[BUG] Empty ANTHROPIC_AUTH_TOKEN injected into the Code shell breaks the official anthropic SDK (malformed Authorization: Bearer) in child processes

Resolved 💬 2 comments Opened Jun 3, 2026 by hiroki-tamba-research Closed Jul 8, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report
  • [x] I am using the latest version of Claude Code (2.1.162)

What's Wrong?

Inside a Claude Code session shell, ANTHROPIC_AUTH_TOKEN and ANTHROPIC_API_KEY are present in the environment but set to empty strings (""), not unset. Any program launched from that shell that constructs a default anthropic.Anthropic() (no explicit non-empty key) then reads those empty strings as credentials and fails on every API request with:

h11._util.LocalProtocolError: Illegal header value b'Bearer '

(surfaced by the SDK as anthropic.APIConnectionError), because the SDK builds a malformed Authorization: Bearer header — literally Bearer + a trailing space — from the empty token. Measured in my Claude Code shell, both vars have length 0. In a normal terminal they are unset and the same scripts work, which isolates the trigger to the Claude Code shell environment.

Confirmed on the latest versions: Claude Code CLI 2.1.162 and host app v1.10628.2 (the env is still present-but-empty after updating both).

Not a duplicate of #36515 / #36658. Those report the same root (the app injecting empty credential env vars) but a different consequence — the Max‑plan 200K‑vs‑1M context window — and were closed NOT_PLANNED. This report is a separate, unreported failure mode: the empty ANTHROPIC_AUTH_TOKEN (not just ANTHROPIC_API_KEY) makes the official anthropic SDK emit a malformed Authorization: Bearer header, which fails every request from any child process that uses the SDK — independent of plan or context window. Neither prior issue mentions ANTHROPIC_AUTH_TOKEN or the SDK/Bearer failure.

What Should Happen?

Claude Code should not place these credential env vars into the child environment as empty strings. Either leave them unset, or set them only when a real value is available. An empty-string credential is conventionally equivalent to "absent", and exporting VAR= (empty) silently breaks any child process that relies on the official SDK's default credential resolution.

Error Messages/Logs

# env state observed inside the Claude Code shell (values are empty, no secrets):
$ python -c "import os;print(repr(os.environ.get('ANTHROPIC_AUTH_TOKEN')),repr(os.environ.get('ANTHROPIC_API_KEY')))"
'' ''

# headers the official SDK then builds (no network call needed):
auth_headers -> {'X-Api-Key': '', 'Authorization': 'Bearer '}   # note trailing space

# resulting failure on any real request:
h11._util.LocalProtocolError: Illegal header value b'Bearer '
# surfaced as: anthropic.APIConnectionError

Steps to Reproduce

1. Start a Claude Code session (host app v1.10628.2, CLI 2.1.162) and open its shell.
2. Confirm the empty credentials:
     python -c "import os;print(repr(os.environ.get('ANTHROPIC_AUTH_TOKEN')),repr(os.environ.get('ANTHROPIC_API_KEY')))"
   -> prints:  '' ''
3. Construct a default client and inspect the built headers (no network):
     from anthropic import Anthropic
     print(dict(Anthropic().auth_headers))
   -> {'X-Api-Key': '', 'Authorization': 'Bearer '}
4. Any real call (e.g. messages.create(...)) then fails with
   anthropic.APIConnectionError wrapping "Illegal header value b'Bearer '".

Control: outside the Claude Code shell (vars unset), the same script works.

Claude Model

Not sure / Multiple models

Is this a regression?

I don't know

Last Working Version

(unknown)

Claude Code Version

2.1.162

Platform

Anthropic API

Operating System

Windows

Terminal/Shell

Other — Claude Code integrated shell inside the desktop app (v1.10628.2); Git Bash on Windows. (Not one of the standalone-terminal options.)

Additional Information

The SDK-side half is filed separately as anthropics/anthropic-sdk-python#1640 (self-contained, no-network repro). The two are independent: fixing the SDK's empty-string guard stops the malformed header, and fixing the empty-env injection here removes the trigger. Ideally both.

Related (same root cause, different consequence): #36515 and #36658 documented the app injecting empty ANTHROPIC_API_KEY as the cause of the Max-plan 200K-context problem (closed NOT_PLANNED). This report adds the ANTHROPIC_AUTH_TOKEN variant and the SDK-breakage consequence, which those did not cover.

User-side workaround today: pass an explicit non-empty key, Anthropic(api_key=...), or clear the empty vars before constructing the client.

Environment: Claude Code CLI 2.1.162 (npm global), host app v1.10628.2, Windows 11, Python 3.14, anthropic 0.103.1 / httpx 0.28.1 / h11 0.16.0.

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗