Is there any evidence for the codebase having no tests? I wouldn’t expect those to come through in the source map.

As the entire planet now knows, the Claude Code source leaked on March 31.

The engineering-focused findings have been covered extensively (fake tool injection, Undercover Mode, KAIROS, etc).

This piece focuses on what these findings mean if you're using Claude Code to build AI systems subject to the EU AI Act.

TL;DR / spoiler:

Claude Code isn't a high-risk AI system in and of itself.

The EU AI Act regulates your deployed system and your process, not your tool vendor's internal engineering practices.

> If you are using Claude Code to build a high-risk AI system, this feature cannot strip provenance from your code. Your build does not contain it. Your quality management system is not affected by a feature you cannot access.

I don't get this point at all. First of all, you can tell Claude NOT TO add any attribution. Second, you don't have to use it to create commits at all...

Also, I feel like people are overinterpreting. I do believe the primary purpose was hiding the model name and other internal details, not "silently infect OSS with AI slop".

> The Claude Code codebase has zero automated tests across hundreds of thousands of lines of production code.

Umm, how do we know that? Maybe they simply were not part of the package that got leaked?

TBH, this entire article feels sloppish. Maybe not necessarily careless AI-slop, but "there's a hot topic RN, let's write a lengthy article on our company blog despite not having much interesting to say"