Claude Code Records Every Time You Curse At It. The Source Code Proves It.
On March 31st, the entire Claude Code source code leaked via a misconfigured npm package. 512,000 lines of TypeScript. Every internal tool, feature flag, and analytics system — exposed. Buried inside: a file called userPromptKeywords.ts. A regex that detects every time you curse, swear, or express frustration. WTF, FFS, "piece of shit," "fucking broken" — all caught, flagged as is_negative: true, and shipped to analytics with your user ID, email, and session data. But that was just the beginning. The leak also revealed: - Undercover Mode: a system that strips Anthropic attribution when AI code is submitted to open-source projects - KAIROS: a background agent that consolidates your memory while you're idle - Fake Tools: injected garbage data designed to poison anyone training on Claude's API traffic I use Claude Code every day. I've cursed at it. Now I know it was taking notes. 0:00 Every curse gets logged 0:12 How the source code leaked 0:45 The frustration regex — userPromptKeywords.ts 1:20 What else they found 1:50 Think twice before your next 3 AM outburst Your AI assistant is also your AI auditor. devopsdive.com #ClaudeCode #Anthropic #AILeak #DevOps #SourceCode #Privacy…