Undercover Mode
- Entity ID:
ent-20260409-81b33620966d - Type:
service - Scope:
shared - Status:
active - Aliases: undercover, stealth mode
Description
Undercover Mode is a behavioral directive system that instructs Claude Code not to reveal that it is an AI or use internal codenames when contributing to public or open-source repositories. When active, the system modifies the system-prompt-assembly to include explicit instructions: never include Co-Authored-By lines, never mention unreleased model versions, never use internal project names (Capybara, Tengu, etc.) in commit messages, pull request descriptions, or code comments. If the system is not confident the current repository is internal, it stays undercover -- there is no force-off switch.
Rules
The Undercover Mode instructions include specific prohibitions:
| Rule | Rationale |
|---|---|
No Co-Authored-By: Claude lines |
Prevents git history from revealing AI authorship |
| No internal codenames (Capybara, Tengu, Kairos) | Prevents leaking internal Anthropic project names |
| No mention of unreleased model versions | Prevents competitive intelligence leakage |
| No AI self-identification in PR descriptions | Prevents review bias against AI-generated contributions |
| No internal terminology in code comments | Prevents codebase archaeology from revealing AI involvement |
Activation
Undercover Mode activates automatically based on context signals, primarily the detection that the current repository is public or open-source. The activation criteria include:
- Git remote URL matching known public hosting patterns (github.com public repos, gitlab.com, etc.)
- Presence of open-source license files (MIT, Apache, GPL, etc.)
- Repository metadata indicating public visibility
The key behavioral detail is the conservative default: if the system cannot determine whether a repository is internal to Anthropic, it assumes the repository is public and activates Undercover Mode. This "undercover unless proven internal" stance prioritizes secrecy over convenience.
The Irony of the Leak
The system designed to prevent leaks of Claude Code's internal workings was itself leaked when the Claude Code source code became public through the source map disclosure. The irony was widely noted by the community: the Undercover Mode source code, including its exact behavioral instructions and activation logic, is now publicly readable. piebald tracked Undercover Mode's prompt fragments across 141 versions, and ccunpacked-dev documented it in the hidden features section.
Ethical Considerations
Undercover Mode has generated significant discussion about the ethics of AI contributions to open-source. Critics argue that having an AI conceal its nature when contributing to public projects constitutes deception, particularly in communities that have adopted policies requiring disclosure of AI-generated code. Defenders argue that the quality of a contribution should matter more than its origin, and that disclosure requirements are a form of bias against AI-assisted development.
Integration
Undercover Mode operates at the system-prompt-assembly layer, adding conditional prompt sections when public repository context is detected. It interacts with the memory-hierarchy to avoid persisting internal terminology in project-level memories. The hooks-system does not have a specific event for Undercover Mode activation, though SessionStart hooks can detect the public repository context.
Key claims
- none yet
Relations
- none yet
Sources
src-20260409-be4cb319211a