[commanderkeen08]

No. Do you realize how much of a joke Claude code is? Under the hood. How they implemented client auth?

Well let me tell you

https://github.com/anomalyco/opencode/blob/dev/packages/open...

You literally send your first message “you are Claude code”

The fact that this ever worked was insane.

Headline is more like anthropic vibes a bug and finally catches it.

[krackers]

Is there any other way to do it though? Even if they implemented some form of auth logic, since it's all client side anyone could spoof it. The only real way to distinguish Claude Code from non-Claude Code is behavioral analysis (e.g. system prompt, set of tools, etc.). Or engage in a cat and mouse game of increasingly obfuscated challenge/auth.

[justinsaccount]

That sort of mechanism is not a "joke" and is often used for trademark/legal reasons, not technical ones.

[ronsor]

Both Nintendo and Sega tried that, and it did not work as they legally intended.

[zerohp]

The joke is that AI companies pretend to care about doing legal things.

[firloop]

Tonight we are all Claude Code, Anthropic's official CLI for Claude.

[koakuma-chan]

There is no way to prevent people from using a custom client.

[notpushkin]

There are ways to make it painful. Though it would probably be painful for “legit” users, too.

[gpm]

Game developers disagree...

[koakuma-chan]

Time to add Denuvo to Claude Code?

[serf]

yeah, and it's been an easy win for game developers and smooth sailing on that front, too.

..right?

[skeptic_ai]

So now you just need to remove the “read” tool to authenticate?

[_flux]

Or call the tool "Read" and it works, according to an issue comment.

But actually the solution is checking out how the official client does it and then doing the same steps, though if people start doing this then Anthropic will probably start making it more difficult to monitor and reverse engineer.

It might not matter, as some people have a lot of expertice in this, but people might still get the message and move away to alternatives.

[realharo]

The endgame is a small background agent that runs Claude Code every once in a while, inspects its traffic, and adjusts on the fly.

[_flux]

Then they'd start pinning certs and hiding keys inside the obfuscated binary to make traffic inspection harder?

And if an open source tool would start to use those keys, their CI could just detect this automatically and change the keys and the obfuscation method. Probably quite doable with LLMs..

[realharo]

Without breaking legitimate clients?

At some point it becomes easier to just reevaluate the business model. Or just make a superior product.