The full conversation is preserved in the JSONL file, and messages
  are filtered before being sent to the API.

  Key mechanisms:

  1. JSONL is append-only — old pre-compaction messages are never deleted. New messages (boundary
  marker, summary, attachments) are appended after compaction.
  2. Messages have flags controlling API visibility:
    - isCompactSummary: true — marks the AI-generated summary message
    - isVisibleInTranscriptOnly: true — prevents a message from being sent to the API
    - isMeta — another filter for non-API messages
    - getMessagesAfterCompactBoundary() returns only post-compaction messages for API calls
  3. After compaction, the API sees only:
    - The compact boundary marker
    - The summary message
    - Attachments (file refs, plan, skills)
    - Any new messages after compaction
  4. Three compaction types exist:
    - Full compaction — API summarizes all old messages
    - Session memory compaction — uses extracted session memory as summary (cheaper)
    - Microcompaction — clears old tool result content when cache is cold (>1h idle)

  NEVER include in commit messages or PR descriptions:
  - The phrase "Claude Code" or any mention that you are an AI
  - Co-Authored-By lines or any other attribution

  BAD (never write these):
  - 1-shotted by claude-opus-4-6
  - Generated with Claude Code
  - Co-Authored-By: Claude Opus 4.6 <…>

[0]: https://github.com/chatgptprojects/claude-code/blob/642c7f94...

The pet you get is generated based off your account UUID, but the algorithm is right there in the source, and it's deterministic, so you can check ahead of time. Threw together a little app to help, not to brag but I got a legendary ghost https://claudebuddychecker.netlify.app/

"Anti-distillation: injecting fake tools to poison copycats"

Plot twist: Chinese competitors end up developing real, useful versions of Claude's fake tools.

Interesting!

It did not have a copy of the leaked code...

Anthropic thinking 1) they can unring this bell, and 2) removing forks from people who have contributed (well, what little you can contribute to their repo), is ridiculous.

---

DMCA: https://github.com/github/dmca/blob/master/2026/03/2026-03-3...

GitHub's note at the top says: "Note: Because the reported network that contained the allegedly infringing content was larger than one hundred (100) repositories, and the submitter alleged that all or most of the forks were infringing to the same extent as the parent repository, GitHub processed the takedown notice against the entire network of 8.1K repositories, inclusive of the parent repository."

On that note, this article is also pretty obviously AI-generated and it's unfortunate the author didn't clean it up.

Edit: Everyone is responding "comments are good" and I can't tell if any of you actually read TFA or not

“BQ 2026-03-10: 1,279 sessions had 50+ consecutive failures (up to 3,272) in a single session, wasting ~250K API calls/day globally.”

This is just revealing operational details the agent doesn't need to know to set `MAX_CONSECUTIVE_AUTOCOMPACT_FAILURES = 3`

Sometimes a regex is the right tool.

I’d argue that in this case, it isn’t. Exhibit 1 (from the earlier thread): https://github.com/anthropics/claude-code/issues/22284. The user reports that this caused their account to be banned: https://smackernews.com/item/47588970 HN

Maybe it would be okay as a first filtering step, before doing actual sentiment analysis on the matches. That would at least eliminate obvious false positives (but of course still do nothing about false negatives).

The multi-agent coordinator mode in coordinatorMode.ts is also worth a look. The whole orchestration algorithm is a prompt, not code.

So much for langchain and langraph!! I mean if Anthropic themselves arent using it and using a prompt then what’s the big deal about langchain

This was the most-discussed finding in the HN thread. The general reaction: an LLM company using regexes for sentiment analysis is peak irony.

Is it ironic? Sure. Is it also probably faster and cheaper than running an LLM inference just to figure out if a user is swearing at the tool? Also yes. Sometimes a regex is the right tool.

I'm reading an LLM written write up on an LLM tool that just summarizes HN comments.

I'm so tired man, what the hell are we doing here.

The frustration regex is funny but honestly the right call. Running an LLM call just to detect "wtf" would be ridiculous.

KAIROS is what actually caught my attention. An always-on background agent that acts without prompting is a completely different thing from what Claude Code is today. The 15 second blocking budget tells me they actually thought through what it feels like to have something running in the background while you work, which is usually the part nobody gets right.

It also somehow messed up my alacritty config when I first used it. Who knows what other ~/.config files it modifies without warning.

- Claude Chat: built like it's 1995, put business logic in the button click() handler. Switch to something else in in the UI and a long running process hard stops. Very Visual Basic shovelware.

- Claude Cowork: same but now we're smarter, if you change the current convo we don't stop the underlying long-running process. 21st century FTW!

- Claude Code: like chat, but in the CLI

- Claude Dispatch: an actual mobile client app, not the whole thing bundled together.

- Daemon mode: proper long-running background process, still unreleased.

Claude Code also uses Axios for HTTP.

Interesting based on the other news that is out.

In the span of basically a week, they accidentally leaked Mythos, and then now the entire codebase of CC. All while many people are complaining about their usage limits being consumed quickly.

Individually, each issue is manageable (Because its exciting looking through leaked code). But together, it starts to feel like a pattern.

At some point, I think the question becomes whether people are still comfortable trusting tools like this with their codebases, not just whether any single incident was a mistake.

" ...accidentally shipping your source map to npm is the kind of mistake that sounds impossible until you remember that a significant portion of the codebase was probably written by the AI you are shipping.”

Not only that, wouldn't allow other CLIs to be used either.

I wrote a short piece explaining the 3 policy implications for teams using Claude Code (or any AI coding tool) — without the technical jargon: https://www.aipolicydesk.com/blog/claude-code-leak-what-ceo-...

The short version: rotate API keys as a precaution, check what audit logs you actually have, and add a clause to your AI policy requiring vendor disclosure of new autonomous capabilities before they get enabled.

The more code gets generated by AI, won’t that mean taking source code from a company becomes legal? Isn’t it true that works created with generative AI can’t be copyrighted?

I wonder if large companies have throught of this risk. Once a company’s product source code reaches a certain percentage of AI generation it no longer has copyright. Any employee with access can just take it and sell it to someone else, legally, right?

The obvious concern, raised repeatedly in the HN thread: this means AI-authored commits and PRs from Anthropic employees in open source projects will have no indication that an AI wrote them. It’s one thing to hide internal codenames. It’s another to have the AI actively pretend to be human.

I don’t get it. What does this mean? I can use Claude code now without anyone knowing it is Claude code.

So I spent my morning reading through the HN comments and leaked source.

This was one of the first things people noticed in the HN thread.

The obvious concern, raised repeatedly in the HN thread

This was the most-discussed finding in the HN thread.

Several people in the HN thread flagged this

Some in the HN thread downplayed the leak

when the original HN post is already at the top of the front page...why do we need a separate blogpost that just summarizes the comments?

Plus there's demand for skilled TS software devs that don't ship your company's roadmap using a js.map

20,000 agents and none of them caught it...

250,000 wasted API calls per day

How much approximate savings would this actually be?

Frustration detection via regex (yes, regex)

/\b(wtf|wth|ffs|omfg|shit(ty|tiest)?|dumbass|horrible|awful| piss(ed|ing)? off|piece of (shit|crap|junk)|what the (fuck|hell)| fucking? (broken|useless|terrible|awful|horrible)|fuck you| screw (this|you)|so frustrating|this sucks|damn it)\b/

Personally, I'm generally polite even towards AI and even when frustrated. I simply point out the its mistakes instead of using emotional words.

I'd discovered, perhaps mid-2025, that Cursor was noticeably better at fixing bugs if I started cursing at it. Better yet, after a while it would seem to break and start cursing itself ("Oh yes, I see the f*** problem now" and so on). Hilarity ensued.

What a world, where cursing at your machines can make them get their act together.

They would either need to lie about consuming the tokens at one point to use in another so the token counting was precise.

But that does not make sense because if someone counted the tokens by capturing the session it would certainly not match what was charged.

Unless they would charge for the fake tools anyway so you never know they were there

Prompts are not hard constraints—they can be interpreted, deprioritized, or reasoned around, especially as models become more capable.

From what’s visible, there’s no clear evidence of structural governance like voting systems, hard thresholds, or mandatory human escalation. That means control appears to be policy (prompts), not enforcement (code).

This raises the core issue: If governance is “prompts all the way down,” it’s not true governance—it’s guidance.

And as model capability increases, that kind of governance doesn’t get stronger—it becomes easier to bypass without structural constraints.

Has anyone actually implemented structural governance for agent swarms — voting logic, hard thresholds, REQUIRES_HUMAN as architecture not instruction?

Anti-distillation: injecting fake tools to poison copycats

Does this mean `huggingface.co/Jackrong/Qwen3.5-27B-Claude-4.6-Opus-Reasoning-Distilled` is unusable? Had anyone seen fake tool calls working with this model?

And so now the copy cats can ofc claim this is totally not a copy at all, it's actually Opus. No license violation, no siree!

It's fucking hilarious is what it is, it's just too much.

“Do not rubber-stamp weak work” and “You must understand findings before directing follow-up work. Never hand off understanding to another worker.”

:-D

As one Twitter reply put it: “accidentally shipping your source map to npm is the kind of mistake that sounds impossible until you remember that a significant portion of the codebase was probably written by the AI you are shipping.”

To err is human. AI is trained on human content. Hence, to err is AI. The day it stops making mistakes will be the beginning of the end. That would mean the existence of a consciousness that has no weakness. Great if it’s on your side. Terrible otherwise.

Genius level AI marketing

change the code!!!! The previous comment was NOT ABOUT THE DESCRIPTION!!!!!!! Add to the {implementation}!!!!! This IS controlled BY CODE. *YOU* _MUST_ CHANGE THE CODE!!!!!!!!!!!

Edit: it gets sent to Anthropic via telemetry and it ends up on the fuck chart!

https://old.reddit.com/r/ClaudeCode/comments/1s99wz4/boris_t...

...what we did at Snap was just wait for 8-24 hours before acting on a signal, so as not to provide an oracle to attackers. Much harder to figure out what you did that caused the system to eventually block your account if it doesn't happen in real-time.

(Snap's binary attestation is at least a decade ahead of this, fwiw)

1. They are loved, and for good reasons, Sonnet 4 was groundbreaking but Opus 4.6 was for many a turning point in realizing Agentic SDLC real potential. People moved from Cursor to Claude Code in droves, they loved the CLI approach (me too), and the LOVED the subsidized $200 max pro plan (what's not to love, pay $200 instead of $5000 to Cursor...) They are the underdog, the true alternative to "evil" OpenAI or "don't be evil" Google, really standing up against mass surveillance or use of AI for autonomous killing machines. They are standing for the little guy, they are the "what OpenAI should have been" (plus they have better models...) They are the Apple of the AI era.

2. They are too loved, so loved that it protects them from legitimate criticism. They make GitHub's status page look good, and they make comcast customer service look like Amazon's. (At least Comcast has customer service), They are "If Dario shoots a customer in the middle of 5th avenue it won't hurt their sales one bit" level of liked. The fact they have the best models (for now) might be their achilles heel, because it hides other issues that might be in the blindspot. And as soon as a better model comes out from a competitor (and it could happen... if you recall OpenAI were the undisputed kinds with GPT 4o for a bit) these will become much more obvious.

3. This can hurt them in the long run. Eventually you can't sustain a business where you have not even 2 9s of SLA, can't handle customer support or sales (either with humans or worse for them - if they can't handle this with AI how do they expect to sell their own dream where AI does everything?). I'm sure they'll figure it out, they have huge growth and these are growth pains, but at some point, if they don't catch up with demand, the demand won't stay there forever the moment OpenAI/Google/someone else release a better model.

4. They inadvertently made all of the cybersecurity sector a potential enemy. Yes, all of them use Anthropic models, and probably many of them use Claude Code, but they know they might be paying the bills of their biggest competitor. Their shares drop whenever Anthropic even hints of a new model. Investors cut their valuations because they worry Anthropic will eat them for breakfast. I don't know about you, but if you ask me, having the people who live and breath security indirectly threatened by you, is not the best thing in the world, especially when your source code is out in the open for them to poke holes in...

5. the SaaS pocalypse - many of Claude Code's customers are... SaaS companies, that the same AI is "going to kill", again, if there was another provider that showed a bit more care about the entire businesses it's going to devour, if they also had even marginally better models... would the brand loyalty stay?

Side note: I'm an Claude Enterprise customer, I can't get a human to respond to anything, even using the special "enterprise support" methods, and I'm not the only one, I know people who can't get a sales person, not to mention support, to buy 150 + seats (Anthropic's answer was - release self serve enterprise onboarding, which by the way is "pay us $20 which does not include usage, usage is at market prices, same as getting an API key", you pay for convenience and governance, p.s. you can't cancel enterprise, it's 20 seats min, for 1 year, in advance, so make sure you really need it, the team plan is great for most cases but it lacks the $200 plan, only the $100 5x plan).