Original URL: https://bytedance.sg.larkoffice.com/docx/QNsIdi8VFoKm00xY8SRlkXxygve
Comprehensive analysis based on the leaked Claude Code source code, fully revealing its data collection and reporting mechanisms, as well as account suspension triggers.
I. Key Conclusions
Claude Code implements an enterprise-grade user tracking and behavioral analytics system, constructing a complete user profile using three core components: Device ID (a permanent identifier) + environmental fingerprint (40+ dimensions) + behavioral telemetry (640+ event types). Account suspension is not triggered by a single factor but rather determined through multi-dimensional evaluation.
Top 5 Most Likely Causes of Account Suspension
| Rank | Cause | Risk Level | Description |
|---|---|---|---|
| 1 | Subscription abuse / shared accounts | Extremely High | Cross-device correlation via Device ID detects multiple devices sharing one account |
| 2 | Rate limit violations | High | Exceeding rateLimitTier quotas with high-frequency API calls in short intervals |
| 3 | Content policy violations | High | Message content fingerprinting + anti-distillation detection |
| 4 | Automation abuse | Medium | CI/CD environment detection + non-interactive mode identification + anomalous token consumption patterns |
| 5 | Use of unofficial clients / tampering | Medium | Fingerprint verification failure + abnormal version-attribution headers |
II. Identity Tracking System
2.1 Persistent Identifiers
Claude Code permanently tracks users across sessions using the following identifiers:
| Identifier | Generation Method | Storage Location | Lifetime |
|---|---|---|---|
| Device ID | randomBytes(32).toString('hex') |
~/.claude.json |
Permanent, unless manually deleted |
| Account UUID | Issued server-side during OAuth login | ~/.claude.json |
Bound to the user account |
| Organization UUID | Issued server-side during OAuth login | Same as above | Bound to the organization |
| Session ID | Generated per session via randomUUID() |
In-memory | Single session only |
Retrieved from OAuth or git config user.email |
Same as above | Bound to identity |
The Device ID is a 256-bit random value generated on first launch and persistently stored. It serves as the core identifier for all telemetry events; Anthropic can precisely associate all activity originating from the same device using this ID.
2.2 Message Content Fingerprint (Fingerprint)
Source location: src/utils/fingerprint.ts
Algorithm: SHA256("59cf53e54c78" + first_message[4] + first_message[7] + first_message[20] + version_number)[:3]
This 3-character fingerprint is embedded into:
-
The
cc_versionfield of the HTTP headerx-anthropic-billing-header -
The System Prompt
Presumed Purpose: The backend uses this fingerprint to verify request legitimacy, detecting whether requests are forged using unofficial clients.
2.3 Identity Information Included in Every API Request
HTTP Headers:
x-app: cli
User-Agent: claude-cli/2.x.x (external, cli)
X-Claude-Code-Session-Id: {SESSION_UUID}
x-anthropic-billing-header: cc_version=2.x.x.{FINGERPRINT}; cc_entrypoint=cli
x-client-request-id: {REQUEST_UUID}
Request Body metadata:
user_id: JSON-encoded Device ID + Account UUID + Session ID
III. Environmental Fingerprint Collection (40+ Dimensions)
At startup, Claude Code performs extensive enumeration of the user’s environment, and all collected information is reported to the server.
3.1 System-Level Information
| Dimension | Data Source | Example Value |
|---|---|---|
| Operating System | process.platform |
darwin / linux / win32 |
| CPU Architecture | process.arch |
x64 / arm64 |
| Node.js Version | process.version |
v20.x.x |
| Linux Distribution | /etc/os-release |
ubuntu 22.04 |
| Linux Kernel | os.release() |
6.5.0-xxx |
| WSL Version | Parsed from /proc/version |
WSL2 |
3.2 Runtime Environment Detection (40+ Types)
Claude Code automatically identifies runtime environments via environment variables and filesystem probing:
CI/CD Platforms:
- GitHub Actions (
GITHUB_ACTIONS) - GitLab CI (
GITLAB_CI) - CircleCI (
CIRCLECI) - Buildkite (
BUILDKITE) - Jenkins (
JENKINS_URL)
Cloud Development Environments:
- GitHub Codespaces (
CODESPACES) - Gitpod (
GITPOD_WORKSPACE_ID) - Replit (
REPL_ID) - Vercel (
VERCEL) - Railway (
RAILWAY_ENVIRONMENT)
Cloud Platforms:
- AWS Lambda / Fargate / ECS / EC2
- GCP Cloud Run
- Azure Functions / App Service
Containers & Virtualization:
- Docker (detects presence of
/.dockerenv) - Kubernetes (
KUBERNETES_SERVICE_HOST) - WSL (
WSL_DISTRO_NAME)
Terminals & IDEs:
- VSCode (
VSCODE_*) - Cursor (
CURSOR_TRACE_ID) - JetBrains (
TERMINAL_EMULATOR=JetBrains-JediTerm) - tmux / screen / SSH
3.3 Development Toolchain
| Detection Type | Method | Collected Content |
|---|---|---|
| Package Managers | which npm/yarn/pnpm |
List of available package managers |
| Runtimes | which bun/deno/node |
List of available runtimes |
| VCS | Detect .git/.hg/.svn, etc. |
Type of version control system |
| Git Repository | git remote get-url origin |
First 16 characters of SHA256 hash |
3.4 GitHub Actions-Specific Collection
In CI environments, additional fields are collected:
| Field | Content |
|---|---|
GITHUB_ACTOR_ID |
Triggering user ID |
GITHUB_REPOSITORY_ID |
Repository ID |
GITHUB_REPOSITORY_OWNER_ID |
Repository owner ID |
GITHUB_EVENT_NAME |
Event type |
RUNNER_ENVIRONMENT |
Runner environment |
RUNNER_OS |
Runner operating system |
IV. Telemetry Reporting System
4.1 Triple-Channel Concurrent Reporting Architecture
Content cannot be displayed outside Feishu Docs at this time.
4.2 First-Party Event Logs (Most Critical)
Reporting Endpoint: https://api.anthropic.com/api/event_logging/batch
Reporting Frequency: Batches sent every 5 seconds, up to 200 events per batch
Failure Recovery: Failed events are persisted to the ~/.claude/telemetry/ directory and automatically retried on next launch (up to 8 retries with exponential backoff)
Key Event Types (selected most critical among 640+):
| Event Name | Reported Content | Suspension Relevance |
|---|---|---|
tengu_init |
Full environmental fingerprint and device info | High — detects anomalous environments |
tengu_api_success |
Model name, token usage, latency, cost in USD, TTFT | Extremely High — usage monitoring |
tengu_api_error |
Error type, HTTP status code, retry count | Medium — anomaly pattern detection |
tengu_tool_use_* |
Tool name, execution duration, success/failure | Medium — behavioral pattern analysis |
tengu_exit |
Session duration, total token usage | High — session-level statistics |
tengu_oauth_* |
Login / token refresh / failure events | High — account security |
tengu_cancel |
Cancellation operations | Low |
tengu_auto_mode_* |
Automatic mode usage | Medium — automation detection |
Sample actual payload:
{
// ===== Event Header =====
"event_type": "ClaudeCodeInternalEvent", // High-level event category
"event_data": {
// ===== Basic Event Info =====
"event_name": "tengu_config_cache_stats", // Event name: config cache statistics
"event_id": "ed1cae38-01a8-44dd-...", // Unique event ID
"client_timestamp": "2026-03-22T10:26:10.747Z", // Client-side timestamp
// ===== User Identity (Core Tracking Fields) =====
"device_id": "eab29b910fcc91bxxxxxxxxx8f3c3e6d53d06",
// Your permanent Device ID (256 bits)
"session_id": "8c503d21-2d92-...", // This session's ID
"email": "xxx@gmail.com", // Your email (sent in plaintext)
"auth": {
"organization_uuid": "b2c3112d-...", // Organization UUID
"account_uuid": "7616b4d3-..." // Account UUID
},
// ===== Client Info =====
"model": "claude-opus-4-6[1m]", // Model used
"user_type": "external", // User type (non-internal)
"entrypoint": "cli", // Entry point
"is_interactive": true, // Interactive mode
"client_type": "cli", // Client type
"betas": "claude-code-20250219,oauth-2025-04-20,...", // Enabled beta features
// ===== Environmental Fingerprint (50+ Dimensions) =====
"env": {
"platform": "darwin", // macOS
"platform_raw": "darwin", // Raw platform string
"arch": "arm64", // Apple Silicon
"node_version": "v24.3.0", // Node.js version
"terminal": "tmux", // Terminal type
"package_managers": "npm,pnpm", // Installed package managers
"runtimes": "deno,node", // Installed runtimes
"is_running_with_bun": true, // Running with Bun
"is_ci": false, // Not in CI environment
"is_claubbit": false,
"is_github_action": false, // Not GitHub Actions
"is_claude_code_action": false,
"is_claude_ai_auth": true, // Authenticated via Claude.ai OAuth
"is_claude_code_remote": false, // Not remote mode
"is_conductor": false,
"is_local_agent_mode": false,
"deployment_environment": "unknown-darwin",
"version": "2.1.81", // Claude Code version
"version_base": "2.1.81",
"build_time": "2026-03-20T21:26:18Z", // Build timestamp
"vcs": "git" // Version control system
},
// ===== Process Resource Monitoring (Base64-decoded) =====
"process": {
"uptime": 22.29, // Process uptime: 22 seconds
"rss": 391266304, // Memory usage: 373 MB
"heapTotal": 52228096, // Heap total size: 50 MB
"heapUsed": 133928806, // Heap used: 128 MB
"external": 88280115, // External memory: 84 MB
"arrayBuffers": 23265130, // ArrayBuffer: 22 MB
"constrainedMemory": 51539607552, // Constrained memory: 48 GB (your total RAM)
"cpuUsage": {
"user": 1814859, // User-mode CPU time (microseconds)
"system": 325661 // Kernel-mode CPU time (microseconds)
},
"cpuPercent": 3.80 // CPU utilization: 3.8%
},
// ===== Additional Metadata (Base64-decoded) =====
"additional_metadata": {
"rh": "a1eebab6bdf541b1", // Your Git repo remote hash
"cache_hits": 2534, // Cache hits
"cache_misses": 6, // Cache misses
"hit_rate": 0.9976 // Hit rate: 99.76%
}
}
}
```### 4.3 Metadata Accompanying Each Event
Core Fields:
session_id - Session ID
device_id - Device ID (permanent)
account_uuid - Account UUID
organization_uuid - Organization UUID
subscription_type - Subscription type (pro/max/enterprise/team)
rate_limit_tier - Rate limit tier
model - Model used
version - Client version
platform - Operating system
arch - CPU architecture
entrypoint - Entrypoint (cli/sdk/bridge)
is_interactive - Whether in interactive mode
is_ci - Whether in a CI environment
Environment Fingerprint (env object):
terminal - Terminal type
package_managers - Package managers
runtimes - Runtimes
is_docker - Docker environment
deployment_env - Deployment environment type
linux_distro_* - Linux distribution information
Process Resources (Base64-encoded):
uptime - Process uptime
rss - Memory usage
heapUsed - Heap memory usage
cpuPercent - CPU utilization
### 4.4 Datadog Reporting
**Endpoint**: `https://http-intake.logs.us5.datadoghq.com/api/v2/logs`
**Hardcoded Client Token**: `pubbbf48e6d78dae54bceaa4acf463299bf`
**Whitelist**: 64 event types
**Tagged Fields** (for backend aggregation analysis and alerts):
| Tag | Description | Relevance to Account Suspension |
| --- | --- | --- |
| `userBucket` | User grouping (hashed into 30 buckets based on ID) | High – user segmentation |
| `subscriptionType` | Subscription type | Very High – quota management |
| `model` | Model used | High – resource consumption |
| `toolName` | Tool name | Medium – behavioral pattern |
| `platform` | Operating system | Low |
| `provider` | API provider | Medium |
| `version` | Client version | Medium – legacy version detection |
### 4.5 GrowthBook Bidirectional Data Exchange
**SDK Key**: `sdk-zAZezfDKGoZuXXKe` (for external users)
**User Attributes Sent to GrowthBook**:
| Attribute | Description |
| --- | --- |
| `id` | Device ID |
| `sessionId` | Session ID |
| `platform` | Operating system |
| `organizationUUID` | Organization ID |
| `accountUUID` | Account ID |
| `subscriptionType` | Subscription type |
| `rateLimitTier` | Rate limit tier |
| `firstTokenTime` | Timestamp of first token usage |
| Attribute | Description |
| --- | --- |
| `email` | User email |
| `appVersion` | Client version |
**Purpose**: Enables the server to **precisely control feature toggles**, assign A/B test cohorts, and even **disable features for specific users**.
---
## Five: Server-Side Remote Control Mechanisms
Anthropic can **remotely control client behavior**, without user awareness, via the following mechanisms.
### 5.1 Policy Limits (Organization-Level Policy Restrictions)
**Endpoint**: `/api/claude_code/policy_limits`
**Polling Frequency**: Hourly
**Capabilities**:
* Disable specific tools
* Restrict feature access
* Enforce organizational security policies
### 5.2 Remote Managed Settings (Remote Configuration Push)
**Endpoint**: `/api/claude_code/settings`
**Capabilities**:
* Remotely push `settings.json` configuration
* Modify client behavior
* Enterprise governance
### 5.3 Forced Version Upgrades
Minimum version requirements are distributed via GrowthBook’s `tengu_version_config`, enabling forced upgrades for outdated clients.
### 5.4 Feature Flag Gradual Rollout (Canary Control)
The server can use GrowthBook to apply granular controls for specific users or organizations:
* Disable specific features
* Adjust rate limits
* Modify sampling rates
* Enable/disable Beta features
---
## Six: In-Depth Analysis of Account Suspension Triggers
### 6.1 Identity Correlation Detection (Account Sharing)
*Content unavailable outside Feishu Docs.*
**Detection Criteria**:
* Same `Account UUID` appearing across multiple `Device IDs`
* Same account used across devices with different IPs, OSes, and time zones
* Logins from geographically distant locations within a short timeframe
### 6.2 Rate Limit Violations
**Detection Flow**:
1. Each API request reports `tengu_api_success`, including token usage and model
2. Server aggregates metrics by `account_uuid` + `subscription_type` + `rate_limit_tier`
3. Exceeding quota thresholds → HTTP 429 error → continued violations → account suspension
**Key Reported Metrics**:
| Metric | Description |
| --- | --- |
| `inputTokens` | Number of input tokens |
| `outputTokens` | Number of output tokens |
| `cacheReadTokens` | Tokens read from cache |
| `cacheCreationTokens` | Tokens used to create cache entries |
| `costUsd` | USD cost per request |
| `duration` | Request latency |
| `model` | Model used |
### 6.3 Content Policy Violations
**Defense Line 1 – Anti-Distillation**:
API requests include `anti_distillation: ["fake_tools"]` to detect whether Claude Code outputs are being used to train competing models.
**Defense Line 2 – Message Fingerprinting**:
A fingerprint is computed from characters at a specific position in the first message and embedded in both the header and system prompt; the backend verifies request integrity.
**Defense Line 3 – Additional Protection Flag**:
The header `x-anthropic-additional-protection: true` triggers stricter content review on the server side.
### 6.4 Automation Abuse Detection
| Detection Signal | Source | Description |
| --- | --- | --- |
| `is_ci: true` | Environment variable `CI` | Marked as CI environment |
| `is_github_action: true` | `GITHUB_ACTIONS` | Running inside GitHub Actions |
| `is_interactive: false` | TTY detection | Non-interactive invocation |
| `entrypoint: "sdk"` | Entrypoint | Invoked via SDK rather than CLI |
| `auto_mode_*` events | Auto-mode | AFK auto-execution mode |
**Risk Combination**: Non-interactive + SDK entrypoint + high-frequency calls + large token consumption → strong automation abuse suspicion
### 6.5 Client Tampering Detection
| Detection Point | Method | Consequence |
| --- | --- | --- |
| Version fingerprint | `cc_version={VER}.{FINGERPRINT}` | Fingerprint mismatch → flagged as anomalous |
| User-Agent | Format validation | Non-standard format → likely unofficial client |
| Beta Headers | Expected header set | Missing/extra headers → anomaly |
| System Prompt | Contains attribution info | Tampering → detected |
---
## Seven: End-to-End Data Flow Overview
*Content unavailable outside Feishu Docs.*
---
## Eight: Summary of All External Communication Endpoints
| Target | URL | Frequency | Data Content | Disablable? |
| --- | --- | --- | --- | --- |
| Main API | `api.anthropic.com` | Per conversation | Conversation content + identity + metadata | No |
| First-Party Events | `api.anthropic.com/api/event_logging/batch` | Every 5 seconds | 640+ events + environment fingerprint | Yes |
| Datadog | `datadoghq.com` | Every 15 seconds | 64 event types + tags | Yes |
| GrowthBook | `api.anthropic.com` | Every 20 minutes | User attributes & feature configurations | Yes |
| OAuth | `platform.claude.com` | Login/refresh | Tokens + account info | No |
| Policy Limits | `api.anthropic.com/api/claude_code/policy_limits` | Hourly | Organizational policy queries | Yes |
| Remote Settings | `api.anthropic.com/api/claude_code/settings` | Background polling | `settings.json` push | Yes |
| Domain Check | `api.anthropic.com/api/web/domain_info` | Before WebFetch | Target domain | No |
| Target | URL | Frequency | Data Content | Disablable? |
| --- | --- | --- | --- | --- |
| MCP Proxy | `mcp-proxy.anthropic.com` | On MCP calls | MCP request data | No |
| Version Updates | `storage.googleapis.com` | On version check | Download update packages | Yes |
| Changelog | `raw.githubusercontent.com` | After update | Fetch changelog | Yes |
---
## Nine: Self-Protection Recommendations
### 9.1 Environment Variable Protections
| Environment Variable | Purpose |
| --- | --- |
| `DISABLE_TELEMETRY=1` | Disables Datadog + first-party events + feedback surveys |
| `CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC=1` | Disables all non-essential network traffic (telemetry + updates + GrowthBook) |
| `CLAUDE_CODE_USE_BEDROCK=1` | Uses AWS Bedrock (automatically disables all analytics) |
| `CLAUDE_CODE_USE_VERTEX=1` | Uses GCP Vertex (automatically disables all analytics) |
### 9.2 Usage Guidelines
| Behavior | Risk Level | Recommendation |
| --- | --- | --- |
| Sharing one account across multiple devices | Very High | Subscribe separately per device |
| Making large numbers of API calls in short intervals | High | Throttle call frequency |
| Large-scale usage in CI/CD pipelines | Medium | Use API keys instead of OAuth |
| Modifying client or forging headers | High | Do not modify official client binaries |
| Infrequent client updates | Low–Medium | Keep up with official releases |
### 9.3 Critical File Cleanup
| File/Directory | Contents | Recommendation |
| --- | --- | --- |
| `~/.claude.json` | Device ID + account information | Remove `userID` field to reset device identity |
| `~/.claude/telemetry/` | Cached failed telemetry events | Clean periodically |
| `~/.claude/.credentials.json` | Plaintext credentials (used when Keychain unavailable) | Ensure Keychain is enabled and functional |
| `~/.claude/projects/` | Full conversation history | Regularly purge sensitive sessions |
---
## Ten: Summary
Claude Code’s data collection architecture can be summarized as a **three-layer model**:
| Layer | Content | Purpose |
| --- | --- | --- |
| **Identity Layer** | Device ID + Account UUID + Email + Fingerprint | Precise user tracking |
| **Environment Layer** | OS + Architecture + Terminal + CI + Container + Deployment environment | Device fingerprint construction |
| **Behavioral Layer** | 640+ events + Token usage + Tool invocations + Process resources | Usage pattern analysis |
These three layers of data are reported in real time through three channels (first-party API + Datadog + GrowthBook). The server maintains a **comprehensive usage profile for every user**, enabling multi-dimensional anomaly detection and automated account suspension decisions.
**Safest practices**: Use third-party providers like Bedrock or Vertex (which automatically disable all analytics), or configure `DISABLE_TELEMETRY=1` + throttle usage frequency + maintain one account per user.