[BUG] No supported way to disable only the context_management beta — breaks Claude Code on HIPAA-flagged orgs without ZDR (first-party Anthropic API)
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet (closest are #26215, #49548, #21612 — all third-party providers or closed/stale; this is the first-party Anthropic-API HIPAA-without-ZDR case)
- [x] This is a single bug report
- [x] I am using the latest version of Claude Code
What's Wrong?
Claude Code unconditionally sends the context-management-2025-06-27 beta (both the anthropic-beta header and the context_management body parameter) on every /v1/messages request.
On a **HIPAA-flagged Anthropic organization that does not have Zero Data Retention enabled, the first-party Anthropic API rejects that beta with a 400** on every request:
400 {"type":"error","error":{"type":"invalid_request_error","message":"context_management: Extra inputs are not permitted"}}
This makes Claude Code (and anything driving it via the Agent SDK, which bundles the same CLI binary) completely unusable on that org configuration — every turn 400s.
Unlike the previously reported cases (#49548, #51700, #26215 → Bedrock / OpenRouter / LiteLLM gateways), this is the real first-party Anthropic API endpoint — no proxy involved. It's purely the org's HIPAA-without-ZDR policy rejecting that one beta.
What Should Happen?
There should be a **supported, documented, granular way to disable only the context_management beta** — leaving every other beta (tool-search, fine-grained-tool-streaming, etc.) intact. The existing CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1 is too coarse (all-or-nothing) and disables capabilities we still want.
Notably, the bundled CLI already references an environment variable USE_API_CONTEXT_MANAGEMENT — but:
- It is undocumented (absent from the docs, the env-var references, and the SDK's typed options).
- Setting it does not currently function as an off-switch — the
context_managementbeta is still emitted regardless of its value.
The simplest fix would be to make USE_API_CONTEXT_MANAGEMENT an authoritative, documented on/off switch for this beta (fail-closed: send the beta only when the value is truthy), or equivalently expose a settings.json key / CLI flag as proposed in #26215.
Why this matters / use case
Running Claude Code under a HIPAA BAA is a first-class, supported deployment. ZDR is a separate opt-in; many HIPAA orgs run without ZDR. In that (common, legitimate) configuration, the org rejects the context_management beta — so today Claude Code simply cannot run there at all, with no supported remedy. We need to disable exactly this one beta and nothing else.
Environment
- Platform: Anthropic API (first-party), HIPAA-flagged org, no ZDR
- SDK:
@anthropic-ai/claude-agent-sdk(bundles theclaudeCLI binary) - Beta rejected:
context-management-2025-06-27
Related
- #26215 (closed/stale) — feature request to expose
context_managementconfig - #21612 — CC sends
context_management, API rejects it - #49548 / #51700 — same 400, but via Bedrock/proxy gateways
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗