json - Verify via direct SSH:
ssh remote 'echo $CLAUDE_CODE_USE_VERTEX'returns1, and runningclaudein an interactive session showsAPI provider: Google Vertex AI - Connect to the same remote via the desktop app's SSH mode
- In the session, run
env | grep -E 'CLAUDE|ANTHROPIC|VERTEX'
Observed
CLAUDE_CODE_USE_VERTEXis unsetANTHROPIC_BASE_URL=https://api.anthropic.comCLAUDE_CODE_OAUTH_TOKEN=sk-ant-oat01-...CLAUDE_CODE_PROVIDER_MANAGED_BY_HOST=1- Asking the session which provider it's using confirms it's routing through the Anthropic API, not Vertex
Why this matters
Vertex/Bedrock configurations on remote machines are typically driven by compliance requirements — data residency, regulated industries (finance, healthcare), enterprise contracts that require inference to stay within a specific cloud tenant. For these users, the desktop app's SSH mode is currently unusable: the GUI benefits (diff review, integrated terminal, parallel sessions, scheduled tasks) come at the cost of breaking their data sovereignty model. The workaround is to fall back to CLI over plain SSH, which loses the desktop app's value proposition.
The OAuth-via-host behavior makes sense as a default for users without a remote provider config. But when the remote is explicitly configured for Vertex or Bedrock, overriding that config silently is surprising and problematic.
Proposed Solution
When the remote has an explicit provider configuration, the desktop app should not inject CLAUDE_CODE_PROVIDER_MANAGED_BY_HOST=1 and should let the remote's config take effect.
Options, in rough order of preference:
- Auto-detect remote provider config — skip
PROVIDER_MANAGED_BY_HOSTinjection ifCLAUDE_CODE_USE_VERTEX=1orCLAUDE_CODE_USE_BEDROCK=1is present on the remote - Per-connection toggle in the SSH connection dialog: "Use remote provider configuration (Vertex/Bedrock)"
- Global setting in desktop app preferences to disable host-managed provider injection
- Warning at connection time if the remote has conflicting config, letting the user choose which takes precedence
Happy to test any of these.
Alternative Solutions
_No response_
Priority
Critical - Blocking my work
Feature Category
CLI commands and flags
Use Case Example
_No response_
Additional Context
_No response_
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗