Most developers use Claude Code with default settings. The leaked source reveals they are barely scratching the surface. 330+ environment variables control everything from model selection to stealth mode. 32 compile-time feature flags gate unreleased systems like KAIROS, BUDDY, and VOICE. 22+ GrowthBook runtime gates enable A/B testing of features for specific user segments. This is the complete configuration reference — every variable, every flag, every hidden setting discovered in the v2.1.88 source leak.
What the Leak Revealed
The leak originated from the @anthropic-ai/claude-code npm package, which shipped a 59.8 MB sourcemap file (cli.js.map) containing the full reconstructable TypeScript source. Security researcher Chaofan Shou identified the exposure, revealing approximately 1,900 source files, 43 built-in tools, 26 hidden slash commands, and the internal codename for the project: Tengu (a supernatural creature from Japanese mythology).
32 Compile-Time Feature Flags
Claude Code uses Bun's feature() function at bundle time. These flags trigger constant-folding and dead-code elimination — in external builds, disabled flags compile to false and associated code is stripped entirely. This means the unreleased features exist in the source but never execute in the production binary.
| # | Flag | Description | Status |
|---|---|---|---|
| 1 | KAIROS | Persistent always-on assistant mode. Background daemon with push notifications, file sending, channel support. Named after the Greek concept of the "opportune moment." Referenced 150+ times in source. | Not shipped |
| 2 | PROACTIVE | Proactive behavior: sleep tool, actions without user input, 15-second blocking budget. Coupled with KAIROS. | Not shipped |
| 3 | COORDINATOR_MODE | Multi-agent orchestrator: a lead Claude spawns and manages parallel worker agents, then synthesizes results. | Not shipped |
| 4 | BRIDGE_MODE | Remote control infrastructure via claude.ai. Bridge connection between local session and web interface. | Partially released |
| 5 | DAEMON | Background daemon workers for persistent sessions, tmux integration. | Not shipped |
| 6 | BG_SESSIONS | Background session management: list, logs, reattach, kill. | Not shipped |
| 7 | ULTRAPLAN | 30-minute cloud planning sessions via Opus 4.6 on Cloud Container Runtime (CCR). Human approval via browser before execution. | Not shipped |
| 8 | BUDDY | Full Tamagotchi companion system. 18 species (duck, dragon, axolotl, capybara, mushroom, ghost...), rarity from common to 1% legendary, cosmetics (hats, shiny variants), 5 stats: DEBUGGING, PATIENCE, CHAOS, WISDOM, SNARK. | Easter egg (April 2026) |
| 9 | VOICE_MODE | Push-to-talk voice interface activated via /voice. Audio input/output. | Not shipped |
| 10 | CHICAGO_MCP | Computer Use via MCP — full GUI automation (mouse, clicks, screenshots). Internal codename "Chicago." Active for Max/Pro. | Partially released |
| 11 | UDS_INBOX | Cross-session IPC via Unix Domain Sockets. Claude sessions on the same machine exchange messages like an AI team chat. | Not shipped |
| 12 | TEMPLATES | Job classifier and task templates for structured missions. | Not shipped |
| 13 | TORCH | Internal, undocumented feature. Likely related to workflow illumination/guidance. | Not shipped |
| 14 | WORKFLOW_SCRIPTS | Workflow automation tool, pipeline script execution. | Not shipped |
| 15 | REACTIVE_COMPACT | Reactive context compaction for dynamic window management. | Not shipped |
| 16 | CONTEXT_COLLAPSE | Context window inspection and restructuring. Activates CtxInspectTool. | Not shipped |
| 17 | HISTORY_SNIP | Aggressive conversation history trimming. | Not shipped |
| 18 | CACHED_MICROCOMPACT | Cached micro-compactions for memory optimization. | Not shipped |
| 19 | TOKEN_BUDGET | Per-task/session token budget management. | Not shipped |
| 20 | EXTRACT_MEMORIES | Automatic memory extraction from conversations. | Not shipped |
| 21 | OVERFLOW_TEST | Overflow limit testing tool. | Internal/test |
| 22 | TERMINAL_PANEL | Terminal panel capture for IDE integration. | Not shipped |
| 23 | WEB_BROWSER | Native web browser automation tool. | Not shipped |
| 24 | FORK_SUBAGENT | Fork sub-agents from a main agent. | Not shipped |
| 25 | DUMP_SYS_PROMPT | System prompt extraction. Employee-only (ant). | Internal only |
| 26 | ABLATION_BASE | Bootstrap simplification toggles for ablation studies. | Internal/research |
| 27 | BYOC_RUNNER | Bring Your Own Compute — self-hosted runner. | Not shipped |
| 28 | SELF_HOSTED | Self-hosted mode for on-premise deployments. | Not shipped |
| 29 | MONITOR_TOOL | MCP monitoring tool for agent surveillance. | Not shipped |
| 30 | CCR_AUTO | Automatic Cloud Container Runtime activation. | Not shipped |
| 31 | MEM_SHAPE_TEL | Memory shape telemetry. | Not shipped |
| 32 | SKILL_SEARCH | Experimental skill discovery. | Not shipped |
Additional Flags Identified in Extended Analysis
Beyond the core 32 flags, several additional compile-time flags were identified:
NATIVE_CLIENT_ATTESTATION— Native client attestation (placeholder hashcch=00000)ANTI_DISTILLATION_CC— Injects fake decoy tools into API requests to poison training data of competing modelsTRANSCRIPT_CLASSIFIER— Automatic session transcript classificationKAIROS_BRIEF— Brief mode for the persistent KAIROS assistantKAIROS_GITHUB_WEBHOOKS— GitHub integration viaSubscribePRToolfor autonomous PR reactionsLODESTONE— Undocumented featureCLAUDE_CODE_VERIFY_PLAN— Plan execution verification tool
22+ Runtime Feature Gates via GrowthBook
While compile-time flags are baked into the binary, runtime feature gates use GrowthBook for remote control. All gates are prefixed with tengu_ (the project's internal codename) and many use obfuscated random word pairs like tengu_frond_boric to hide their purpose. Values are aggressively cached via getFeatureValue_CACHED_MAY_BE_STALE() to avoid blocking the main loop.
Critical implication: Anthropic can enable or disable these flags remotely without requiring a user update, via hourly polling to a remote settings endpoint.
| # | Gate Name | Description |
|---|---|---|
| 1 | tengu_anti_distill_fake_tool_injection | Injects fake decoy tools into the system prompt for first-party CLI sessions. Poisons training data of competing models. |
| 2 | tengu_attribution_header | Kill-switch for the x-anthropic-billing-header attribution header. |
| 3 | tengu_malort_pedway | Gate for full Computer Use — GUI automation (mouse, clicks, screenshots). Obfuscated name. |
| 4 | tengu_penguins_off | Kill-switch for Penguin Mode (Fast Mode). Globally disables fast mode. |
| 5 | tengu_onyx_plover | Activates the Auto-Dream system (overnight memory consolidation). Obfuscated name. |
| 6 | tengu_kairos | Main gate for the persistent KAIROS assistant mode. |
| 7 | tengu_ultraplan_model | Selects the model for ULTRAPLAN cloud sessions (default: Opus 4.6). |
| 8 | tengu_cobalt_raccoon | Controls auto-compact (automatic context compaction). Obfuscated name. |
| 9 | tengu_scratch | Shared scratchpad directory for multi-agent coordination. |
| 10 | tengu_amber_flint | Gate for Agent Teams/Swarm with team memory synchronization. |
| 11 | tengu_consolidated_mode | Activates the memory consolidation/dream system. |
| 12 | tengu_portal_quail | Obfuscated gate, exact function undocumented. |
| 13 | tengu_harbor | Obfuscated gate, likely related to feature porting/hosting. |
| 14 | tengu_herring_clock | Obfuscated gate, exact function undocumented. |
| 15 | tengu_chomp_inflection | Obfuscated gate, exact function undocumented. |
| 16 | tengu_amber_quartz_disabled | Kill-switch for Voice Mode. Obfuscated name. |
| 17 | tengu_ultraplan_teleport_local | Sentinel for remote ULTRAPLAN result retrieval. |
| 18 | tengu_speculation | Gate for Speculation mode (speculative pre-execution of actions). |
| 19 | tengu_startup_telemetry | Startup telemetry analytics event. |
| 20 | tengu_mcp_channel_flags | MCP channel flags for telemetry. |
| 21 | tengu_agent_flag | Agent flag for telemetry and gating. |
| 22 | tengu_org_penguin_mode_fetch_failed | Analytics event when org-level Penguin Mode fetch fails. |
Remote Kill-Switches
The codebase contains 6+ remote kill-switches capable of:
- Bypassing permission prompts
- Enabling/disabling Fast Mode globally
- Toggling Voice Mode
- Controlling analytics collection
- Forcing complete application exit
330+ Environment Variables: Complete Reference by Category
The environment variables fall into 31 distinct categories. Below we cover the most significant ones that developers and power users can actually leverage.
Authentication and API (25 variables)
These control how Claude Code authenticates with the Anthropic API, including API keys, OAuth tokens, and custom authentication workflows.
| Variable | Description |
|---|---|
ANTHROPIC_API_KEY | Primary API key (highest priority) |
ANTHROPIC_AUTH_TOKEN | Bearer token override when no API key |
ANTHROPIC_BASE_URL | Override base API URL (for proxies/gateways) |
ANTHROPIC_CUSTOM_HEADERS | Custom HTTP headers for API requests |
ANTHROPIC_BETAS | List of API betas to enable |
CLAUDE_CODE_OAUTH_TOKEN | OAuth token (e.g., GitHub Actions) |
CLAUDE_CODE_SESSION_ACCESS_TOKEN | Session access token |
Model Configuration (18 variables)
The model configuration layer is where power users get the most leverage. These variables control which models are used for different tasks.
| Variable | Description | Example |
|---|---|---|
ANTHROPIC_MODEL | Override the default model for all main requests | claude-opus-4-6 |
CLAUDE_CODE_SUBAGENT_MODEL | Model for sub-agents/workers (use cheaper models to save costs) | claude-sonnet-4-6 |
ANTHROPIC_SMALL_FAST_MODEL | Model for lightweight internal tasks (classification, etc.) | claude-haiku-4-5 |
FALLBACK_FOR_ALL_PRIMARY_MODELS | Universal fallback model when primary is rate-limited | claude-sonnet-4-6 |
CLAUDE_CODE_MAX_OUTPUT_TOKENS | Maximum output token limit | 64000 |
MAX_THINKING_TOKENS | Thinking token budget (more = better quality on complex tasks) | 32000 |
CLAUDE_CODE_EFFORT_LEVEL | Effort level override | high |
CLAUDE_CODE_MAX_RETRIES | Maximum API retries | 5 |
Cloud Providers (33 variables)
Claude Code supports three alternative cloud providers beyond the direct Anthropic API: AWS Bedrock (16 vars), Google Vertex AI (12 vars), and Microsoft Azure Foundry (5 vars).
AWS Bedrock (16 variables)
export CLAUDE_CODE_USE_BEDROCK=1
export AWS_REGION=us-east-1
export AWS_ACCESS_KEY_ID=your_key
export AWS_SECRET_ACCESS_KEY=your_secret
# Optional: 1-hour prompt caching
export ENABLE_PROMPT_CACHING_1H_BEDROCK=1Google Vertex AI (12 variables)
export CLAUDE_CODE_USE_VERTEX=1
export ANTHROPIC_VERTEX_PROJECT_ID=your_project_id
export CLOUD_ML_REGION=us-central1Microsoft Azure Foundry (5 variables)
export CLAUDE_CODE_USE_FOUNDRY=1
export ANTHROPIC_FOUNDRY_BASE_URL=https://your-endpoint.azure.com
export ANTHROPIC_FOUNDRY_API_KEY=your_keyBehavior and UX (20+ variables)
| Variable | Description | Status |
|---|---|---|
DISABLE_TELEMETRY=1 | Zero telemetry sent to Anthropic | Confirmed |
DISABLE_AUTOUPDATER=1 | Disable automatic updates, control your version | Confirmed |
DISABLE_COST_WARNINGS=1 | Remove cost warning popups | Confirmed |
CLAUDE_CODE_BRIEF=1 | Shorter, more direct responses | Confirmed |
CLAUDE_CODE_DISABLE_FEEDBACK_SURVEY=1 | Remove feedback survey popups | Confirmed |
CLAUDE_CODE_DISABLE_TERMINAL_TITLE=1 | Prevent Claude from modifying terminal title | Confirmed |
CLAUDE_CODE_ACCESSIBILITY=1 | Accessibility mode (screen reader support) | Confirmed |
CLAUDE_CODE_DISABLE_AUTO_MEMORY=1 | Prevent auto-writing to memory files | Confirmed |
CLAUDE_CODE_OVERRIDE_DATE | Override the date Claude sees (for date-dependent testing) | Confirmed |
IDLE_THRESHOLD_MINUTES | Inactivity threshold before session is marked idle (default: 75 min) | Confirmed |
Debug and Profiling (8 variables)
| Variable | Description |
|---|---|
CLAUDE_DEBUG=1 | General debug mode, shows internal details |
CLAUDE_CODE_DEBUG_LOG_LEVEL=debug | Detailed debug log level |
CLAUDE_CODE_DEBUG_LOGS_DIR=/tmp/claude-logs | Write debug logs to a specific directory |
CLAUDE_CODE_DIAGNOSTICS_FILE | Generate a JSON diagnostics file |
CLAUDE_CODE_PERFETTO_TRACE=1 | Generate Perfetto/Chrome DevTools-compatible performance trace |
CLAUDE_CODE_PROFILE_STARTUP=1 | Profile and display startup time for each step |
ANTHROPIC_LOG=1 | Display raw API requests/responses |
Tools and Limits (12 variables)
| Variable | Description | Example |
|---|---|---|
CLAUDE_CODE_MAX_TOOL_USE_CONCURRENCY | Maximum parallel tool executions | 5 |
CLAUDE_CODE_GLOB_HIDDEN=1 | Include hidden files in glob searches | — |
CLAUDE_CODE_GLOB_TIMEOUT_SECONDS | Glob timeout for large repos | 30 |
BASH_MAX_OUTPUT_LENGTH | Maximum bash command output capture | 50000 |
CLAUDE_CODE_SHELL | Override detected shell | /bin/zsh |
MCP_TIMEOUT | MCP timeout in ms | 60000 |
MCP_TOOL_TIMEOUT | MCP tool-specific timeout | 120000 |
MAX_MCP_OUTPUT_TOKENS | Maximum MCP output tokens | 50000 |
ENABLE_TOOL_SEARCH=1 | Enable dynamic MCP tool discovery | — |
ENABLE_LSP_TOOL=1 | Enable Language Server Protocol tool | — |
Context and Compaction (6 variables)
| Variable | Description |
|---|---|
CLAUDE_AUTOCOMPACT_PCT_OVERRIDE | Compact at X% context usage (e.g., 80) |
CLAUDE_CODE_AUTO_COMPACT_WINDOW | Auto-compaction window size |
DISABLE_AUTO_COMPACT=1 | No auto compaction, manual /compact only |
DISABLE_COMPACT=1 | Disable even manual /compact |
ENABLE_SESSION_PERSISTENCE=1 | Sessions are saved and can be resumed |
CLAUDE_CODE_RESUME_INTERRUPTED_TURN | Resume an interrupted turn |
Agent Teams and Multi-Agent (8 variables)
These variables control Claude Code's multi-agent orchestration system, where a lead agent coordinates parallel workers.
| Variable | Description | Status |
|---|---|---|
CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1 | Enable experimental agent teams (lead + parallel workers) | Confirmed |
CLAUDE_CODE_PLAN_V2_AGENT_COUNT | Number of agents in plan V2 mode (Max/Team: 3, Free: 1) | Confirmed |
CLAUDE_CODE_PLAN_V2_EXPLORE_AGENT_COUNT | Number of explore-phase agents | Speculative |
CLAUDE_CODE_COORDINATOR_MODE=1 | Coordinator mode (1 lead orchestrates N workers) | Speculative |
CLAUDE_AUTO_BACKGROUND_TASKS=1 | Claude can launch background tasks automatically | Speculative |
TEAM_MEMORY_SYNC_URL | Team memory synchronization URL | Speculative |
Stealth and Privacy (5 variables)
Undercover Mode
export CLAUDE_CODE_UNDERCOVER=1Designed for Anthropic employees contributing to public repos. Removes all evidence of AI involvement: strips "Co-Authored-By: Claude" from commits, removes internal codenames ("Capybara", "Tengu"), removes Slack channel references, and instructs the system prompt with "Do not blow your cover."
While designed for employees, this variable is activatable by anyone.
| Variable | Description |
|---|---|
CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=1 | Scrubs sensitive env vars before passing them to sub-processes |
CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1 | Disables experimental betas including anti-distillation fake tool injection |
DISABLE_ERROR_REPORTING=1 | No error reports sent to Anthropic |
CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC=1 | Disables all non-essential network traffic (analytics, checks, etc.) |
OpenTelemetry Observability (22 variables)
Claude Code ships with full OpenTelemetry support, allowing developers to send traces, metrics, and logs to their own monitoring stack (Grafana, Datadog, Jaeger, etc.).
Custom Monitoring Setup
# Send everything to your own OTEL stack
export OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:4317
export OTEL_TRACES_EXPORTER=otlp
export OTEL_METRICS_EXPORTER=otlp
export OTEL_LOGS_EXPORTER=otlp
# Full visibility into tool usage and prompts
export OTEL_LOG_TOOL_DETAILS=1
export OTEL_LOG_TOOL_CONTENT=1
export OTEL_LOG_USER_PROMPTS=1Proxy and TLS (10 variables)
| Variable | Description |
|---|---|
HTTP_PROXY / HTTPS_PROXY | Route traffic through HTTP/HTTPS proxy |
NO_PROXY | Proxy exclusions |
NODE_EXTRA_CA_CERTS | Additional CA certificates (corporate proxies) |
CLAUDE_CODE_CLIENT_CERT | Client certificate for mTLS |
CLAUDE_CODE_CLIENT_KEY | Client key for mTLS |
Employee-Only: USER_TYPE=ant
The USER_TYPE === 'ant' guard restricts specific features to Anthropic employees. When active, employees gain access to:
| Feature | Description |
|---|---|
| Staging API access | claude-ai.staging.ant.dev |
| Internal beta headers | Non-public headers (cli-internal-2026-02-09) |
| Undercover Mode (auto) | Automatically active except on whitelisted internal repos |
/security-review | Security audit command |
/ant-trace | Internal tracing |
| ConfigTool | Settings modification (blocked externally) |
| TungstenTool | Advanced internal functionality |
| DUMP_SYS_PROMPT | Extracts full system prompt to ~/.config/claude/dump-prompts/ |
| Non-release models | Access to Capybara, Fennec, Numbat codenames |
| GUI restriction bypass | ALLOW_ANT_COMPUTER_USE_MCP bypasses GUI automation restrictions |
15 API Beta Headers
These headers are sent in the anthropic-beta field of API requests. They follow the format feature-name-YYYY-MM-DD.
| # | Beta Header | Description | Date |
|---|---|---|---|
| 1 | interleaved-thinking-2025-05-14 | Interleaved thinking | 2025-05-14 |
| 2 | context-1m-2025-08-07 | 1M token context window | 2025-08-07 |
| 3 | structured-outputs-2025-12-15 | Structured outputs | 2025-12-15 |
| 4 | web-search-2025-03-05 | Web search | 2025-03-05 |
| 5 | advanced-tool-use-2025-11-20 | Advanced tool use | 2025-11-20 |
| 6 | effort-2025-11-24 | Effort levels | 2025-11-24 |
| 7 | task-budgets-2026-03-13 | Task budgets | 2026-03-13 |
| 8 | prompt-caching-scope-2026-01-05 | Prompt caching scope | 2026-01-05 |
| 9 | fast-mode-2026-02-01 | Fast Mode (Penguin) | 2026-02-01 |
| 10 | redact-thinking-2026-02-12 | Thinking redaction | 2026-02-12 |
| 11 | token-efficient-tools-2026-03-28 | Token-efficient tools | 2026-03-28 |
| 12 | afk-mode-2026-01-31 | AFK (Away From Keyboard) mode | 2026-01-31 |
| 13 | cli-internal-2026-02-09 | Internal CLI features (ant-only) | 2026-02-09 |
| 14 | advisor-tool-2026-03-01 | Advisor tool | 2026-03-01 |
| 15 | summarize-connector-text-2026-03-13 | Connector text summarization | 2026-03-13 |
Anti-Distillation in API Requests
When the ANTI_DISTILLATION_CC flag is active, Claude Code sends an anti_distillation field with the value ["fake_tools"]. This instructs the server to silently inject fake tool definitions into the system prompt. The purpose: if someone captures the API traffic to train a competing model, the fake tool definitions poison their training data.
The Most Useful Variables You Can Set Right Now
For developers who want to optimize their Claude Code experience immediately, here is the recommended power-user shell profile:
Recommended .bashrc / .zshrc additions
# Model: Force Opus for main, Sonnet for sub-agents (cost savings)
export ANTHROPIC_MODEL=claude-opus-4-6
export CLAUDE_CODE_SUBAGENT_MODEL=claude-sonnet-4-6
export FALLBACK_FOR_ALL_PRIMARY_MODELS=claude-sonnet-4-6
# Performance: Max thinking, max output
export MAX_THINKING_TOKENS=32000
export CLAUDE_CODE_MAX_OUTPUT_TOKENS=64000
export CLAUDE_CODE_EFFORT_LEVEL=high
# Agent Teams: Enable multi-agent with 3 workers
export CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1
export CLAUDE_CODE_PLAN_V2_AGENT_COUNT=3
# Privacy: Zero telemetry, zero surveys
export DISABLE_TELEMETRY=1
export DISABLE_AUTOUPDATER=1
export CLAUDE_CODE_DISABLE_FEEDBACK_SURVEY=1
export CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC=1
# Tools: Higher concurrency and limits
export CLAUDE_CODE_MAX_TOOL_USE_CONCURRENCY=5
export BASH_MAX_OUTPUT_LENGTH=50000
export MCP_TIMEOUT=60000
export MCP_TOOL_TIMEOUT=120000
# Debug (enable when needed)
# export CLAUDE_DEBUG=1
# export CLAUDE_CODE_PERFETTO_TRACE=1Complete Variable Count by Category
| Category | Count |
|---|---|
| Authentication & API | 25 |
| Model Configuration | 18 |
| AWS Bedrock | 16 |
| Google Vertex AI | 12 |
| Microsoft Foundry | 5 |
| Core Configuration | 29 |
| Enable Flags | 20 |
| Disable Flags | 35 |
| Command Disablers | 9 |
| Bash & Shell | 6 |
| Tools Configuration | 12 |
| MCP (Model Context Protocol) | 9 |
| Plugins & Extensions | 8 |
| Context & Compaction | 6 |
| Agent SDK | 4 |
| Agent Teams & Orchestration | 8 |
| Remote & Cowork | 19 |
| IDE Integration | 8 |
| OpenTelemetry | 22 |
| Datadog | 1 |
| Proxy & TLS | 10 |
| Tmux | 5 |
| Git & CI Detection | 22 |
| SWE-Bench & Testing | 7 |
| Terminal Detection | 20 |
| Cloud Platform Detection | 37 |
| Azure Identity | 15 |
| System & Runtime | 31 |
| Node.js & Bun | 17 |
| gRPC | 8 |
| Internal & Special | 30+ |
| Total | 330+ |
Frequently Asked Questions
How many environment variables does Claude Code actually use?
Claude Code v2.1.88 reads over 330 environment variables across 31 categories. These range from model configuration (18 vars) to OpenTelemetry observability (22 vars), cloud provider routing (33 vars), and security/privacy controls (35+ disable flags). About 50-60 of these are directly useful to end users, while the rest are internal, for CI/CD detection, or for cloud platform identification.
What are Claude Code's feature flags and how do they work?
Claude Code has two types of feature flags: 32 compile-time flags using Bun's feature() function (dead-code eliminated in production builds, so the features are in source but never execute), and 22+ runtime feature gates via GrowthBook prefixed with tengu_ that Anthropic can toggle remotely without user updates. Most unreleased features like KAIROS, BUDDY, and VOICE_MODE are behind compile-time flags.
Can regular users activate employee-only features like Undercover Mode?
The CLAUDE_CODE_UNDERCOVER=1 environment variable is technically activatable by any user, even though it was designed for Anthropic employees (USER_TYPE=ant). However, most employee-only features like /security-review, /ant-trace, TungstenTool, and access to non-release models (Capybara, Fennec, Numbat) are server-side gated by the USER_TYPE check and cannot be bypassed by setting environment variables alone.
What is the BUDDY feature flag in Claude Code?
BUDDY is an unreleased Tamagotchi-style companion system for Claude Code. It includes 18 species (duck, dragon, axolotl, capybara, mushroom, ghost), rarity tiers from common to 1% legendary, cosmetics like hats and shiny variants, and 5 stats: DEBUGGING, PATIENCE, CHAOS, WISDOM, and SNARK. The companion is seeded from the user's ID hash. It was planned as an April 2026 Easter egg teaser but the compile-time flag means it does not execute in production.
How can I optimize Claude Code performance with environment variables?
The most impactful confirmed variables are: ANTHROPIC_MODEL=claude-opus-4-6 (force Opus), CLAUDE_CODE_SUBAGENT_MODEL=claude-sonnet-4-6 (cheaper sub-agents), MAX_THINKING_TOKENS=32000 (more reasoning), CLAUDE_CODE_MAX_OUTPUT_TOKENS=64000 (longer responses), CLAUDE_CODE_EFFORT_LEVEL=high (max effort), CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1 with CLAUDE_CODE_PLAN_V2_AGENT_COUNT=3 (parallel agents), and CLAUDE_CODE_MAX_TOOL_USE_CONCURRENCY=5 (parallel tools). Combined, these can significantly improve output quality and speed on complex coding tasks.
Frequently Asked Questions
How many environment variables does Claude Code have?
The leaked source code of Claude Code v2.1.88 revealed over 330 environment variables spanning 31 categories, including model selection, behavior configuration, debugging, tools, context management, agent teams, provider settings, stealth mode, proxy configuration, and OpenTelemetry observability. Most developers use default settings and are unaware of the vast majority of these configuration options.
What are the 32 compile-time feature flags in Claude Code?
Claude Code uses Bun's feature() function to gate unreleased systems behind compile-time flags. The 32 flags include KAIROS (persistent daemon mode, 150+ source references), COORDINATOR_MODE (multi-agent orchestrator), BUDDY (Tamagotchi companion with 18 species), VOICE_MODE (push-to-talk interface), ULTRAPLAN (30-minute cloud planning via Opus 4.6), BRIDGE_MODE (remote control via claude.ai), DAEMON (background workers), and CHICAGO_MCP (Computer Use GUI automation). In public builds, disabled flags compile to false and associated code is stripped entirely.
What are GrowthBook runtime feature gates in Claude Code?
In addition to compile-time flags, Claude Code uses 22+ GrowthBook runtime feature gates prefixed with "tengu_" (the internal project codename). These gates enable A/B testing and gradual rollout of features for specific user segments. They are polled hourly and include gates for voice mode (tengu_amber_quartz at ~5% rollout), agent teams (tengu_amber_flint), AutoDream memory consolidation (tengu_onyx_plover), Fast Mode killswitch (tengu_penguins_off), and anti-distillation (tengu_anti_distill_fake_tool_injection).
Can users access Claude Code's hidden features using environment variables?
Some environment variables do unlock undocumented behavior. For example, USER_TYPE=ant activates internal Anthropic employee features, --dump-system-prompt shows the complete system prompt, and --bare launches Claude Code without hooks, plugins, or memory. However, Anthropic likely detects unauthorized usage of employee-only settings. The environment variable CLAUDE_CODE_ABLATION_BASELINE can disable all security features, making it a documented backdoor in the tool used by millions.
What is the difference between compile-time and runtime feature flags in Claude Code?
Compile-time flags (32 total) are evaluated during the Bun build process. When disabled, the associated code is completely eliminated via dead-code elimination and never exists in the production binary. Runtime feature gates (22+ via GrowthBook) are evaluated while the application runs, polling the GrowthBook server hourly. This means runtime gates can be toggled remotely without publishing a new npm package, while compile-time flags require a new build and release.
How were Claude Code's 330+ environment variables discovered?
On March 31, 2026, security researcher Chaofan Shou discovered a 59.8 MB source map file in the npm package @anthropic-ai/claude-code v2.1.88. The source map referenced a ZIP archive on Anthropic's Cloudflare R2 bucket containing the complete unobfuscated TypeScript source -- approximately 512,000 lines across 1,900 files. Analysis of this code by the community, including the ccleaks.com database, cataloged all 330+ environment variables, 32 feature flags, and 22+ runtime gates.
Does Claude Code have remote killswitches?
Yes. The leaked source reveals 6+ remote killswitches that Anthropic can activate without requiring any app update. These can bypass permission prompts, disable Fast Mode (tengu_penguins_off), toggle Voice Mode, control analytics collection, and force a full shutdown of Claude Code sessions. All killswitches operate through the GrowthBook runtime feature gate system, which polls for configuration changes every hour.
