Build Scanner Codename Paradox

• Entity ID: ent-20260419-dcc7a2acd402
• Type: concept
• Scope: shared
• Status: active
• Aliases: hex-encoded capybara paradox, string scanner vs source map

Description

Anthropic's CI/CD pipeline runs a grep-based scanner on compiled binaries that flags internal codenames (Capybara, Fennec, Numbat, Tengu) to keep them out of shipping artifacts. 'capybara' was hex-encoded via String.fromCharCode(99,97,112,121,98,97,114,97) specifically to evade this scanner. The scanner succeeded at its designed purpose (no literal strings in the compiled binary) but the source map shipped the entire unobfuscated TypeScript tree, exposing every codename at full resolution. Architectural lesson: security controls scoped to one threat vector offer zero protection against a qualitatively different vector.

Key claims

• The hex-encoded capybara defeats the compiled-binary scanner but not the source map
• Security-control scoping must match the threat vectors it claims to cover

Relations

• Build Scanner Codename Paradox --[related_to]--> Model Codenames

Sources

src-20260409-5acfec94bd6e