-
Notifications
You must be signed in to change notification settings - Fork 78
#2068: Isolate Claude Code configuration per IDEasy project #2087
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from 8 commits
fc2871d
657bdf6
10a53ad
ba233aa
a169e8a
f99a41f
91a77e0
9eb598a
03b74e4
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -123,6 +123,14 @@ function icd() { | |
| return | ||
| } | ||
|
|
||
| function claude() { | ||
| if [ -n "${IDE_HOME}" ]; then | ||
| ide claude "$@" | ||
| else | ||
| command claude "$@" | ||
| fi | ||
| } | ||
|
|
||
|
Comment on lines
+126
to
+133
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. nice idea to create such shim. I am just thinking loud and challenging this so we balances pros and cons and take a clear decision. |
||
| _ide_create_project() | ||
| { | ||
| local found_create=false | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| package com.devonfw.tools.ide.tool.claude; | ||
|
|
||
| import java.nio.file.Path; | ||
| import java.util.HashMap; | ||
| import java.util.HashSet; | ||
| import java.util.Map; | ||
| import java.util.Set; | ||
|
|
||
| import com.devonfw.tools.ide.process.EnvironmentContext; | ||
|
|
||
| /** | ||
| * Test double for {@link EnvironmentContext} that records every variable set or removed. | ||
| */ | ||
| public class RecordingEnvironmentContext implements EnvironmentContext { | ||
|
|
||
| /** Variables set via {@link #withEnvVar(String, String)}. */ | ||
| public final Map<String, String> set = new HashMap<>(); | ||
|
|
||
| /** Variables removed via {@link #removeEnvVar(String)}. */ | ||
| public final Set<String> removed = new HashSet<>(); | ||
|
|
||
| @Override | ||
| public EnvironmentContext withEnvVar(String key, String value) { | ||
| this.set.put(key, value); | ||
| return this; | ||
| } | ||
|
|
||
| @Override | ||
| public EnvironmentContext withPathEntry(Path path) { | ||
| return this; | ||
| } | ||
|
|
||
| @Override | ||
| public EnvironmentContext removeEnvVar(String key) { | ||
| this.removed.add(key); | ||
| return this; | ||
| } | ||
| } |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,2 +1,3 @@ | ||
| #!/usr/bin/env bash | ||
| echo "claude $*" | ||
| echo "CLAUDE_CONFIG_DIR=${CLAUDE_CONFIG_DIR}" |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -96,3 +96,23 @@ However, you can also map specific subfolders: | |
|
|
||
| So if your git repo would contain the hooks for GitHub Copilot in the folder `myhooks/github` those will be linked to appear as `.github/hooks` in your workspace. | ||
| We hope this gives you ultimate flexibility to solve all problems you may have. | ||
|
|
||
| == Isolated Claude configuration | ||
|
|
||
| When you run multiple Claude Code configurations (e.g. different AWS Bedrock accounts, a sovereign endpoint, a company-wide instance), they normally interfere through the shared `~/.claude` home folder and through leaked environment variables. | ||
|
|
||
| IDEasy isolates Claude per project. Running `ide claude` (or simply `claude` while an IDEasy project is active): | ||
|
|
||
| * sets `CLAUDE_CONFIG_DIR` to `$IDE_HOME/conf/claude`, so settings, credentials, MCP servers and history are stored per project; | ||
| * removes leaking provider/auth variables (`ANTHROPIC_*`, `CLAUDE_CODE_USE_BEDROCK`/`VERTEX`/`FOUNDRY`, `CLAUDE_CODE_OAUTH_TOKEN`, `AWS_PROFILE`, `AWS_REGION`, `AWS_*_KEY*`, `AWS_SESSION_TOKEN`, `AWS_BEARER_TOKEN_BEDROCK`) from the launched process; | ||
| * seeds a user-owned `conf/claude/settings.json` skeleton on first install. | ||
|
|
||
| Put *all* provider/auth configuration in `conf/claude/settings.json` under the `env` block (see the generated `conf/claude/README.md` for Bedrock and custom-endpoint examples). | ||
| Because scrubbed variables such as `AWS_PROFILE` are removed from the process, declare them there rather than relying on your shell. | ||
|
Comment on lines
+100
to
+111
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Should we add this specificity for Claude here? |
||
|
|
||
| [NOTE] | ||
| ==== | ||
| Known limitations: on macOS, Claude.ai _subscription_ login credentials are stored in the system Keychain, which `CLAUDE_CONFIG_DIR` does not relocate (use Bedrock/API-token auth to isolate on macOS; not relevant for Bedrock setups). | ||
| An enterprise `managed-settings.json` overrides all projects by design. | ||
| A bare `claude` run while no IDEasy project is active is not scrubbed - keep provider credentials out of your shell rc files. | ||
| ==== | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have configured
ANTROPIC_MODELand some other variables in myconf/ide.properties.Does it really make sense to remove them all with no way to circumvent?
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For a project it would even make sense to configure variables like
ANTROPIC_MODELorBEDROCK_MODEL_IDinsettings/ide.propertiesto share such settings across the team.I am not convinced that nuking such variables generally is a good idea.
Maybe we should remove them only if they are not comming from
ide.propertiesbut are inherited from System environment variables?