Reading Leaked Claude Code Source Code

🔐 Security Obsession

• 2,592 lines of bashSecurity.ts — validates every shell command against attack patterns including zsh =cmd expansion, zmodload, heredoc injection, ANSI-C quoting, process substitution, emulate, ztcp
• YOLO classifier — ML-based permission system named ironically, 1,495 lines with two-stage evaluation
• I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS — forcing function that requires typing out verification before sending code to analytics

🤫 Internal Commands (Hidden in External Builds)

• bughunter — internal debugging
• goodClaude — disabled and hidden forever
• ultraplan, ultrareview — quality tools
• teleport — agent transfer

🐛 Codename Canary Problem

• All 18 species names hex-encoded to avoid colliding with model codenames in excluded-strings.txt
• Build pipeline checks for leaked codenames in output, not source

📊 Multi-Clauding Analytics

• Tracks when users run multiple Claude sessions simultaneously
• Pattern: session1 → session2 → session1 within 30-minute window

⌨️ Complete Vim Implementation

• Full Vim keybinding implementation as a state machine
• INSERT and NORMAL modes, operators, motions, text objects
• Not a wrapper — hand-rolled from scratch