2.1.118: 401 auth error with custom ANTHROPIC_BASE_URL (third-party provider, worked in 2.1.112)
Bug Description
After auto-updating from 2.1.112 → 2.1.118, Claude Code agents started returning 401 Unauthorized errors when using a custom ANTHROPIC_BASE_URL with a third-party provider (DashScope/Bailian). Rolling back to 2.1.112 immediately fixes the issue.
Environment
- Claude Code version: 2.1.118 (broken) / 2.1.112 (works)
- OS: macOS 24.1.0
- Shell: zsh
- Launched via: Paseo (Claude Code shell app), agent ID
cc798e0f-2f7e-45cf-a733-fa98ee507d15
Configuration
Custom provider configured via agents.json:
{
"agents": {
"providers": {
"bailian": {
"extends": "claude",
"env": {
"ANTHROPIC_API_KEY": "<bailian-key>",
"ANTHROPIC_BASE_URL": "https://dashscope.aliyuncs.com/apps/anthropic"
},
"models": [
{ "id": "qwen3.6-plus", "label": "Qwen 3.6 Plus", "isDefault": true }
]
}
}
}
}
Steps to Reproduce
- Configure a custom provider with
ANTHROPIC_BASE_URLpointing to a non-Anthropic Anthropic-compatible endpoint - Use an API key valid for that endpoint (not a real Anthropic key)
- Run Claude Code 2.1.118 with this configuration
- Any agent/conversation immediately returns 401 Unauthorized
Expected Behavior
Same as 2.1.112: requests are forwarded to the custom ANTHROPIC_BASE_URL with the provided key, without additional Anthropic-side key validation.
Actual Behavior
401 error. The key is confirmed valid — direct curl calls to the same endpoint with the same key succeed:
curl -X POST https://dashscope.aliyuncs.com/apps/anthropic/v1/messages \
-H "x-api-key: <key>" \
-H "anthropic-version: 2023-06-01" \
-H "Content-Type: application/json" \
-d '{"model":"qwen3.6-plus","max_tokens":10,"messages":[{"role":"user","content":"hi"}]}'
# Returns valid response ✓
Hypothesis
2.1.118 may have introduced an additional validation/telemetry call against the real Anthropic API (e.g., statsig, usage tracking, or key verification) that runs before or alongside the custom base URL path. This call would use the third-party key against Anthropic's own auth endpoint, causing a 401.
Relevant 2.1.118 changelog entries that might be related:
- "Fixed
/loginhaving no effect in a session launched withCLAUDE_CODE_OAUTH_TOKEN— the env token is now cleared so disk credentials take effect" - "Fixed connecting to a remote session overwriting your local
modelsetting"
Workaround
Roll back to 2.1.112:
ln -sf ~/.local/share/claude/versions/2.1.112 ~/.local/bin/claudeThis issue has 3 comments on GitHub. Read the full discussion on GitHub ↗