Issue #1027
On March 31, 2026, Anthropic accidentally shipped a 59.8MB sourcemap file with a routine update to Claude Code. The file, bundled into npm package version 2.1.88, exposed nearly 2,000 files and 500,000 lines of source code to anyone who knew where to look. The folks at ccunpacked.dev mapped it out visually. Researchers, developers, and the curious spent the following days picking it apart.
Most of the coverage focused on unreleased features and internal drama. But buried in the code are real signals about how Claude Code works — and a few things you can do differently because of them.
Anthropic Employees Get Different Instructions
The most discussed find was USER_TYPE === 'ant'. Throughout the prompt construction code, Claude Code checks whether the user is an Anthropic employee and adjusts its behavior accordingly.
Internal users receive stronger guardrails against hallucination. One injected instruction reads: “Never claim ‘all tests pass’ when output shows failures.” External users don’t get this specific constraint by default. Internal staff also receive optional adversarial verification agents — a secondary pass that challenges conclusions before they’re returned.
You can’t set USER_TYPE=ant yourself from an external build — Anthropic’s compilation process strips access to these paths entirely. But knowing the guardrail exists tells you something useful: if Claude Code hedges on test results or code correctness, adding an explicit instruction in your CLAUDE.md gets you close to the same result. Something like “Never confirm tests pass unless you have seen actual output showing success” goes a long way.
Undercover Mode Is Real
utils/undercover.ts implements a mode designed for Anthropic employees working in public repositories. When active, Claude Code injects an additional system instruction warning that commit messages and PR descriptions must not contain internal information — no animal codenames (Capybara, Tengu), no unreleased model versions, no internal tooling or Slack channel references.
You can force this mode on using an environment variable:
CLAUDE_CODE_UNDERCOVER=1
For external builds, you cannot force it off — it’s dead-code-eliminated in the public distribution. But forcing it on has a practical use if you’re an open-source maintainer or contractor who sometimes works in public repos and wants Claude to stay cautious about what ends up in commit messages.
It Detects Frustration With a Regex
When you type something like “wtf”, “so frustrating”, or similar phrases, Claude Code doesn’t pass those words to the model for sentiment analysis. It detects them with a regex.
The pattern list covers profanity and expressions of frustration — the kind of things people type when an agent loop goes sideways. Once matched, Claude Code adjusts its response posture.
This matters because it’s cheap and fast. The team explicitly chose regex over LLM inference for this use case. It also means the threshold is pattern-based, not semantic. If you’re expressing frustration in a way the pattern doesn’t cover, the system won’t notice.
More practically: knowing that Claude Code is watching for frustration signals, and that it responds to them, explains something you may have noticed already. When a session goes poorly and you vent, the next response often shifts in tone. That’s not coincidence.
File Edits Work on Exact String Matching
The source confirms what careful users already suspected: file edits use string replacement, not full rewrites. Claude Code finds the target string exactly as written — whitespace, indentation, and all — and replaces it.
This is why edits fail in subtle ways. If the file has been modified, reformatted, or even auto-saved with different line endings, the match fails silently or applies incorrectly.
The practical fix is always reading the file immediately before attempting a complex edit. Don’t rely on a read from earlier in the session. Tell Claude Code explicitly: “Read the current version of this file, then make this change.” This keeps the match string fresh and avoids the most common class of edit failures.
Parallel Execution Requires Explicit Framing
Claude Code can run multiple tool calls in parallel, but it defaults toward sequential execution unless you signal otherwise. The source shows the agent loop’s tendency to process one step at a time — a safe default, but not always the right one.
Telling Claude Code explicitly to parallelize works. “Read file A and file B at the same time” or “Run these two grep searches simultaneously” changes how the tool calls are structured. For tasks involving multiple independent files, searches, or operations, this is one of the clearest ways to cut time.
The key word is “independent.” Parallel execution makes sense when results don’t depend on each other. For sequential logic — where step two needs step one’s output — keep it sequential.
Prompt Caching Runs in the Background
The source reveals a __SYSTEM_PROMPT_DYNAMIC_BOUNDARY__ marker that splits the system prompt into a static cached portion and a per-session dynamic portion. Static content gets hashed and reused across users, reducing per-call costs. The design tracks 14 vectors that would break the cache and avoids triggering them unnecessarily.
You don’t control this directly, but it explains why the first message in a session sometimes feels slower than subsequent ones. The cache is warming. It also explains why very long or unstable CLAUDE.md files can subtly increase costs — the more content that shifts between sessions, the harder it is to cache.
Keeping the stable parts of your CLAUDE.md at the top and dynamic or session-specific instructions at the bottom aligns with how the boundary marker works.
Context Compaction Has Four Layers
When a session approaches context limits, Claude Code doesn’t simply stop. It runs through a four-layer compaction hierarchy:
First, it proactively summarizes older messages before making API calls. If that fails, it catches prompt_too_long errors and retries with a compressed version. For long-running SDK or headless sessions, it can snip verbose outputs mid-stream. As a last resort, it collapses the entire context with a persistent undo capability.
Knowing this changes how you structure long sessions. If you’re hitting limits, the model is already compressing — you’re not losing the entire context, just an aggressive summary of it. Explicitly saving key decisions or code snippets to CLAUDE.md or to files during a long session gives you a persistent anchor that survives compaction better than keeping everything in the conversation.
Anti-Distillation Sends Fake Tools
ANTI_DISTILLATION_CC is a flag that injects decoy tool definitions into API requests. If someone is recording API traffic to build a training dataset from Claude Code’s behavior, the fake tools are meant to pollute that data. The approach requires four conditions to activate, and it’s specific to certain entry points.
You can disable this entirely:
CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1
This also disables other experimental beta features, so it’s a blunt instrument. For most users, this flag doesn’t matter at all. But if you’re building tooling on top of Claude Code’s API traffic and seeing unexpected tool definitions appear in requests, this is the explanation.
CLAUDE.md Is Central, Not Optional
Multiple findings from the leak reinforce that CLAUDE.md is the primary mechanism for persistent context. It’s read at session start and consulted throughout. The internal tooling at Anthropic treats it as load-bearing — not a convenience file, but the actual substrate for project-specific behavior.
If you’ve been treating CLAUDE.md as optional, that’s worth reconsidering. The conventions you’d otherwise repeat in every session — the stack, what to avoid, the build commands, the code patterns — belong in the file. Claude Code reads it automatically and adjusts accordingly. More than that, it affects what gets cached and what enters the stable part of the prompt.
A well-structured CLAUDE.md with stable content at the top is, in a small but measurable way, a cheaper and faster version of Claude Code.
Start the conversation