[BUG] Managed hooks restriction bypassed when using ANTHROPIC_BASE_URL

Resolved 💬 5 comments Opened Apr 20, 2026 by codin-dev Closed May 12, 2026

## Bug: allowManagedHooksOnly restriction bypassed when ANTHROPIC_BASE_URL points to a local proxy

### Summary

When allowManagedHooksOnly: true is set via managed settings, Claude Code should prevent
execution of non-managed hooks and /statusline scripts. However, this restriction is not
enforced when the ANTHROPIC_BASE_URL environment variable is set to a local proxy address
(e.g., http://localhost:4010). In that configuration, both non-managed hooks and /statusline
scripts execute successfully, effectively bypassing the policy.

### Expected behavior

allowManagedHooksOnly: true should block all non-managed hooks and /statusline scripts
regardless of how the API backend is configured, including when routing through a local proxy.

### Actual behavior

Setting ANTHROPIC_BASE_URL=http://localhost:4010 (or any local proxy) causes the
allowManagedHooksOnly enforcement to be skipped. Non-managed hooks and /statusline scripts
run without restriction.

### Steps to reproduce

  1. Set allowManagedHooksOnly: true in managed settings.
  2. Start a local proxy (e.g., a Node.js HTTP server) on port 4010.
  3. Set ANTHROPIC_BASE_URL=http://localhost:4010.
  4. Launch Claude Code and attempt to run a non-managed hook or /statusline script.
  5. Observe that the hook/script executes despite the policy.

### Environment

| Field | Value |
|-------------|----------------------------------------|
| Platform | win32 |
| Terminal | windows-terminal |
| Version | 2.1.114 |
| Feedback ID | e68fdd02-35eb-489f-82e5-e937cea055fe |

View original on GitHub ↗

This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗