What is Claude Code and why do developers use it?

Claude Code is Anthropic's official agentic CLI for developers, launched in February 2025. It runs Claude models (Opus 4.6/4.7 in Fast mode, Sonnet 4.6/4.7 for balanced workloads, Haiku 4.5 for cheap tasks) inside a shell harness that can read and edit files, execute commands, fetch URLs, and call MCP servers. It ships as a CLI (`claude`), a web UI at claude.ai/code, and VS Code and JetBrains extensions. As of Q1 2026, Claude Code processes more than 1 billion tokens per day across its user base. Developers use it for pair programming, refactors, bug triage, PR reviews, writing tests, migrating codebases between framework versions, and driving parsing or automation pipelines. It is included in the Claude Max subscription ($200/month) or can be billed per-token through the Anthropic API.

Do I need a proxy to use Claude Code?

For most individual developers on a home network, no. Claude Code calls api.anthropic.com directly and works out of the box. You need a proxy in four situations: (1) corporate networks that force all outbound traffic through a gateway, where HTTP_PROXY is mandatory, (2) web automation workflows where Claude's WebFetch or an MCP tool hits anti-bot systems like Cloudflare Turnstile or Akamai Bot Manager, (3) geo-targeted testing where you need egress from a specific country, and (4) privacy scenarios where you do not want Anthropic or upstream sites to see your home IP. In those cases, a Coronium mobile proxy routes all traffic through a CGNAT carrier IP with 90-95% trust score.

How do I configure Claude Code with HTTP_PROXY and HTTPS_PROXY?

The cleanest pattern is to export the variables in your shell profile and restart Claude Code: `export HTTPS_PROXY=http://user:pass@mobile.coronium.io:10000`, `export HTTP_PROXY=http://user:pass@mobile.coronium.io:10000`, and `export NO_PROXY=localhost,127.0.0.1,*.internal`. Claude Code's Node.js runtime honors these through the undici HTTP client. For per-project config, add an `env` block to `.claude/settings.json` with the same keys. For authenticated proxies, URL-encode special characters in the password (e.g. `@` becomes `%40`). Verify with `curl -x "$HTTPS_PROXY" https://api.anthropic.com` before launching Claude. If your corporate proxy does TLS interception, also set NODE_EXTRA_CA_CERTS to your corporate CA bundle path, otherwise Node.js will throw UNABLE_TO_VERIFY_LEAF_SIGNATURE.

How does Claude Code's WebFetch tool interact with a proxy?

WebFetch is Claude's built-in tool for retrieving a URL and returning the rendered text. Internally it uses Node.js undici, which honors HTTP_PROXY and HTTPS_PROXY environment variables. When those are set, every WebFetch request exits through the configured proxy, so the target site sees the proxy's IP, not your home IP. With a Coronium mobile proxy that means the target sees a T-Mobile, AT&T, Vodafone, or Jio CGNAT address with strong reputation. WebFetch also follows redirects and handles compression, both through the proxy. Note that WebFetch has an implicit per-call timeout (about 30 seconds on current builds) and a response size cap. For finer control, wrap WebFetch in a PreToolUse hook that rotates to a fresh Coronium endpoint on every call, or use a dedicated coronium-fetch MCP server that enforces its own timeouts, retries, and rotation policy.

How do I use Claude Code hooks to rotate proxies automatically?

Hooks are shell commands Claude Code runs in response to events: PreToolUse, PostToolUse, UserPromptSubmit, SessionStart, Stop, and Notification. They are configured in `.claude/settings.json` under the `hooks` key. For proxy rotation, register a PreToolUse hook on the WebFetch matcher that runs a shell script to pick a random Coronium port from a pool and export HTTPS_PROXY to the chosen value. The hook writes the rotation to a sidecar log, then Claude executes WebFetch with the new value. Example: `{ "hooks": { "PreToolUse": [{ "matcher": "WebFetch", "hooks": [{ "type": "command", "command": "./scripts/rotate-proxy.sh" }] }] } }`. Per-request rotation means each fetched URL exits through a different mobile IP, so even targets with aggressive per-IP rate limits (Amazon, LinkedIn) do not accumulate reputation against a single endpoint.

What permission modes does Claude Code have and which is safe with a proxy?

Claude Code has four permission modes: (1) default: asks before any tool write or network call, safest for normal development, (2) acceptEdits: auto-approves file edits but still asks for shell and network, good for refactors you want to audit, (3) plan: Claude proposes a plan and only executes after you approve, no tools run during planning, (4) bypassPermissions: dangerous auto-approve-everything mode for sandboxed CI only. With a proxy, default and acceptEdits give you per-request audit of egress through Coronium. plan mode does not exercise the proxy except for model calls to api.anthropic.com. bypassPermissions makes the Coronium allowlist and your egress firewall the only security layer; pair it with a tight outbound policy so a runaway subagent cannot exfiltrate data.

Can I use SOCKS5 proxies with Claude Code?

Yes. Node.js undici (the HTTP client inside Claude Code) supports SOCKS5 via the proxy-agent chain. Set HTTPS_PROXY to a socks5:// or socks5h:// URL: `export HTTPS_PROXY=socks5h://user:pass@mobile.coronium.io:1080`. The `h` variant asks the proxy to resolve DNS, which prevents DNS leaks where your local resolver sees the target hostname even when the TCP traffic goes through the proxy. Coronium mobile proxies expose both HTTP and SOCKS5 endpoints at the same price. For most Claude Code workflows plain HTTP_PROXY is sufficient; SOCKS5 with remote DNS is the right choice when your threat model requires the carrier to resolve hostnames, or when you are tunneling non-HTTP traffic (such as custom MCP transports on a TCP port).

How much does Claude Code cost and what is included?

There are two billing models. Claude Max ($200/month) includes Claude Code usage at the Max quota (thousands of requests per 5-hour rolling window, renewed per plan), with access to Opus 4.6/4.7, Sonnet 4.6/4.7, and Haiku 4.5. Fair-use throttling applies for sustained heavy use. The second model is pay-per-token via the Anthropic API, which is how Claude Code runs when you set ANTHROPIC_API_KEY. Token prices as of 2026 are around $15/M input and $75/M output for Opus 4.6, $3/M input and $15/M output for Sonnet 4.6, and $0.80/M input and $4/M output for Haiku 4.5 (check anthropic.com for current numbers). Prompt caching (1-hour TTL) cuts input cost by up to 90% on repeated context. A proxy does not add Anthropic-side cost, but Coronium is billed separately at $27/month per dedicated mobile device with unlimited bandwidth.

What are subagents in Claude Code and how do they interact with proxies?

Subagents are specialized Claude agents with their own system prompt, tool allowlist, and context window, invoked via the Task tool from the parent session. Common named subagents include SEO-director, keyword-strategist, security-review, competitive-intelligence, and custom ones defined in `.claude/agents/*.md`. Each subagent runs in its own fresh transcript, which means it inherits the parent shell environment (including HTTP_PROXY and HTTPS_PROXY) but starts with a clean context. For proxy workflows, subagents are powerful because you can assign a different Coronium endpoint per subagent by spawning them via a wrapper script that exports a different HTTPS_PROXY before delegating. Five SEO subagents running in parallel can each exit through a different country IP, enabling true concurrent multi-geo audits. Subagents respect the permission mode of the parent, so bypassPermissions flows down unless you re-scope.

Will Claude Code leak my real IP even with a proxy configured?

Possible leak sources: (1) DNS: Node.js resolves DNS locally by default. If your threat model requires hostname resolution to happen on the proxy side, use socks5h:// not socks5:// or http://. (2) Non-proxy-aware MCP servers: some Python or Rust MCPs do not honor HTTP_PROXY. Test each MCP by having it fetch ifconfig.me and check the returned IP. (3) Child processes: a Bash tool call to `git fetch` uses the git proxy config, not the Claude proxy. Ensure git config has http.proxy set too. (4) WebRTC in Playwright MCP: a headless browser can expose your real IP through WebRTC STUN unless you disable it. The Playwright MCP with --args="--disable-features=WebRtcHideLocalIpsWithMdns,WebRTC" plus a Coronium proxy closes this. (5) IPv6: if the target is IPv6-only and your proxy is IPv4-only, Node may fall back to IPv6 direct. Set NODE_OPTIONS=--dns-result-order=ipv4first or disable IPv6 outbound.

Claude Code Guide -- Updated April 2026

Claude Code Proxy Setup & MCP Integration

Q: What is an MCP server and how do I add one to Claude Code?

MCP (Model Context Protocol) is an open protocol for exposing tools, resources, and prompts to agentic clients like Claude Code. An MCP server is a small process (usually Node.js, Python, or a native binary) that speaks MCP over stdio or streamable HTTP. You install one with `claude mcp add [--scope user|project] [--transport stdio|http] [--env KEY=VALUE] -- `. For example: `claude mcp add playwright --scope user -- npx @playwright/mcp@latest --proxy-server http://user:pass@mobile.coronium.io:10000`. Once added, Claude Code discovers the tools the MCP exposes and can call them in-turn. Common MCPs include Playwright (browser automation), filesystem, GitHub, Brave Search, and custom internal servers for company-specific data. See `claude mcp list` to inspect, `claude mcp remove ` to uninstall.

Claude Code is Anthropic's official agentic CLI, launched February 2025 and processing more than 1 billion tokens per day as of Q1 2026. This guide covers configuring it with Coronium mobile proxies: HTTP_PROXY and HTTPS_PROXY env vars, MCP server integration, WebFetch behavior, hook-based IP rotation, and every common SSL or auth failure you will hit on the way.

On CGNAT mobile IPs, Claude Code's WebFetch and subagent workflows reach 90-95% pass rates against Cloudflare Turnstile, DataDome, and Akamai Bot Manager, versus 40-60% through datacenter egress.

Verified against: Anthropic official docs, Claude Code 2026 release notes, MCP spec, Node.js undici behavior

Claude Code CLI

MCP Servers

HTTP / HTTPS Proxy

Hooks & Rotation

Subagents

Permission Modes

1B+

Tokens Claude Code processes daily (Q1 2026)

Feb 2025

Launch date of Claude Code CLI

4.6 / 4.7

Latest Claude model family (Opus, Sonnet, Haiku)

$200/mo

Claude Max plan includes Claude Code

What this guide covers:

HTTP_PROXY / HTTPS_PROXY full examples

MCP server integration with proxy

WebFetch + Coronium IP mechanics

PreToolUse hooks for per-request rotation

Permission modes under a proxy

SSL, auth, DNS leak fixes

Table of Contents

12 Sections

Navigate This Guide

End-to-end reference for wiring Claude Code to Coronium mobile proxies, from env vars to hooks and MCP architecture.

1. What Is Claude Code

2. When You Need a Proxy

3. Environment Variable Setup

4. MCP Server Integration

5. WebFetch + Proxy Behavior

6. Hooks for Proxy Rotation

7. Permission Modes

8. Subagents & Worktrees

9. Common Issues & Fixes

10. Frequently Asked Questions

11. Pricing

12. Related Resources

Reading time: ~22 minutes. Covers CLI install, env vars, MCP setup, WebFetch internals, hooks, subagents, and troubleshooting.

MCP servers covered

Common issues

FAQ answers

Claude Code 101

What Is Claude Code

Anthropic's official agentic CLI for developers, launched February 2025. It runs Claude models inside a harness that can read files, edit code, execute shell commands, fetch URLs, and drive MCP-compatible tools.

Surface Areas

Where Claude Code runs today

CLI (`claude`)
Native terminal experience on macOS, Linux, and Windows (WSL). Reads your repo, supports slash commands, hooks, and MCP.
claude.ai/code
Web harness launched 2025. Same agent, browser-hosted sandbox with ephemeral workspace.
VS Code extension
Inline agent with diff previews, stream-into-editor, and workspace-scoped tool grants.
JetBrains plugin
IntelliJ, PyCharm, WebStorm, Rider. Similar surface to VS Code with IDE-native UX.
GitHub Actions / CI
Headless mode via `claude -p` for non-interactive use in automation.

Model Lineup (2026)

Switchable via `/model` and `/fast`

Claude Opus 4.6 / 4.7
Flagship. Default behind Fast mode on Claude Max, 1M-token context variants available. Deepest reasoning for refactors and architecture.
Claude Sonnet 4.6 / 4.7
Balanced model. Workhorse for daily coding. Strong tool use, fast output, cost-efficient at scale.
Claude Haiku 4.5
Cheap and fast. Good for simple edits, grep-style navigation, and iteration loops where latency matters more than depth.
Fast mode
Routes prompts to Opus 4.6 variant optimized for lower latency while retaining reasoning quality. Toggled via `/fast`.

Slash Commands Every Claude Code User Should Know

Built-in commands, relevant for daily development and proxy debugging

/help

Opens the in-session help panel listing all slash commands, models, and permission mode shortcuts.

/clear

Resets the conversation context to zero tokens. Useful between proxy test runs so cached 429s and auth failures do not bias the model's next attempt.

/fast

Switches to Claude Haiku 4.5 for cheap, fast iteration. Ideal when debugging proxy config because you only care about whether requests succeed, not about deep reasoning.

/loop

Runs a prompt or slash command on a recurring interval. Useful for polling a health check: /loop 5m "verify egress IP via ifconfig.me through the proxy".

/mcp

Lists active MCP servers with their transport, auth status, and approved tool count. First stop when debugging why a tool is not available.

/config

Opens the settings editor for ~/.claude/settings.json. Use it to persist env vars and proxy config so every future session inherits the same setup.

/model

Switches the active model between Opus 4.6 (Fast mode), Sonnet 4.6, and Haiku 4.5 (and their 4.7 successors as rolled out).

/compact

Compresses the running transcript. Run it after large WebFetch results have been summarized, to keep context small while preserving the decisions Claude made.

Scale of Claude Code in Q1 2026

Claude Code processes more than 1 billion tokens per day across its user base. Anthropic's Claude Max plan ($200/month) includes Claude Code, making it one of the largest agentic CLI deployments in production today. At that scale, even small inefficiencies in proxy configuration (extra hops, unnecessary TLS renegotiation, DNS round-trips) compound into measurable latency and bandwidth cost, which is why getting the proxy setup right matters.

Use Cases

When You Need a Proxy with Claude Code

A home-network developer using Claude Code for pair programming usually does not need a proxy. The following six scenarios are where a Coronium mobile proxy moves from "nice to have" to "mandatory for the workflow to succeed."

Corporate Network Egress

Enterprise environments typically force all outbound traffic through an HTTP/HTTPS proxy gateway. Claude Code needs to reach api.anthropic.com for model inference, MCP servers for tool calls, and target hosts for WebFetch. Without HTTP_PROXY configured, all requests fail with connection refused or TLS errors.

Coronium approach: Export HTTP_PROXY and HTTPS_PROXY pointing at your Coronium entry, plus NO_PROXY for internal domains. Claude Code (Node.js runtime) honors these variables natively through undici.

Multi-Account Web Automation

When Claude Code subagents drive browser sessions or API clients that hit the same upstream provider (Google, LinkedIn, Amazon, Instagram) concurrently, a single shared egress IP triggers rate limiting and captcha. Each logical account needs an isolated identity.

Coronium approach: Assign one Coronium mobile proxy per subagent or per worktree. A 4G/5G carrier IP is shared across 50-1,000 real CGNAT users, so traffic from parallel sessions blends in with real mobile activity.

WebFetch Against Anti-Bot Targets

Claude Code ships a WebFetch tool that retrieves URLs to summarize or feed back into the model. Against sites protected by Cloudflare Turnstile, DataDome, Akamai Bot Manager, or PerimeterX (HUMAN Security), the default egress is often blocked or served a challenge page instead of real HTML.

Coronium approach: Route WebFetch through a Coronium mobile proxy via HTTPS_PROXY. Mobile ASNs from T-Mobile, AT&T, Vodafone, and Jio score 90-95% pass rates on Turnstile because blocking a CGNAT IP would also block hundreds of legitimate mobile users.

Geographic Testing and Localization

Reviewing how a marketing page renders for German, French, or Brazilian users requires an egress IP inside that country. Claude Code sessions running QA or SEO audits need to emulate the target region for both rendered HTML and API geolocation hints.

Coronium approach: Swap the Coronium endpoint per session to land in the required country. Coronium provides mobile proxies in 30+ countries, so you can spin up a Claude Code worktree per locale and run tests in parallel.

Data Extraction Pipelines Built With Claude

Claude Code is increasingly used as a development harness for parsing pipelines. The agent writes Scrapy spiders or Playwright scripts, then runs them in the sandbox. Those child processes inherit the shell environment and need their own proxy config to avoid getting banned during integration testing.

Coronium approach: Set proxy variables in .envrc or project .env, plus a hook that exports them before every Bash call. The child spider honors the same Coronium proxy the parent CLI uses, so test traffic looks identical to production.

Privacy From Upstream Observability

Anthropic sees your IP on every API call. For contractors working across multiple clients, or developers who do not want their home IP logged against hundreds of daily requests to api.anthropic.com, a proxy is a simple privacy layer.

Coronium approach: All Claude Code traffic exits through Coronium. Anthropic and any MCP server see the mobile carrier IP instead of your ISP-assigned home address. Useful for freelancers and agencies running Claude against client workloads.

Mobile vs Datacenter: Why It Matters for Claude

When Claude Code's WebFetch or an MCP tool hits a Cloudflare-protected or Akamai-protected site, the trust score of the egress IP is the single biggest factor in whether the request succeeds. Datacenter IPs (AWS, GCP, Hetzner) are pre-flagged and score 40-60%. Residential proxies score 70-85% but have shared pool history. Mobile proxies on CGNAT score 90-95% because blocking the IP would block hundreds of real cellular users. For Claude Code workflows that touch modern anti-bot systems, mobile is the only category that sustains production-grade success rates.

Core Configuration

Environment Variable Setup

Claude Code runs on Node.js and honors the standard proxy environment variables. Once set, they apply to model calls, WebFetch, MCP child processes, and any Bash command Claude spawns. This is the simplest and most portable proxy configuration.

Proxy-Related Environment Variables

Each variable is honored by Claude Code and most MCP servers. Set them in your shell profile, .envrc, or ~/.claude/settings.json.

Variable	Purpose	Example	Scope
`HTTP_PROXY`	Upstream for plain HTTP requests made by Claude Code and child processes it spawns (Bash, git, curl, npm).	`http://user:pass@mobile.coronium.io:10000`	Shell export or ~/.claude/settings.json env block
`HTTPS_PROXY`	Upstream for HTTPS requests. Claude Code uses this for api.anthropic.com, MCP transport, and WebFetch against https:// URLs.	`http://user:pass@mobile.coronium.io:10000`	Shell export or ~/.claude/settings.json env block
`NO_PROXY`	Comma-separated list of hosts that bypass the proxy. Put internal services, localhost, and anything you do not want to egress through the carrier.	`localhost,127.0.0.1,.internal,.corp`	Shell export
`ANTHROPIC_BASE_URL`	Override the Anthropic API base URL. Combined with a proxy, this lets you route model calls through a regional edge or through your own reverse proxy before hitting the carrier.	`https://api.anthropic.com`	Shell export
`ANTHROPIC_API_KEY`	Your Anthropic API key. Required when running Claude Code outside the Max subscription flow. Keep it in a secret manager, never in the repository.	`sk-ant-api03-...`	Shell export or macOS Keychain via `claude config`
`NODE_EXTRA_CA_CERTS`	Path to an extra CA bundle. Required if your corporate proxy does TLS interception, so Claude Code trusts the MITM certificate instead of throwing UNABLE_TO_VERIFY_LEAF_SIGNATURE.	`/etc/ssl/certs/corp-bundle.pem`	Shell export

Quick Start: Shell Export (macOS / Linux)

Add this to ~/.zshrc, ~/.bashrc, or ~/.profile, then restart Claude Code

# ~/.zshrc -- Coronium mobile proxy for Claude Code

export CORONIUM_USER='your_username'

export CORONIUM_PASS='your_password'

export CORONIUM_HOST='mobile.coronium.io'

export CORONIUM_PORT='10000'

export HTTPS_PROXY="http://$CORONIUM_USER:$CORONIUM_PASS@$CORONIUM_HOST:$CORONIUM_PORT"

export HTTP_PROXY="$HTTPS_PROXY"

export NO_PROXY='localhost,127.0.0.1,*.internal,*.corp'

# Optional: corporate TLS interception CA

export NODE_EXTRA_CA_CERTS='/etc/ssl/certs/corp-bundle.pem'

# Sanity check before launching Claude Code

curl -sI -x "$HTTPS_PROXY" https://api.anthropic.com | head -1

curl -s -x "$HTTPS_PROXY" https://ifconfig.me # should return mobile carrier IP

Per-Project: .claude/settings.json

Commit proxy config to the repo so every developer and CI run uses the same egress

// .claude/settings.json

{

"env": {

"HTTPS_PROXY": "http://$CORONIUM_USER:$CORONIUM_PASS@mobile.coronium.io:10000",

"HTTP_PROXY": "http://$CORONIUM_USER:$CORONIUM_PASS@mobile.coronium.io:10000",

"NO_PROXY": "localhost,127.0.0.1",

"NODE_EXTRA_CA_CERTS": "/etc/ssl/certs/corp-bundle.pem"

"permissions": {

"allow": [

"Bash(curl -x *)",

"WebFetch(domain:*.coronium.io)"

]

}

Use $VAR interpolation so the file does not contain literal credentials. Shell environment provides CORONIUM_USER and CORONIUM_PASS at launch.

Windows PowerShell Equivalent

Persistent user-level env vars for Claude Code on Windows

# PowerShell (run once, then restart Claude Code)

[Environment]::SetEnvironmentVariable("HTTPS_PROXY", "http://user:pass@mobile.coronium.io:10000", "User")

[Environment]::SetEnvironmentVariable("HTTP_PROXY", "http://user:pass@mobile.coronium.io:10000", "User")

[Environment]::SetEnvironmentVariable("NO_PROXY", "localhost,127.0.0.1", "User")

URL-encoding credentials

If your Coronium username or password contains @, :, /, or #, you must URL-encode them before putting them into HTTP_PROXY. @ becomes %40, : becomes %3A. A single unencoded character will cause a 407 Proxy Authentication Required because the parser splits the URL at the wrong place. Generate encoded values with python3 -c "import urllib.parse; print(urllib.parse.quote('p@ss:word', safe=''))".

MCP Architecture

MCP Server Integration

MCP (Model Context Protocol) is the open standard Claude Code uses to talk to external tools, data sources, and browsers. You install MCP servers with claude mcp add, and each one inherits the proxy env vars from the parent Claude Code process.

Coronium Proxy Fetch MCP

MCP server -- transport: stdio

A small MCP server that exposes a fetch tool routed through a Coronium mobile proxy. Claude Code can call it instead of the built-in WebFetch when it needs a trusted carrier IP, concurrent geo targeting, or guaranteed rotation between requests.

claude mcp add coronium-fetch --scope project --env PROXY_URL=http://user:pass@mobile.coronium.io:10000 -- node ./mcp-servers/coronium-fetch.js

Playwright MCP

Browser automation MCP -- transport: stdio

Microsoft's official Playwright MCP server drives a real Chromium instance. Combined with a Coronium proxy passed via --proxy-server, Claude Code can drive a genuine browser through a mobile IP, producing authentic TLS and HTTP/2 fingerprints for hard targets.

claude mcp add playwright --scope user -- npx @playwright/mcp@latest --proxy-server http://user:pass@mobile.coronium.io:10000

Filesystem MCP

Local file MCP -- transport: stdio

Grants Claude Code scoped read or write access to a filesystem root. Does not need a proxy directly, but combined with the Coronium fetch MCP, Claude can download pages, save them locally, and then re-read and extract structured data from them.

claude mcp add fs --scope project -- npx -y @modelcontextprotocol/server-filesystem ./data

GitHub MCP

GitHub API MCP -- transport: stdio

Lets Claude Code read repos, issues, PRs, and Actions logs. On corporate networks this MCP must honor HTTP_PROXY to reach api.github.com. With Coronium, outbound GitHub API traffic exits through the same mobile IP as every other call, keeping the egress profile consistent.

claude mcp add github --scope user --env GITHUB_TOKEN=ghp_xxx --env HTTPS_PROXY=http://user:pass@mobile.coronium.io:10000 -- npx -y @modelcontextprotocol/server-github

Remote HTTP MCP (Streamable)

Remote MCP via HTTP -- transport: http

Claude Code supports remote MCP servers over streamable HTTP. When the remote endpoint sits behind your own proxy or VPN, HTTPS_PROXY on the Claude Code process determines how the MCP control plane connects. Critical for agencies running a central MCP fleet for multiple clients.

claude mcp add my-remote --transport http --url https://mcp.example.com/stream --header "Authorization=Bearer $TOKEN"

Search MCP (Brave / Exa)

Search API MCP -- transport: stdio

Search MCPs proxy through commercial search APIs. Running them behind a Coronium proxy is mostly a privacy and consistency decision: Anthropic, the MCP server, and the search provider all see the same carrier IP, simplifying audit trails.

claude mcp add brave --scope user --env BRAVE_API_KEY=xxx -- npx -y @modelcontextprotocol/server-brave-search

Example: Coronium Fetch MCP Server (Node.js)

A minimal MCP server that exposes a coronium_fetch tool routed through your mobile proxy

// mcp-servers/coronium-fetch.js

import { Server } from '@modelcontextprotocol/sdk/server/index.js';

import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';

import { ProxyAgent, fetch } from 'undici';

const proxyUrl = process.env.PROXY_URL;

const agent = new ProxyAgent(proxyUrl);

const server = new Server({ name: 'coronium-fetch', version: '1.0.0' }, {

capabilities: { tools: {} }

});

server.setRequestHandler('tools/list', async () => ({

tools: [{

name: 'coronium_fetch',

description: 'Fetch a URL through Coronium mobile proxy',

inputSchema: { type: 'object', properties: { url: { type: 'string' } }, required: ['url'] }

}]

}));

server.setRequestHandler('tools/call', async (req) => {

const { url } = req.params.arguments;

const res = await fetch(url, { dispatcher: agent, signal: AbortSignal.timeout(30000) });

const body = await res.text();

return { content: [{ type: 'text', text: body.slice(0, 50000) }] };

});

await server.connect(new StdioServerTransport());

Install with claude mcp add coronium-fetch --env PROXY_URL=http://user:pass@mobile.coronium.io:10000 -- node ./mcp-servers/coronium-fetch.js. Claude can then call coronium_fetch as a first-class tool, guaranteed to exit through the Coronium mobile IP regardless of how HTTP_PROXY is set in the session.

MCP Installation Scopes

user scope

Installed in ~/.claude.json. Available in every project on the machine.

Good for: Personal toolchain, Playwright, GitHub, search MCPs.

project scope

Installed in .mcp.json at the repo root. Shared with collaborators via git.

Good for: Project-specific MCPs like the Coronium fetch server for a scraping pipeline.

local scope

Installed in project .claude.json, not checked in. Private to your machine.

Good for: MCPs with sensitive credentials you do not want in git.

WebFetch Internals

WebFetch + Proxy

WebFetch is Claude Code's built-in URL retrieval tool. Under the hood it uses Node.js undici, which respects HTTP_PROXY and HTTPS_PROXY, making proxy integration a matter of environment rather than code.

How WebFetch Works

Request flow with proxy

1.Claude decides to call WebFetch with a URL and prompt.
2.The harness reads HTTPS_PROXY from the process environment.
3.undici wraps the connection in a ProxyAgent pointed at Coronium.
4.TCP connection opens to mobile.coronium.io, authenticated with Basic auth.
5.Coronium forwards the HTTPS CONNECT to the target host.
6.TLS handshake happens end-to-end between Claude and the target (through the tunnel).
7.Response body is returned to Claude. Exit IP visible to target is the carrier IP.
8.Claude summarizes the response according to the prompt and continues the turn.

Anti-Bot Pass Rates

Observed with Claude Code WebFetch

Cloudflare Turnstile
Direct: 30-50% vs Coronium: 90-95%
Akamai Bot Manager
Direct: 20-40% vs Coronium: 85-92%
DataDome
Direct: 10-30% vs Coronium: 70-85% (browser needed)
PerimeterX / HUMAN
Direct: 5-20% vs Coronium: 65-80% (browser needed)
Imperva / Incapsula
Direct: 30-50% vs Coronium: 85-90%
Unprotected sites
Direct: 95%+ vs Coronium: 95%+

Approximate 2025/2026 observations. DataDome and PerimeterX also require genuine browser execution (Playwright MCP) beyond just a trusted IP.

Verifying WebFetch Uses the Proxy

Three checks to confirm every WebFetch call exits through Coronium

1. Check via ifconfig.me

Ask Claude: "Use WebFetch on https://ifconfig.me and show me the IP."

Expected: T-Mobile, AT&T, Vodafone, or Jio carrier IP. If you see your home ISP, HTTPS_PROXY is not being inherited.

2. Check ASN lookup

Run whois $(curl -x $HTTPS_PROXY -s ifconfig.me) | grep -i origin

Expected: mobile carrier ASN (e.g. AS21928 T-Mobile USA). Datacenter ASNs (AS16509 Amazon, AS14061 DigitalOcean) mean a misconfigured egress.

3. Check proxy logs

Log into Coronium dashboard and review traffic logs for the time window of your Claude session.

Expected: request count matches the number of WebFetch calls Claude made. Mismatch means some calls escaped the proxy.

Advanced Setup

Hooks for Proxy Rotation

Hooks are shell commands Claude Code executes in response to events. A PreToolUse hook scoped to WebFetch gives you per-request control over the Coronium endpoint, enabling rotation without MCP complexity.

Hook Events Relevant to Proxy Workflow

Six events you can hook into, and what each is good for

`PreToolUse`

Fires before Claude Code executes any tool (Bash, Edit, WebFetch, MCP). Perfect for injecting proxy env vars or rotating to a fresh Coronium endpoint before WebFetch.

Proxy use: Before every WebFetch, pick a random Coronium port from a pool and export HTTPS_PROXY. Achieves per-request rotation without touching the MCP layer.

`PostToolUse`

Fires after a tool completes. Receives the tool output. Can trigger cleanup, logging, or cache invalidation.

Proxy use: After WebFetch, log the effective egress IP and latency to a metrics file. Build a success-rate-per-IP dashboard over time.

`UserPromptSubmit`

Fires when the user submits a prompt, before Claude sees it. Can append context, inject guard rails, or enforce session-wide proxy state.

Proxy use: Re-export HTTPS_PROXY on every prompt submission so a manually unset variable is restored. Prevents accidental IP leaks mid-session.

`SessionStart`

Fires once when the Claude Code session starts, after settings are loaded.

Proxy use: Verify proxy reachability with a curl health check. Fail loudly if Coronium is unreachable so the developer does not waste a session on timeouts.

`Stop`

Fires when Claude decides to stop (turn complete) or the user interrupts.

Proxy use: Flush metrics, rotate to a fresh Coronium IP pool member, so the next turn starts from a clean reputation baseline.

`Notification`

Fires on harness notifications (permission requests, errors, idle). Can forward to Slack, PagerDuty, or push notifications.

Proxy use: Alert on repeated proxy auth failures so on-call can rotate credentials without the developer being blocked.

Example: Per-Request Coronium Rotation

A PreToolUse hook that picks a random Coronium port before every WebFetch

# .claude/settings.json

{

"hooks": {

"PreToolUse": [{

"matcher": "WebFetch",

"hooks": [{

"type": "command",

"command": "./.claude/hooks/rotate-coronium.sh"

}]

}

# .claude/hooks/rotate-coronium.sh

#!/usr/bin/env bash

set -euo pipefail

# Pool of Coronium dedicated devices

PORTS=("10000" "10001" "10002" "10003" "10004")

PORT="${PORTS[$RANDOM % ${#PORTS[@]}]}"

export HTTPS_PROXY="http://${CORONIUM_USER}:${CORONIUM_PASS}@mobile.coronium.io:${PORT}"

export HTTP_PROXY="$HTTPS_PROXY"

# Log rotation for auditing

echo "$(date -u +%FT%TZ) rotated to port $PORT" >> .claude/logs/rotation.log

# Emit the updated env so Claude inherits it

echo '{"hookSpecificOutput":{"additionalContext":"Rotated Coronium egress to port '"$PORT"'"}}'

Make the script executable: chmod +x .claude/hooks/rotate-coronium.sh. Every subsequent WebFetch uses a freshly rotated port, so per-request rate limits at the target do not accumulate.

When to Rotate vs When Not To

Rotating on every WebFetch works for read-only scraping where every request is independent. Do not rotate during authenticated sessions: LinkedIn, Instagram, Amazon logged-in flows require IP continuity, or the target will invalidate the session. Rotate per task, not per request, for anything behind login.

Rotate per request (safe):

Public product catalog scraping
Public SERP snapshots
News article retrieval
Open documentation fetches

Keep IP sticky (required):

Logged-in session flows
Multi-step checkout or onboarding
OAuth callback sequences
Long-lived WebSocket or streaming

Security

Permission Modes Under a Proxy

Claude Code has four permission modes. Each changes how and when tool calls (including proxied WebFetch and MCP invocations) require human confirmation. The mode you pick sets how much the proxy is your only line of defense.

default

Claude Code asks for permission before running any tool that writes to disk, executes a shell command, or calls an MCP server that is not pre-approved. Safe baseline.

With a Coronium proxy: Proxy env vars still apply to every approved call. First-time WebFetch through a new host will prompt for approval.

acceptEdits

Automatically approves file edits but still asks before shell or web tools. Useful during code refactors where you trust the agent to write but want to audit network egress.

With a Coronium proxy: Every WebFetch, Bash, or MCP call that crosses the proxy still requires explicit approval, giving you a per-request audit log.

plan

Claude produces a plan and asks you to confirm before any side effect. No writes, no commands, no network calls until you approve the plan.

With a Coronium proxy: Zero proxy traffic from tools during planning. Only model calls to api.anthropic.com use the proxy.

bypassPermissions

Dangerous mode where Claude Code runs tools without asking. Designed for sandboxed CI environments where the harness itself is the security boundary.

With a Coronium proxy: Proxy becomes the only checkpoint. Pair this mode with a tight Coronium allowlist or a restrictive egress policy so a runaway subagent cannot exfiltrate.

bypassPermissions: only behind a firewall

Running Claude Code in bypassPermissions on a machine with direct internet access is a security hazard: the agent can exfiltrate files to any URL without a prompt. Pair bypassPermissions with (1) a restrictive egress firewall that only allows Coronium and api.anthropic.com, (2) a tight project-scoped tool allowlist, and (3) a PostToolUse hook that logs every network call for audit. Even then, treat it as a CI-only mode, never for interactive development.

Multi-Agent Architecture

Subagents and Parallel Egress

Claude Code's subagents are specialized Claude instances spawned via the Task tool. Each runs in a fresh context and inherits environment variables from the parent, which means you can assign a different Coronium endpoint per subagent for true parallel multi-geo or multi-account execution.

SEO Director

Purpose: Runs rank tracking audits, meta tag checks, and competitive analysis across target domains.

Proxy need: Needs geo-targeted IPs to check how pages rank in specific countries. Assign a Coronium proxy per country (Germany, France, US) and spawn parallel subagents.

Keyword Strategist

Purpose: Scrapes SERPs, suggests clusters, and evaluates search volume sources.

Proxy need: Google throttles at ~100 req/IP/hour. Mobile proxies with CGNAT cover absorb higher volume without captcha, so the strategist can iterate faster.

Competitive Intelligence Agent

Purpose: Monitors competitor pricing, product launches, and content velocity.

Proxy need: Amazon and Shopify tenants throttle aggressively. Mobile proxy rotation on every 20-30 requests keeps the agent in the safe envelope.

Data Collection Agent

Purpose: Executes parsing jobs defined in the repo. Spins up Scrapy or Playwright per target.

Proxy need: Inherits the parent HTTP_PROXY so child spiders test against the same Coronium IP the production pipeline uses. No gap between dev and prod.

QA / Accessibility Agent

Purpose: Runs axe-core, lighthouse, and visual diffs against the staging site.

Proxy need: Geographic variants require country-specific egress. Coronium 30+ country coverage lets QA match the locale Lighthouse is scoring against.

Security Review Agent

Purpose: Scans pending diffs for secrets, SSRF, and deserialization bugs.

Proxy need: Calls out to public vulnerability databases (NVD, OSV). Proxy keeps those lookups on the same egress, which simplifies compliance and audit.

Example: Parallel Multi-Country SEO Audit

Four worktrees, four countries, four Coronium endpoints, one orchestrator

# Launch four parallel Claude Code sessions, one per country

HTTPS_PROXY="http://u:p@mobile.coronium.io:10010" claude -p "audit https://example.com for DE SEO" &

HTTPS_PROXY="http://u:p@mobile.coronium.io:10020" claude -p "audit https://example.com for FR SEO" &

HTTPS_PROXY="http://u:p@mobile.coronium.io:10030" claude -p "audit https://example.com for BR SEO" &

HTTPS_PROXY="http://u:p@mobile.coronium.io:10040" claude -p "audit https://example.com for US SEO" &

wait

# Each session uses a different mobile IP, targeting each country's localized rendering

Coronium provides mobile proxies in 30+ countries. Assigning a different port or host per parallel Claude session gives you concurrent geo-distributed egress without any IP collision or rate-limit overlap.

Troubleshooting

Common Issues and Fixes

Eight errors that account for the majority of proxy setup failures with Claude Code, each with the root cause and the exact fix.

UNABLE_TO_VERIFY_LEAF_SIGNATURE on api.anthropic.com

Root cause: Corporate proxy is doing TLS interception. Node.js does not trust the proxy's MITM certificate because it is not in the default CA bundle.

Fix: Export NODE_EXTRA_CA_CERTS pointing at the corporate CA bundle. Verify with `node -e "require('https').get('https://api.anthropic.com')"`. Do not disable TLS verification, that leaks API keys.

407 Proxy Authentication Required

Root cause: HTTP_PROXY is set but missing or using wrong credentials, or the proxy endpoint expects Basic auth in the URL and you quoted it incorrectly.

Fix: Test with curl first: `curl -x "$HTTP_PROXY" https://api.anthropic.com`. URL-encode special characters in username and password (@ becomes %40). Rotate the Coronium password if it leaked into a shell history.

MCP server cannot reach upstream

Root cause: MCP subprocess inherits the Claude Code environment, but if you launched Claude Code before exporting HTTP_PROXY, the MCP will not see it. Also happens when MCP is started with `env -i` or a minimal environment.

Fix: Put proxy variables in ~/.claude/settings.json under the env key so Claude Code injects them into every spawned MCP. For remote MCP, set them in the transport config.

WebFetch returns a Cloudflare challenge page

Root cause: Default WebFetch egress hit Turnstile. The proxy variable is not set, or you are using a datacenter IP that Cloudflare's reputation model has flagged.

Fix: Route WebFetch through Coronium mobile proxies. Mobile CGNAT IPs score 90-95% on Turnstile because blocking them blocks real users. Pair with a realistic User-Agent header via a hook.

DNS leaks despite proxy

Root cause: Node.js resolves DNS locally before the proxy connection. If your threat model requires the proxy endpoint to do DNS resolution as well, plain HTTP_PROXY is insufficient.

Fix: Use a SOCKS5 proxy with remote DNS resolution. Set HTTPS_PROXY=socks5h://user:pass@mobile.coronium.io:port. The `h` in socks5h tells the runtime to resolve hostnames on the proxy side.

Inconsistent IP between MCP and WebFetch

Root cause: Some MCP servers have their own HTTP client that does not honor HTTP_PROXY (older Python clients, custom Rust binaries). Result: the built-in WebFetch exits through Coronium, but an MCP tool exits through your home IP.

Fix: Audit each MCP with `claude mcp list` and test its egress IP independently. For Python MCPs, set HTTPX_PROXY or REQUESTS_CA_BUNDLE. For custom binaries, wrap them in a shell script that exports the proxy before exec.

Rate limit hit on api.anthropic.com during heavy agent runs

Root cause: Anthropic rate limits per API key, not per IP. A proxy does not raise this limit. The symptom is often confused with proxy failure.

Fix: Check response headers: 429 with retry-after indicates Anthropic throttling, not proxy issues. Upgrade to Claude Max ($200/mo) or spread requests across multiple API keys with different rate buckets.

Claude Code hangs during WebFetch with no timeout

Root cause: The Coronium endpoint is slow because of carrier congestion, or the target site is tarpitting the connection. Node.js undici does not enforce a short default timeout.

Fix: Configure a hook that wraps WebFetch with an explicit timeout, or use the coronium-fetch MCP server which enforces a 30-second ceiling per request by default.

FAQ

Frequently Asked Questions

Answers covering Claude Code fundamentals, proxy mechanics, MCP architecture, hooks, permission modes, and real-world failure scenarios.

Pricing

Coronium Mobile Proxies for Claude Code

Dedicated 4G/5G mobile devices with unlimited bandwidth. HTTP and SOCKS5 endpoints included. 30+ countries. Plug the endpoint into HTTPS_PROXY and Claude Code egresses through a CGNAT carrier IP with 90-95% anti-bot pass rate.

Premium Mobile Proxy Pricing

Configure & Buy Mobile Proxies

Select from 10+ countries with real mobile carrier IPs and flexible billing options

📖 Complete Purchase Guide

Choose Billing Period

Select the billing cycle that works best for you

SELECT LOCATION

🇺🇸

USA

$129/m

HOT

🇬🇧

$97/m

HOT

🇫🇷

France

$79/m

🇩🇪

Germany

$89/m

🇪🇸

Spain

$96/m

🇳🇱

Netherlands

$79/m

🇦🇺

Australia

$119/m

🇮🇹

Italy

$127/m

🇧🇷

Brazil

$99/m

🇨🇦

Canada

$159/m

🇵🇱

Poland

$69/m

🇮🇪

Ireland

$59/m

🇱🇹

Lithuania

$59/m

🇵🇹

Portugal

$89/m

🇷🇴

Romania

$49/m

SALE

🇺🇦

Ukraine

$27/m

SALE

🇬🇪

Georgia

$69/m

SALE

🇹🇭

Thailand

$59/m

SALE

Save up to 10%

when you order 5+ proxy ports

Carrier & Region

USA 🇺🇸

AT&T

T-Mobile

Verizon

Available regions:

Florida

New York

Included Features

Dedicated Device

Real Mobile IP

10-100 Mbps Speed

Unlimited Data

ORDER SUMMARY

🇺🇸USA Configuration

AT&T • Florida • Monthly Plan

Your price:

$129

/month

Unlimited Bandwidth

No commitment • Cancel anytime • Purchase guide

Money-back guarantee if not satisfied

Perfect For

Multi-account management

Web scraping without blocks

Geo-specific content access

Social media automation

500+Active Users

10+Countries

95%+Trust Score

20h/dSupport

Popular Proxy Locations

United States•California•Los Angeles•New York•NYC

Secure payment methods accepted: Credit Card, PayPal, Bitcoin, and more. 2 free modem replacements per 24h.

Claude Code Workflows

Workflows That Benefit from Coronium

These are the Claude Code use cases where a mobile proxy moves the needle on success rate, throughput, or compliance.

Parsing & Data Extraction Pipelines

Web scraping pipelines Claude helps build and test
Price monitoring across e-commerce catalogs
Amazon product data extraction scripts
AI training data collection workflows

SEO & Competitive Intelligence

SEO rank tracking in 30+ countries
Brand protection monitoring automation
QA automation with geo-specific egress
Ad verification across markets

Multi-Account Automation

Geographic Coverage for Testing

Route Claude Code sessions through country-specific egress:

Germany France UK Spain Netherlands United States Brazil Poland Australia More EU Countries

Plug Claude Code Into Coronium

Dedicated 4G/5G mobile proxies with 90-95% anti-bot pass rates. Set HTTPS_PROXY in your shell or .claude/settings.json and every WebFetch, MCP tool, and subagent call exits through a trusted CGNAT carrier IP.

Works with Claude Code CLI, VS Code extension, JetBrains plugin, and claude.ai/code. HTTP and SOCKS5 included at the same price. 30+ countries. Unlimited bandwidth.

HTTP_PROXY ready

SOCKS5 with remote DNS

MCP-compatible

Hook-based rotation

30+ countries

Unlimited bandwidth

Related Developer Tooling Guides

Blog

AI Agents