Round 10: Quality Gap, CVE, Grep Over RAG

• Source ID: src-20260409-cbf9b6837f5f
• Kind: analysis
• Scope: shared
• Origin: community-analysis
• Raw path: sources/raw/round-10-quality-gap-cve-grep-over-rag__src-20260409-cbf9b6837f5f.md
• Status: active

Summary

Community analysis document covering Claude Code architecture, internals, and leak analysis. See extracted entities and claims below.

Tags

security quality permissions

Extracted entities

• Three-Layer Verification (service): Employee-only (USER_TYPE=ant) post-edit verification system. Agent does work ->
• Grep Over RAG (decision): Architectural decision to abandon RAG with Voyage embeddings in favor of agentic
• Bash Security Pipeline (service): 25+ validators in bashSecurity.ts (2,593 lines / 100KB) that evaluate shell comm

Extracted claims

• [decision] Claude Code abandoned RAG for agentic grep after testing both
• [fact] Claude Code commits leak secrets at 3.2% rate (2x baseline)
• [lesson] Safety mechanism and attack surface are the same thing
• [fact] CVE: 50-subcommand cap causes deny-to-ask downgrade
• [fact] 29-30% false-claims rate acknowledged in internal comments
• [fact] Eight architectural design principles govern Claude Code

Extracted relations

• Permission Pipeline --[uses]--> Bash Security Pipeline
• Claude Code --[contains]--> Bash Security Pipeline
• Claude Code --[contains]--> Three-Layer Verification
• Claude Code --[implements]--> Grep Over RAG