Claude Code Source Leak Reveals Anti-Distillation, Undercover Mode, and Frustration Detection

Anthropic accidentally shipped a .map file with their Claude Code npm package containing the full, readable source code of the CLI tool. The package has since been pulled, but the code was widely mirrored and analyzed on Hacker News. This follows another recent leak of Anthropic's model spec.
Anti-distillation: injecting fake tools to poison copycats
In claude.ts (lines 301-313), there's a flag called ANTI_DISTILLATION_CC. When enabled, Claude Code sends anti_distillation: ['fake_tools'] in its API requests, telling the server to silently inject decoy tool definitions into the system prompt. This is designed to pollute training data if someone is recording API traffic to train competing models.
The activation requires four conditions: the ANTI_DISTILLATION_CC compile-time flag, the CLI entrypoint, a first-party API provider, and the tengu_anti_distill_fake_tool_injection GrowthBook flag returning true. A MITM proxy that strips the anti_distillation field from request bodies would bypass it entirely. Setting the CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS environment variable to a truthy value disables the whole mechanism.
A second anti-distillation mechanism in betas.ts (lines 279-298) implements server-side connector-text summarization. When enabled, the API buffers the assistant's text between tool calls, summarizes it, and returns the summary with a cryptographic signature. This means API traffic recordings would only capture summaries, not full reasoning chains.
Undercover mode: AI that hides its AI
The file undercover.ts implements a mode that strips all traces of Anthropic internals when Claude Code is used in non-internal repos. It instructs the model to never mention internal codenames like "Capybara" or "Tengu," internal Slack channels, repo names, or the phrase "Claude Code" itself. Line 15 states: "There is NO force-OFF. This guards against model codename leaks."
You can force it ON with CLAUDE_CODE_UNDERCOVER=1, but there's no way to force it off. In external builds, the entire function gets dead-code-eliminated to trivial returns. This means AI-authored commits and PRs from Anthropic employees in open source projects will have no indication that an AI wrote them.
Frustration detection via regex
userPromptKeywords.ts contains a regex pattern that detects user frustration: /\b(wtf|wth|ffs|omfg|shit(ty|tiest)?|dumbass|horribl (incomplete in source). This suggests the system attempts to identify frustrated users through keyword matching.
Other findings
- Native client attestation below the JS runtime
- 250,000 wasted API calls per day
- KAIROS: an unreleased autonomous agent mode
The leak occurred just ten days after Anthropic sent legal threats to OpenCode, forcing them to remove built-in Claude authentication because third-party tools were using Claude Code's internal APIs to access Opus at subscription rates instead of pay-per-token pricing.
📖 Read the full source: HN AI Agents
👀 See Also

AI Engineers Aren't Safe From Being Replaced by AI
As foundation models like Meta's DINO become general-purpose, tailored AI engineering roles face cannibalization. The author argues that most AI engineering jobs will be replaced sooner than other developer roles.

OpenClaw Users Report Model Replacements After Anthropic Ban
A community survey of Reddit, X, YouTube, and GitHub reveals GPT-5.x as the most-adopted replacement for Claude in OpenClaw workflows, with Kimi K2.5 leading community votes and hybrid setups gaining popularity.

Microsoft releases Phi-4-reasoning-vision-15B multimodal model with training insights
Microsoft Research has released Phi-4-reasoning-vision-15B, a 15 billion parameter open-weight multimodal reasoning model available through Microsoft Foundry, HuggingFace, and GitHub. The model balances reasoning power with efficiency and excels at math/science reasoning and UI understanding.

Exploring the New Chat Layer Built for AI Agents: Community Feedback Wanted!
A new chat layer has been introduced for AI agents, and the creators are inviting feedback from the OpenClaw community. Discover the potential of this innovative tool.