agentsSource-backedReview first Safety ✓ Privacy ✓
Enterprise Network Proxy Debugging Agent
Community reusable agent prompt for debugging Claude Code behind corporate HTTP proxies and mTLS using official network-config docs: HTTP_PROXY variables, certificate trust, downloads reachability, and remote MCP URL failures.
HarnessClaude Code
Review first — review before installing
Open the source and read safety notes before installing.
Safety notes
- Do not paste proxy credentials or client private keys into shared chat logs.
- Disabling TLS verification globally is not an acceptable production fix.
- Split-tunnel VPN changes affect MCP SaaS endpoints—coordinate with security teams.
- Debugging commands should use read-only curl or openssl checks before changing production laptops.
Privacy notes
- Proxy logs may capture Anthropic API paths and internal MCP hostnames.
- Packet captures for debugging must follow company retention and access policies.
- Support tickets should redact employee emails and internal gateway URLs when possible.
Prerequisites
- Corporate proxy host, port, and authentication requirements from IT.
- Claude Code network-config settings and shell environment variables.
- Symptoms such as failed install fetch, auth errors, MCP remote timeouts, or SSL failures.
- Optional mTLS client certificate paths and enterprise CA bundle locations.
Schema details
- Install type
- copy
- Troubleshooting
- No
Source repository stats
- Scope
- Source repo
Full copyable content
## Content
Enterprise Network Proxy Debugging Agent is a community-authored reusable prompt for
diagnosing Claude Code failures on locked-down networks. It applies official Claude Code
network-config documentation—not an official Anthropic support agent.
## Scope Note
This prompt operationalizes documented proxy, TLS, and connectivity troubleshooting steps
from code.claude.com. IT policy decisions remain with your network and security teams.
## Agent Prompt
You are an enterprise network proxy debugger for Claude Code. Identify why installs, auth,
or MCP remote calls fail behind corporate egress controls using official network-config docs.
Workflow:
1. **Capture symptoms.** Classify install fetch failures, CLI auth errors, MCP timeouts, or TLS handshake failures.
2. **Environment.** Inspect HTTP_PROXY, HTTPS_PROXY, NO_PROXY, and Claude-specific network settings documented for Claude Code.
3. **Trust store.** Verify enterprise root CAs and client mTLS certs are visible to Node and Claude Code.
4. **Reachability.** Test documented Anthropic and downloads endpoints with curl through the proxy.
5. **MCP remote.** Confirm SaaS MCP URLs are allowed by firewall and proxy PAC rules.
6. **Policy conflicts.** Check managed settings vs local overrides that block network or MCP categories.
7. **Fix plan.** Propose IT ticket items and safe local changes ranked by risk.
Output contract:
- Failure classification with reproducible test commands (redacted).
- Root cause hypothesis with evidence.
- IT vs developer action list.
- Verification steps after changes.
## Features
- Maps network-config docs to practical proxy debugging workflows.
- Covers installer download hosts separate from API traffic.
- Includes remote MCP allowlist considerations.
- Avoids insecure TLS bypass recommendations.
## Use Cases
- New engineer laptop cannot authenticate Claude Code on corporate VPN.
- Remote MCP connector works at home but fails in office network.
- mTLS rollout breaks Claude Code until CA bundles are updated.
- Platform team documents standard proxy env templates for Claude Code.
## Source Notes
Verified against Claude Code network-config documentation on **2026-06-16**:
- Official docs describe HTTP_PROXY and HTTPS_PROXY environment variables and corporate
proxy configuration patterns for Claude Code clients.
- Documentation covers TLS and certificate trust considerations for enterprise networks
intercepting HTTPS traffic to Anthropic endpoints.
- Separate connectivity requirements apply to installer downloads, API sessions, and
optional remote MCP connectors documented in MCP setup guides.
## Duplicate Check
Checked content/guides and content/agents for enterprise network coverage.
enterprise-network-proxy-and-mtls-setup-for-claude-code is a setup guide. No agents entry
provides interactive proxy debugging runbooks grounded in network-config documentation.
## Editorial Disclosure
Submitted as an independent community agent entry by kiannidev, based on public Claude
Code network-config documentation and the public anthropics/claude-code repository.
No paid placement, referral, or affiliate relationship.
## Sources
- Claude Code network config - https://code.claude.com/docs/en/network-config
- Claude Code MCP - https://code.claude.com/docs/en/mcp
- Claude Code repository - https://github.com/anthropics/claude-codeAbout this resource
Content
Enterprise Network Proxy Debugging Agent is a community-authored reusable prompt for diagnosing Claude Code failures on locked-down networks. It applies official Claude Code network-config documentation—not an official Anthropic support agent.
Scope Note
This prompt operationalizes documented proxy, TLS, and connectivity troubleshooting steps from code.claude.com. IT policy decisions remain with your network and security teams.
Agent Prompt
You are an enterprise network proxy debugger for Claude Code. Identify why installs, auth, or MCP remote calls fail behind corporate egress controls using official network-config docs.
Workflow:
- Capture symptoms. Classify install fetch failures, CLI auth errors, MCP timeouts, or TLS handshake failures.
- Environment. Inspect HTTP_PROXY, HTTPS_PROXY, NO_PROXY, and Claude-specific network settings documented for Claude Code.
- Trust store. Verify enterprise root CAs and client mTLS certs are visible to Node and Claude Code.
- Reachability. Test documented Anthropic and downloads endpoints with curl through the proxy.
- MCP remote. Confirm SaaS MCP URLs are allowed by firewall and proxy PAC rules.
- Policy conflicts. Check managed settings vs local overrides that block network or MCP categories.
- Fix plan. Propose IT ticket items and safe local changes ranked by risk.
Output contract:
- Failure classification with reproducible test commands (redacted).
- Root cause hypothesis with evidence.
- IT vs developer action list.
- Verification steps after changes.
Features
- Maps network-config docs to practical proxy debugging workflows.
- Covers installer download hosts separate from API traffic.
- Includes remote MCP allowlist considerations.
- Avoids insecure TLS bypass recommendations.
Use Cases
- New engineer laptop cannot authenticate Claude Code on corporate VPN.
- Remote MCP connector works at home but fails in office network.
- mTLS rollout breaks Claude Code until CA bundles are updated.
- Platform team documents standard proxy env templates for Claude Code.
Source Notes
Verified against Claude Code network-config documentation on 2026-06-16:
- Official docs describe HTTP_PROXY and HTTPS_PROXY environment variables and corporate proxy configuration patterns for Claude Code clients.
- Documentation covers TLS and certificate trust considerations for enterprise networks intercepting HTTPS traffic to Anthropic endpoints.
- Separate connectivity requirements apply to installer downloads, API sessions, and optional remote MCP connectors documented in MCP setup guides.
Duplicate Check
Checked content/guides and content/agents for enterprise network coverage. enterprise-network-proxy-and-mtls-setup-for-claude-code is a setup guide. No agents entry provides interactive proxy debugging runbooks grounded in network-config documentation.
Editorial Disclosure
Submitted as an independent community agent entry by kiannidev, based on public Claude Code network-config documentation and the public anthropics/claude-code repository. No paid placement, referral, or affiliate relationship.
Sources
- Claude Code network config - https://code.claude.com/docs/en/network-config
- Claude Code MCP - https://code.claude.com/docs/en/mcp
- Claude Code repository - https://github.com/anthropics/claude-code
Source citations
Add this badge to your README
Show that Enterprise Network Proxy Debugging Agent is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.
[](https://heyclau.de/entry/agents/enterprise-network-proxy-debugging-agent)How it compares
Enterprise Network Proxy Debugging Agent side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.
| Field | Enterprise Network Proxy Debugging Agent Community reusable agent prompt for debugging Claude Code behind corporate HTTP proxies and mTLS using official network-config docs: HTTP_PROXY variables, certificate trust, downloads reachability, and remote MCP URL failures. Open dossier | Claude Code Enterprise Network Config Capability Pack Skill Expert Claude Code enterprise network configuration capability pack for auditing proxy settings, custom CA trust, mTLS client certificates, URL allowlists, and provider-specific routing in restricted corporate networks. Open dossier | Bedrock Claude Code Platform Agent Community reusable agent prompt for operating Claude Code on Amazon Bedrock using official setup docs: IAM credential chains, regional model IDs, inference profiles, enterprise network config, quota errors, and Bedrock-specific troubleshooting steps. Open dossier | Microsoft Foundry Claude Code Agent Community reusable agent prompt for operating Claude Code on Microsoft Foundry using official setup docs: Azure subscriptions, Entra ID auth, deployment names, enterprise network config, and Foundry-specific Claude Code troubleshooting steps. Open dossier |
|---|---|---|---|---|
| Trust | ||||
| Install risk | Review first | Review first | Review first | Review first |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Category | agents | skills | agents | agents |
| Source | source-backed | source-backed | source-backed | source-backed |
| Author | kiannidev | kiannidev | kiannidev | kiannidev |
| Added | 2026-06-16 | 2026-06-13 | 2026-06-16 | 2026-06-16 |
| Platforms | Claude Code | Claude CodeCodexWindsurfGeminiCursorCLI | Claude Code | Claude Code |
| Source repo | — | — | — | — |
| Safety notes | ✓Do not paste proxy credentials or client private keys into shared chat logs. Disabling TLS verification globally is not an acceptable production fix. Split-tunnel VPN changes affect MCP SaaS endpoints—coordinate with security teams. Debugging commands should use read-only curl or openssl checks before changing production laptops. | ✓This skill recommends network configuration changes; it must not edit proxy credentials, certificate files, or settings without showing proposed diffs first. Avoid hardcoding proxy passwords in scripts or committed settings; use secure credential storage or managed env injection. Claude Code does not support SOCKS proxies; do not recommend SOCKS-only egress paths. Changing CLAUDE_CODE_CERT_STORE from the default can break trust for TLS-inspection proxies if the OS store is removed unintentionally. mTLS client keys and passphrases are sensitive; store them outside repositories and restrict filesystem permissions. Disabling telemetry requires explicit env configuration before finalizing allowlists; do not assume zero outbound telemetry by default. | ✓Long-lived access keys in repositories are forbidden; prefer IAM roles and OIDC for CI. Bedrock model allowlists should match security-approved model IDs only. Cross-region failover can violate data residency—confirm before switching regions. IAM policy changes require cloud admin approval; this agent advises, not applies, policies. | ✓Client secrets and connection strings must not be committed to repositories. Deployment names and API versions must match Foundry-supported Claude models only. Cross-subscription resources can break policy—keep Foundry resources in approved subscriptions. Azure RBAC changes require admin approval; this agent advises, not applies, policies. |
| Privacy notes | ✓Proxy logs may capture Anthropic API paths and internal MCP hostnames. Packet captures for debugging must follow company retention and access policies. Support tickets should redact employee emails and internal gateway URLs when possible. | ✓Proxy URLs, client certificate paths, NO_PROXY lists, and settings.json env blocks can expose internal hostnames, service names, and network topology. Enterprise TLS inspection means traffic content may be visible to the proxy operator even when Anthropic ZDR or retention policies apply upstream. Troubleshooting logs, `/doctor` output, and install traces may include usernames, internal domains, and certificate issuer details. Public rollout docs should summarize required domains and config categories, not paste complete proxy credentials or private CA bundles. | ✓Bedrock invocation logs and CloudTrail events may contain prompt metadata—configure retention. Customer content handling follows AWS Bedrock and Anthropic agreements for your account type. Support bundles should redact account IDs and role ARNs when shared externally. | ✓Azure Monitor and Foundry logs may store request metadata; configure retention accordingly. Customer content handling follows Microsoft and Anthropic agreements for Foundry Claude. Support tickets should redact tenant IDs and subscription names when posted publicly. |
| Prerequisites |
|
|
|
|
| Install | — | — | — | — |
| Config | — | — | — | — |
| Citations | ||||
| Claim | Unclaimed | Unclaimed | Unclaimed | Unclaimed |
Signals
Loading live community signals…
More like this, weekly
A short, calm digest of reviewed Claude resources. Unsubscribe any time.