[BUG] Managed hooks restriction bypassed when using ANTHROPIC_BASE_URL
## Bug: allowManagedHooksOnly restriction bypassed when ANTHROPIC_BASE_URL points to a local proxy
### Summary
When allowManagedHooksOnly: true is set via managed settings, Claude Code should prevent
execution of non-managed hooks and /statusline scripts. However, this restriction is not
enforced when the ANTHROPIC_BASE_URL environment variable is set to a local proxy address
(e.g., http://localhost:4010). In that configuration, both non-managed hooks and /statusline
scripts execute successfully, effectively bypassing the policy.
### Expected behavior
allowManagedHooksOnly: true should block all non-managed hooks and /statusline scripts
regardless of how the API backend is configured, including when routing through a local proxy.
### Actual behavior
Setting ANTHROPIC_BASE_URL=http://localhost:4010 (or any local proxy) causes the
allowManagedHooksOnly enforcement to be skipped. Non-managed hooks and /statusline scripts
run without restriction.
### Steps to reproduce
- Set
allowManagedHooksOnly: truein managed settings. - Start a local proxy (e.g., a Node.js HTTP server) on port 4010.
- Set
ANTHROPIC_BASE_URL=http://localhost:4010. - Launch Claude Code and attempt to run a non-managed hook or
/statuslinescript. - Observe that the hook/script executes despite the policy.
### Environment
| Field | Value |
|-------------|----------------------------------------|
| Platform | win32 |
| Terminal | windows-terminal |
| Version | 2.1.114 |
| Feedback ID | e68fdd02-35eb-489f-82e5-e937cea055fe |
This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗