Claude Code v2.1.94 — 5 New Environment Variables: Mantle Authentication, MCP Sandboxing, and Team Onboarding#
Published on April 7, 2026
Part of the Claude Code Version Tracker series. | Official Env Vars | Official Changelog
Claude Code v2.1.94 adds 5 new environment variables since v2.1.92. The headline feature is integrated Amazon Bedrock support via Mantle — Anthropic's auth proxy layer — backed by two new variables and a skip flag. Alongside that, MCP server environment isolation and a team onboarding toggle round out a release focused on enterprise deployment readiness.
What Changed#
| v2.1.92 | v2.1.94 | |
|---|---|---|
| Environment variables | 217 | 222 (+5) |
| Model IDs | 16 | 16 |
| Dynamic configs | 29 | 29 |
| Slash commands | 24 | 24 |
New Environment Variables#
| Variable | Likely Purpose |
|---|---|
CLAUDE_CODE_USE_MANTLE | Activates Mantle-based authentication for Amazon Bedrock. The changelog[1] describes this as "integrated Amazon Bedrock support via Mantle" with CLAUDE_CODE_USE_MANTLE=1. Mantle is Anthropic's auth proxy layer — this variable routes API calls through it rather than direct API key auth, enabling Bedrock access with enterprise credential flows. The interactive Bedrock setup wizard added in v2.1.92 now has a proper runtime pathway to connect to. |
CLAUDE_CODE_SKIP_MANTLE_AUTH | Skips Mantle authentication. This is the escape hatch for environments where Mantle is enabled at the org level but a specific workflow needs direct API access — debugging auth issues, running in air-gapped environments, or testing against non-Mantle endpoints. The pattern of a feature flag paired with its skip flag (USE_MANTLE / SKIP_MANTLE_AUTH) mirrors the existing Anthropic AWS auth pair, giving operators granular control over authentication routing. |
CLAUDE_CODE_SANDBOXED | Indicates or enforces that Claude Code is running in a sandboxed environment. The v2.1.92 changelog[1] restored the apply-seccomp helper for Linux sandbox in both npm and native builds — this variable likely signals the sandbox state to internal subsystems, controlling whether file operations, network calls, and process spawning go through the sandbox enforcement layer. Rather than inferring sandbox context from the runtime environment, this flag makes the state explicit and inspectable. |
CLAUDE_CODE_MCP_ALLOWLIST_ENV | Specifies an allowlist of environment variables that MCP servers can access. MCP servers run as subprocesses and inherit the parent environment by default, which is a security concern — API keys, database credentials, and cloud tokens all leak into every MCP server process. This variable likely accepts a comma-separated list of variable names to expose, replacing the all-or-nothing inheritance model with explicit permission. A significant hardening for enterprise setups running multiple third-party MCP servers. |
CLAUDE_CODE_TEAM_ONBOARDING | Activates team onboarding flows. This likely controls whether new team members see guided setup experiences — project initialization wizards, permission configuration, MCP server recommendations — when joining an existing Claude Code workspace for the first time. Combined with the default effort level being adjusted to "high" for Team and Enterprise users in this release, this suggests Anthropic is building a distinct first-run experience for organizations. |
What These Tell Us#
Mantle completes the Bedrock story. v2.1.92 added the Bedrock setup wizard and forceRemoteSettingsRefresh. v2.1.94 delivers the runtime: USE_MANTLE activates the auth proxy, SKIP_MANTLE_AUTH provides the override, and the changelog confirms corrected Bedrock Sonnet 3.5 v2 invocation using proper us. inference profile IDs. This is a coordinated two-release rollout — wizard first, then plumbing — which means Bedrock support was validated with early users before the auth layer went live. The default effort level being raised to "high" for Bedrock users confirms Anthropic wants the best-quality experience on this pathway, not a degraded one.
MCP security is shifting from trust to verify. MCP_ALLOWLIST_ENV is a meaningful architectural change. Until now, MCP servers inherited the full parent environment — every secret, every token. The allowlist model means organizations can run third-party MCP servers (database tools, cloud providers, custom integrations) without exposing credentials to servers that don't need them. Combined with CLAUDE_CODE_SANDBOXED making sandbox state explicit, this release draws a clearer boundary between Claude Code's execution environment and the MCP servers it orchestrates.
Enterprise onboarding is becoming a product surface. CLAUDE_CODE_TEAM_ONBOARDING marks the first time Claude Code has a dedicated variable for team-level first-run experiences. This isn't just a flag — it's an acknowledgment that individual developer setup and team setup are different problems. When a new engineer joins a team already using Claude Code, they need to inherit permissions, MCP server configurations, and project conventions — not discover them from scratch. The changelog's mention of keep-coding-instructions frontmatter and plugin skill naming changes suggests the plugin ecosystem is maturing alongside these team features.
Notable Changelog Highlights (v2.1.93–v2.1.94)#
Beyond the environment variables, several changelog entries signal important shifts:
--resumeacross worktrees — sessions can now be resumed directly from other worktrees, removing a friction point for developers using worktree-based branch isolation- CJK/multibyte text corruption fixed — stream-json input/output now handles CJK characters correctly, a critical fix for non-Latin language users
- Agents no longer appear stuck after 429s — rate-limited subagents with long Retry-After headers now surface their state properly instead of looking frozen
- Slack integration compact headers — clickable channel links replace verbose headers, suggesting deeper Slack MCP server usage
- Write tool diff computation 60% faster — large file edits are significantly cheaper in computation time
Sources#
- Claude Code Official Changelog — v2.1.93 and v2.1.94 release notes
This analysis is conducted for independent security research and interoperability purposes under fair use principles. All trademarks belong to their respective owners. The information presented here documents publicly observable behavior of installed software and is not intended to circumvent any technological protection measures, infringe on intellectual property rights, or encourage unauthorized use. Use these findings at your own discretion.
Related Versions#
- Claude Code v2.1.92 — 5 New Environment Variables — Bedrock wizard, per-model cost breakdown, remote settings refresh
- Claude Code v2.1.88 — 7 New Environment Variables — mouse control, REPL mode, flicker-free rendering
- Claude Code v2.1.86 — 2 New Environment Variables — trusted device tokens, OAuth console override
- Claude Code v2.1.85 — 6 New Environment Variables — MCP server config, yoga-layout removal, OAuth endpoint overrides
- Claude Code v2.1.84 — 6 New Environment Variables — idle management, PowerShell tool, Bedrock parity
Related: Context Window Management Guide | Claude Code Productivity Tips | The Agentic Engineering Playbook