Skip to content

fix(core): add MiniMax M2 and auth env vars to subprocess allowlist #1093

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
hybridx wants to merge 1 commit into from
Closed

fix(core): add MiniMax M2 and auth env vars to subprocess allowlist #1093

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions packages/core/src/utils/env-allowlist.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,13 +27,24 @@ export const SUBPROCESS_ENV_ALLOWLIST = new Set([
// Claude auth and config
'CLAUDE_USE_GLOBAL_AUTH',
'CLAUDE_API_KEY',
'ANTHROPIC_API_KEY',
'ANTHROPIC_AUTH_TOKEN',
Comment on lines +30 to +31
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Apr 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Global-auth token stripping is now incomplete for newly allowlisted Anthropic credentials.

After adding ANTHROPIC_API_KEY and ANTHROPIC_AUTH_TOKEN to the allowlist (Line 30 and Line 31), buildCleanSubprocessEnv() will forward them; however, packages/core/src/clients/claude.ts currently strips only CLAUDE_CODE_OAUTH_TOKEN and CLAUDE_API_KEY in useGlobalAuth mode. This can unintentionally pass Anthropic credentials into subprocesses when the code path expects auth tokens to be removed.

Suggested follow-up patch (outside this file) 
- const { CLAUDE_CODE_OAUTH_TOKEN, CLAUDE_API_KEY, ...envWithoutAuth } = clean;
+ const {
+   CLAUDE_CODE_OAUTH_TOKEN,
+   CLAUDE_API_KEY,
+   ANTHROPIC_API_KEY,
+   ANTHROPIC_AUTH_TOKEN,
+   ...envWithoutAuth
+ } = clean;

  const filtered = [
    CLAUDE_CODE_OAUTH_TOKEN && 'CLAUDE_CODE_OAUTH_TOKEN',
    CLAUDE_API_KEY && 'CLAUDE_API_KEY',
+   ANTHROPIC_API_KEY && 'ANTHROPIC_API_KEY',
+   ANTHROPIC_AUTH_TOKEN && 'ANTHROPIC_AUTH_TOKEN',
  ].filter(Boolean);

As per coding guidelines, "Prefer throwing early with a clear error for unsupported/unsafe states - never silently swallow errors or broaden permissions (Fail Fast + Explicit Errors)".

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@packages/core/src/utils/env-allowlist.ts` around lines 30 - 31,
buildCleanSubprocessEnv now allows ANTHROPIC_API_KEY and ANTHROPIC_AUTH_TOKEN
but packages/core/src/clients/claude.ts only strips CLAUDE_CODE_OAUTH_TOKEN and
CLAUDE_API_KEY in the useGlobalAuth path, so Anthropic credentials may be
forwarded to subprocesses; update the useGlobalAuth handling in claude.ts to
also remove ANTHROPIC_API_KEY and ANTHROPIC_AUTH_TOKEN from the subprocess
environment (or explicitly throw a clear error if global auth with Anthropic
creds is unsupported) so the global-auth stripping behavior stays consistent
with buildCleanSubprocessEnv.

'CLAUDE_CODE_OAUTH_TOKEN',
'CLAUDE_CODE_USE_BEDROCK',
'CLAUDE_CODE_USE_VERTEX',
'ANTHROPIC_BASE_URL',
'ANTHROPIC_BEDROCK_BASE_URL',
'ANTHROPIC_VERTEX_PROJECT_ID',
'ANTHROPIC_VERTEX_REGION',
// Claude model overrides (used by MiniMax M2, GLM, and other API-compatible providers)
'ANTHROPIC_MODEL',
'ANTHROPIC_SMALL_FAST_MODEL',
'ANTHROPIC_DEFAULT_SONNET_MODEL',
'ANTHROPIC_DEFAULT_OPUS_MODEL',
'ANTHROPIC_DEFAULT_HAIKU_MODEL',
// Provider SDK tuning
'API_TIMEOUT_MS',
'CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC',
// Archon runtime config
'ARCHON_HOME',
'ARCHON_DOCKER',
Expand Down