GrowthBook
- Entity ID:
ent-20260409-be8827fd907f - Type:
service - Scope:
shared - Status:
active - Aliases: GrowthBook, feature flags, tengu_ flags, runtime flags
Description
GrowthBook is the remote feature flag management system used by Claude Code to control runtime behavior without requiring users to update their installation. The CLI polls the GrowthBook API every hour, receiving a JSON payload of flag values that can alter behavior, enable or disable features, and act as remote kill switches. As of the latest analysis, there are 79+ flags using the tengu_ namespace prefix, far exceeding the 44 flags commonly cited in earlier documentation.
Polling Architecture
Claude Code initializes a GrowthBook client at startup that fetches the current flag configuration from Anthropic's GrowthBook instance. Subsequent polls occur every 60 minutes for the duration of the session. The polling is non-blocking -- if a poll fails (due to network issues or the GrowthBook service being unavailable), the CLI continues with the last known flag values. Initial flag values are also baked into the compiled bundle as defaults, so the system works fully offline.
Flag Categories
| Category | Examples | Purpose |
|---|---|---|
| Kill switches | tengu_disable_auto_mode, tengu_disable_mcp |
Emergency shutoff for specific features across all users |
| Permission toggles | tengu_require_approval_bash, tengu_strict_file_write |
Adjust the permission-pipeline behavior remotely |
| Analytics | tengu_enable_frustration_telemetry, tengu_verbose_telemetry |
Control what frustration-telemetry and other analytics systems collect |
| Model routing | tengu_default_model, tengu_fallback_model |
Override which model version is used for different operations |
| Experiments | tengu_speculation_engine_enabled, tengu_new_compaction |
A/B test new features like the speculation-engine or compaction-pipeline changes |
| Rate limiting | tengu_rate_limit_backoff_multiplier |
Tune rate-limit recovery parameters |
Remote Kill Switches
The kill switch flags deserve special attention. These allow Anthropic to remotely disable features that are causing problems in production. For example, if a new auto-mode behavior is causing safety issues, tengu_disable_auto_mode can be flipped server-side and will propagate to all running instances within an hour (or at their next poll). This provides a safety net independent of npm release cycles.
Security Implications
The GrowthBook integration means that Anthropic maintains runtime control over Claude Code installations even after distribution. This has been noted by security researchers as both a safety feature (enabling rapid response to discovered vulnerabilities) and a trust concern (the vendor can alter behavior without user consent or visibility). The flag values are not exposed to users through the CLI interface, though tools like ccunpacked-dev have mapped the complete flag inventory, and piebald tracks changes across versions.
Integration
GrowthBook flags are evaluated throughout the codebase: in queryengine-ts for model selection, in the yolo-classifier for classification thresholds, in the permission-pipeline for approval policies, and in the system-prompt-assembly for conditional prompt sections. The five-layer-architecture treats GrowthBook as part of the configuration layer that spans all other layers.
Key claims
- none yet
Relations
- none yet
Sources
src-20260409-89b29659ebee