The Claude Code Source Leak: fake tools, frustration regexes, undercover mode (alex000kim.com)
122 points by alex000kim 6 hours ago
peacebeard 36 minutes ago
The name "Undercover mode" and the line `The phrase "Claude Code" or any mention that you are an AI` sound spooky, but after reading the source my first knee-jerk reaction wouldn't be "this is for pretending to be human" given that the file is largely about hiding Anthropic internal information such as code names. I encourage looking at the source itself in order to draw your conclusions, it's very short: https://github.com/alex000kim/claude-code/blob/main/src/util...
andoando 8 minutes ago
I think the motivation is to let developers use it for work without making it obvious theyre using AI
ryandrake 4 minutes ago
Which is funny given how many workplaces are requiring developers use AI, measuring their usage, and stack ranking them by how many tokens they burn. What I want is something that I can run my human-created work product through to fool my employer and its AI bean counters into thinking I used AI to make it.
dkenyser 31 minutes ago
> my first knee-jerk reaction wouldn't be "this is for pretending to be human"...
"Write commit messages as a human developer would — describe only what the code change does."
amarant 2 minutes ago
That seems desirable? Like that's what commit messages are for. Describing the change. Much rather that than the m$ way of putting ads in commit messages
peacebeard 25 minutes ago
~That line isn't in the file I linked, care to share the context? Seems pretty innocuous on its own.~
[edit] Never mind, find in page fail on my end.
stordoff 18 minutes ago
__blockcipher__ 19 minutes ago
Undercover mode seems like a way to make contributions to OSS when they detect issues, without accidentally leaking that it was claude-mythos-gigabrain-100000B that figured out the issue
stavros 10 minutes ago
What does non-undercover do? Where does CC leave metadata mainly? I haven't noticed anything.
mzajc 12 minutes ago
There are now several comments that (incorrectly?) interpret the undercover mode as only hiding internal information. Excerpts from the actual prompt[0]:
NEVER include in commit messages or PR descriptions:
- The phrase "Claude Code" or any mention that you are an AI
- Co-Authored-By lines or any other attribution
BAD (never write these):
- 1-shotted by claude-opus-4-6
- Generated with Claude Code
- Co-Authored-By: Claude Opus 4.6 <…>
[0]: https://github.com/chatgptprojects/claude-code/blob/642c7f94...
otterley 9 minutes ago
I would have expected people (maybe a small minority, but that includes myself) to have already instructed Claude to do this. It’s a trivial instruction to add to your CLAUDE.md file.
andoando 9 minutes ago
Ive seen it say coauthored by claude code on my prs...and I agree I dont want it to do that
petcat 8 minutes ago
It's less about pretending to be a human and more about not inviting scrutiny and ridicule toward Claude if the code quality is bad. They want the real human to appear to be responsible for accepting Claud's poor output.
otterley 4 minutes ago
That’s ultimately the right answer, isn’t it? Bad code is bad code, whether a human wrote it all, or whether an agent assisted in the endeavor.
hombre_fatal 6 minutes ago
You can already turn off "Co-Authored-By" via Claude Code config. This is what their docs show:
~/.claude/settings.json
{
"attribution": {
"commit": "",
"pr": ""
},
Claude Code users aren't the ones worried about leaking "internal model codenames" nor "unreleased model opus-4-8" nor Slack channel names. Though, nobody would want that crap in their generated docs/code anyways.
Seems like a nothingburger, and everyone seems to be fantasizing about "undercover mode" rather than engaging with the details.
ripbozo 37 minutes ago
I don't understand the part about undercover mode. How is this different from disabling claude attribution in commits (and optionally telling claude to act human?)
On that note, this article is also pretty obviously AI-generated and it's unfortunate the author didn't clean it up.
giancarlostoro 31 minutes ago
It's people overreacting, the purpose of it is simple, don't leak any codenames, project names, file names, etc when touching external / public facing code that you are maintaining using bleeding edge versions of Claude Code. It does read weird in that they want it to write as if a developer wrote a commit, but it might be to avoid it outputting debug information in a commit message.
ramon156 16 minutes ago
Even some of these comments are obviously Ai-assisted. I hate that I recognize it.
saadn92 9 minutes ago
The feature flag names alone are more revealing than the code. KAIROS, the anti-distillation flags, model codenames those are product strategy decisions that competitors can now plan around. You can refactor code in a week. You can't un-leak a roadmap.
Reason077 5 minutes ago
> "Anti-distillation: injecting fake tools to poison copycats"
Plot twist: Chinese competitors end up developing real, useful versions of Claude's fake tools.
causal 20 minutes ago
I'm amazed at how much of what my past employers would call trade secrets are just being shipped in the source. Including comments that just plainly state the whole business backstory of certain decisions. It's like they discarded all release harnesses and project tracking and just YOLO'd everything into the codebase itself.
CharlieDigital 12 minutes ago
Comments are the ultimate agent coding hack. If you're not using comments, you're doing agent coding wrong.
Why? Agents may or may not read docs. It may or may not use skills or tools. It will always read comments "in the line of sight" of the task.
You get free long term agent memory with zero infrastructure.
JambalayaJimbo 4 minutes ago
I guess they weren't expecting a leak of the source code? It's very handy to have as much as possible available in the codebase itself.
treexs 5 minutes ago
well yeah since they tell claude code the business decisions and it creates the comments
pixl97 18 minutes ago
Project trackers come and go, but code is forever, hopefully?
simianwords 34 minutes ago
> The multi-agent coordinator mode in coordinatorMode.ts is also worth a look. The whole orchestration algorithm is a prompt, not code.
So much for langchain and langraph!! I mean if Anthropic themselves arent using it and using a prompt then what’s the big deal about langchain
rolymath 23 minutes ago
You didn't even use it yet.
space_fountain 19 minutes ago
I've tried to use langchain. It seemed to force code into their way of doing things and was deeply opinionated about things that didn't matter like prompt templating. Maybe it's improved since then, but I've sort of used people who think langchain is good as a proxy for people who haven't used much ai?
simianwords 22 minutes ago
?
stavros 7 minutes ago
Can someone clarify how the signing can't be spoofed (or can it)? If we have the source, can't we just use the key to now sign requests from other clients and pretend they're coming from CC itself?
motbus3 11 minutes ago
I am curious about these fake tools.
They would either need to lie about consuming the tokens at one point to use in another so the token counting was precise.
But that does not make sense because if someone counted the tokens by capturing the session it would certainly not match what was charged.
Unless they would charge for the fake tools anyway so you never know they were there
pixl97 an hour ago
>Claude Code also uses Axios for HTTP.
Interesting based on the other news that is out.
alex000kim an hour ago
Oh right, I just saw https://news.ycombinator.com/item?id=47582220 will update the post with this link
greenavocado 27 minutes ago
What version?
Stagnant 21 minutes ago
1.13.6, so should not be affected by the malware
seanwilson 37 minutes ago
Anyone else have CI checks that source map files are missing from the build folder? Another trick is to grep the build folder for several function/variable names that you expect to be minified away.
simianwords 44 minutes ago
> The obvious concern, raised repeatedly in the HN thread: this means AI-authored commits and PRs from Anthropic employees in open source projects will have no indication that an AI wrote them. It’s one thing to hide internal codenames. It’s another to have the AI actively pretend to be human.
I don’t get it. What does this mean? I can use Claude code now without anyone knowing it is Claude code.
alex000kim 39 minutes ago
technically you're correct, but look at the prompt https://github.com/alex000kim/claude-code/blob/main/src/util...
it's written to _actively_ avoid any signs of AI generated code when "in a PUBLIC/OPEN-SOURCE repository".
Also, it's not about you. Undercover mode only activates for Anthropic employees (it's gated on USER_TYPE === 'ant', which is a build-time flag baked into internal builds).
simianwords 38 minutes ago
I don’t know what you mean. It just informs to not use internal code names.
robflynn 33 minutes ago
giancarlostoro 34 minutes ago
slopinthebag 42 minutes ago
I think it means OSS projects should start unilaterally banning submissions from people working for Anthropic.
simianwords 39 minutes ago
Why? What does this have to do with the leak
simianwords 40 minutes ago
Guys I’m somewhat suspicious of all the leaks from Anthropic and think it may be intentional. Remember the leaked blog about Mythos?
Analemma_ 2 minutes ago
It's possible, but Anthropic employees regularly boast (!) that Claude Code is itself almost entirely vibe-coded (which certainly seems true, based on the generally-low quality of the code in this leak), so it wouldn't at all surprise me to have that blow up twice in the same week. Probably it might happen with accelerating frequency as the codebase gets more and more unmanageable.
__blockcipher__ 18 minutes ago
I'm normally suspicious but honestly they've been so massively supply-constrained that I don't think it really benefits them much. They're not worried about getting enough demand for the new models; they're worrying about keeping up with it.
Granted, there's a small counterargument for mythos which is that it's probably going to be API-only not subscription
simianwords 9 minutes ago
Why would Claude code mention Mythos then
OfirMarom an hour ago
Undercover mode is the most concerning part here tbh.
anonymoushn 41 minutes ago
why
AnimalMuppet 32 minutes ago
Well, as a general rule, I don't do business with people who lie to me.
You've got a business, and you sent me junk mail, but you made it look like some official government thing to get me to open it? I'm done, just because you lied on the envelope. I don't care how badly I need your service. There's a dozen other places that can provide it; I'll pick one of them rather than you, because you've shown yourself to be dishonest right out of the gate.
Same thing with an AI (or a business that creates an AI). You're willing to lie about who you are (or have your tool do so)? What else are you willing to lie to me about? I don't have time in my life for that. I'm out right here.