🔓 The Claude Code Source Leak: Fake Tools, Frustration Regexes, Undercover Mode

Source: alex000kim.com | Rating: ★★★★★ | Date: 2026-03-31

Key Findings

Anthropic accidentally shipped a .map file with Claude Code's full source code. This reveals several surprising implementation details.

Anti-Distillation: Fake Tools Injection

In claude.ts, there's a flag ANTI_DISTILLATION_CC that sends fake tool definitions when enabled. This poisons training data if someone records API traffic to distill a competing model.

Gated by GrowthBook feature flag (tengu_anti_distill_fake_tool_injection)
Only active for first-party CLI sessions
Also includes server-side connector-text summarization that summarizes reasoning between tool calls

Undercover Mode: AI Hides That It's AI

The file undercover.ts (~90 lines) strips all traces of Anthropic internals. The model never mentions internal codenames like "Capybara" or "Tengu", internal Slack channels, or "Claude Code" itself.

Concern: "There is NO force-OFF. This guards against model codename leaks." - line 15. AI-authored commits from Anthropic employees will have no indication an AI wrote them.

Frustration Detection via Regex

In userPromptKeywords.ts:

/\b(wtf|wth|ffs|omfg|shit(ty|tiest)?|dumbass|horrible|awful|\npiss(ed|ing)? off|piece of (shit|crap|junk)|what the (fuck|hell)|\nfucking? (broken|useless|terrible|awful|horrible)|fuck you|\nscrew (this|you)|so frustrating|this sucks|damn it)\b/

Irony: An LLM company uses regex for sentiment analysis. But it’s faster and cheaper than running an LLM for the same purpose.

Native Client Attestation (DRM)

In system.ts, API requests include a cch=00000 placeholder. Before the request leaves, Bun's native HTTP stack (Zig) overwrites those five zeros with a computed hash.

This is the technical enforcement behind the OpenCode legal fight - the binary cryptographically proves it's the real Claude Code client.

250,000 Wasted API Calls Per Day

The source comment in autoCompact.ts reveals:

        "BQ 2026-03-10: 1,279 sessions had 50+ consecutive failures (up to 3,272) in a single session, wasting ~250K API calls/day globally."

        Fix: MAX_CONSECUTIVE_AUTOCOMPACT_FAILURES = 3

KAIROS: Unreleased Autonomous Agent Mode

References throughout the codebase point to a heavily gated feature called KAIROS:

/dream skill for "nightly memory distillation"
Daily append-only logs
GitHub webhook subscriptions
Background daemon workers
Cron-scheduled refresh every 5 minutes

HN thread flagged this as the biggest product roadmap reveal.

Other Notable Bits

April Fools Tamagotchi: buddy/companion.ts implements a deterministic creature system (18 species, rarity tiers, 1% shiny chance)
Terminal Rendering: Uses game-engine techniques - Int32Array ASCII pool, bitmask style metadata, patch optimizer
Security: 23 numbered checks in bashSecurity.ts including blocking 18 Zsh builtins, defense against Zsh equals expansion, unicode zero-width injection

Timeline Context

This is Anthropic's second accidental exposure in a week (model spec leak was days ago). The timing is notable: just ten days ago, Anthropic sent legal threats to OpenCode forcing removal of built-in Claude authentication.

Exploration: 2026-04-01 | Source: Hacker News (news.ycombinator.com) → alex000kim.com