> What this does: apiKeyHelper tells Claude Code to run echo proxy-managed to get its API key. The sandbox’s network proxy intercepts outgoing API calls and swaps this sentinel value for your real Anthropic key, so the actual key never exists inside the sandbox.
This is similar to how I solved a BYOK(bring your own key) feature at work. We had a lot of hardcoded endpoints and structures on the client and code that was too difficult to move over a nice BYOK structure within the given timeframe. So we ended up making a proxy that basically injected customer keys as they passed through our servers. note that there are a lot security implications doing this.
interleave|13 days ago
> What this does: apiKeyHelper tells Claude Code to run echo proxy-managed to get its API key. The sandbox’s network proxy intercepts outgoing API calls and swaps this sentinel value for your real Anthropic key, so the actual key never exists inside the sandbox.
evnix|13 days ago
domh|13 days ago
[1]: https://deno.com/blog/introducing-deno-sandbox
[2]: https://news.ycombinator.com/item?id=46874959
[3]: https://github.com/superfly/tokenizer