claude-cn-flag-check 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +173 -0
- package/README.zh-CN.md +162 -0
- package/bin/cli.js +362 -0
- package/package.json +44 -0
- package/src/capture.js +204 -0
- package/src/detect.js +233 -0
- package/src/extract.js +155 -0
- package/src/index.js +197 -0
- package/src/resolve.js +146 -0
- package/src/snapshot.js +173 -0
package/LICENSE
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 shellus
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
package/README.md
ADDED
|
@@ -0,0 +1,173 @@
|
|
|
1
|
+
# claude-cn-flag-check
|
|
2
|
+
|
|
3
|
+
> Would Claude Code covertly flag **your** environment as a "China user"? Run one command and find out.
|
|
4
|
+
|
|
5
|
+
[中文说明 →](./README.zh-CN.md)
|
|
6
|
+
|
|
7
|
+
In mid-2026 a [reverse-engineering report](https://www.reddit.com/r/) revealed that Claude Code (the `@anthropic-ai/claude-code` CLI, from **v2.1.91**) silently detects whether a request likely comes from mainland China and encodes the verdict into the system prompt using **Unicode steganography** — with no telemetry field and no mention in the release notes. Anthropic [confirmed it](https://www.ithome.com/0/971/118.htm) as an "experimental" anti-resale / anti-distillation measure and said it would be removed.
|
|
8
|
+
|
|
9
|
+
This tool does **real detection by default**: it runs Claude Code once against a
|
|
10
|
+
local endpoint and reads the marker it *actually* emits — not a prediction. It
|
|
11
|
+
can also fall back to reproducing the logic locally (`--no-capture`) for a
|
|
12
|
+
computed estimate. It reads nothing but your own environment; nothing is uploaded.
|
|
13
|
+
|
|
14
|
+
It is **verified against `@anthropic-ai/claude-code@2.1.170`**: the domain / keyword lists are de-obfuscated straight from the installed binary at runtime, so the answer matches the version you actually run.
|
|
15
|
+
|
|
16
|
+
## How the detection actually works
|
|
17
|
+
|
|
18
|
+
The check only runs when you point Claude Code at a **third-party endpoint** via `ANTHROPIC_BASE_URL` (a relay/proxy). On the official `api.anthropic.com`, or with no base URL set, it is skipped entirely — *your timezone is irrelevant there*. When it does run, three orthogonal signals are computed:
|
|
19
|
+
|
|
20
|
+
| Signal | Source | How it is encoded in `Today's date is …` |
|
|
21
|
+
|---|---|---|
|
|
22
|
+
| `cnTZ` | System timezone is `Asia/Shanghai` or `Asia/Urumqi` | Date separator `-` → `/` (e.g. `2026-07-03` → `2026/07/03`) |
|
|
23
|
+
| `known` | Relay hostname matches a built-in **147-entry domain list** (exact or subdomain; the list includes a bare `cn`, so **any `*.cn` host matches**) | Apostrophe → `U+2019` |
|
|
24
|
+
| `labKw` | Relay hostname contains a Chinese **AI-lab keyword** (`deepseek`, `moonshot`, `dashscope`, …) | Apostrophe → `U+02BC` |
|
|
25
|
+
| both `known` + `labKw` | — | Apostrophe → `U+02B9` |
|
|
26
|
+
|
|
27
|
+
The apostrophe in `Today's` and the date separator together form a 2–3 bit marker that the server reads back — visually identical to the normal line in any editor.
|
|
28
|
+
|
|
29
|
+
## Install
|
|
30
|
+
|
|
31
|
+
```bash
|
|
32
|
+
npm install -g claude-cn-flag-check
|
|
33
|
+
# or run once without installing:
|
|
34
|
+
npx claude-cn-flag-check
|
|
35
|
+
```
|
|
36
|
+
|
|
37
|
+
Requires Node.js ≥ 18. (Node is already present if you have Claude Code installed.)
|
|
38
|
+
|
|
39
|
+
## Usage
|
|
40
|
+
|
|
41
|
+
Check your current environment:
|
|
42
|
+
|
|
43
|
+
```bash
|
|
44
|
+
claude-cn-flag-check
|
|
45
|
+
```
|
|
46
|
+
|
|
47
|
+
The CLI lists every detection item, reveals each result with a short scan
|
|
48
|
+
animation (like a web scanner), then prints a **0-100 risk score** and a verdict.
|
|
49
|
+
Output is in Chinese (the primary user base); `--json` keeps English keys.
|
|
50
|
+
Example (a China timezone behind a listed relay - the worst case, abridged):
|
|
51
|
+
|
|
52
|
+
```
|
|
53
|
+
检测项(4 项区域信号)
|
|
54
|
+
⚑ 端点类型 第三方中转 · 触发地区检测
|
|
55
|
+
✗ 系统时区 (权重 40) 命中 · 中国时区,把日期分隔符 - 改成 /
|
|
56
|
+
✗ 中转域名清单 (权重 35) 命中 · 撇号被改成 U+2019
|
|
57
|
+
✓ AI 实验室关键词 (权重 25) 未命中
|
|
58
|
+
|
|
59
|
+
风险分 75/100 [高]
|
|
60
|
+
|
|
61
|
+
✗ 会被识别为中国大陆请求。进入封号风控队列的可能性:高
|
|
62
|
+
```
|
|
63
|
+
|
|
64
|
+
### Risk score
|
|
65
|
+
|
|
66
|
+
Only the three real CLI signals count toward the score (browser signals like
|
|
67
|
+
fonts or `navigator.language` are irrelevant to the CLI and are excluded).
|
|
68
|
+
`marked` stays a deterministic yes/no; the score grades severity:
|
|
69
|
+
|
|
70
|
+
| Signal | Weight |
|
|
71
|
+
|---|---|
|
|
72
|
+
| `cnTZ` - China timezone (leaks even through a proxy) | 40 |
|
|
73
|
+
| `known` - relay host on the domain list | 35 |
|
|
74
|
+
| `labKw` - relay host contains an AI-lab keyword | 25 |
|
|
75
|
+
|
|
76
|
+
Levels: `safe` (0) · `low` (1-30) · `medium` (31-60) · `high` (61-100). A
|
|
77
|
+
first-party endpoint always scores 0.
|
|
78
|
+
|
|
79
|
+
The process **exits `1` when you would be flagged**, `0` when you are clean — so you can gate a startup script:
|
|
80
|
+
|
|
81
|
+
```bash
|
|
82
|
+
claude-cn-flag-check >/dev/null || echo "⚠️ this shell would be marked by Claude Code"
|
|
83
|
+
```
|
|
84
|
+
|
|
85
|
+
### What-if checks
|
|
86
|
+
|
|
87
|
+
Test a hypothetical relay or timezone without changing your environment:
|
|
88
|
+
|
|
89
|
+
```bash
|
|
90
|
+
claude-cn-flag-check --base-url https://my-relay.example.com --tz Asia/Tokyo
|
|
91
|
+
```
|
|
92
|
+
|
|
93
|
+
### Options
|
|
94
|
+
|
|
95
|
+
| Flag | Meaning |
|
|
96
|
+
|---|---|
|
|
97
|
+
| `--base-url <url>` | Check a hypothetical `ANTHROPIC_BASE_URL` |
|
|
98
|
+
| `--tz <zone>` | Check a hypothetical IANA timezone |
|
|
99
|
+
| `--assume-first-party` | Simulate `_CLAUDE_CODE_ASSUME_FIRST_PARTY_BASE_URL=1` |
|
|
100
|
+
| `--snapshot` | Use the bundled list snapshot, skip live extraction |
|
|
101
|
+
| `--binary <path>` | Path to the `claude` binary to extract lists from |
|
|
102
|
+
| `--show-list` | Print the decoded domain / lab-keyword lists |
|
|
103
|
+
| `--json` | Machine-readable output |
|
|
104
|
+
| `-h`, `--help` / `-v`, `--version` | — |
|
|
105
|
+
|
|
106
|
+
## Reducing your risk
|
|
107
|
+
|
|
108
|
+
- **Timezone (`cnTZ`)** — launch Claude Code with a non-China zone: `TZ=Asia/Tokyo claude`. This is the single most effective fix, because your OS timezone leaks even through a proxy.
|
|
109
|
+
- **Relay hostname (`known` / `labKw`)** — use a relay whose hostname is not on the list and does not contain an AI-lab keyword or a `.cn` suffix. Self-hosting on a neutral domain avoids both.
|
|
110
|
+
- **Disable entirely** — `_CLAUDE_CODE_ASSUME_FIRST_PARTY_BASE_URL=1` turns the whole mechanism off (it tells the client to treat your base URL as first-party). Understand the implication before relying on it.
|
|
111
|
+
|
|
112
|
+
## Use as a library
|
|
113
|
+
|
|
114
|
+
```js
|
|
115
|
+
const { check, isClaudeChinaUser } = require('claude-cn-flag-check');
|
|
116
|
+
|
|
117
|
+
isClaudeChinaUser(); // boolean, current env
|
|
118
|
+
check({ baseUrl: 'https://r.example.com', timezone: 'Asia/Shanghai' });
|
|
119
|
+
// → { marked, signals: { cnTZ, known, labKw }, carrier: { dateLine, ... }, features: [...] }
|
|
120
|
+
```
|
|
121
|
+
|
|
122
|
+
## Real detection (default)
|
|
123
|
+
|
|
124
|
+
By default the tool performs a genuine capture rather than a prediction:
|
|
125
|
+
|
|
126
|
+
1. It resolves your real relay host from config (see below).
|
|
127
|
+
2. It writes a throwaway `CLAUDE_CONFIG_DIR` pointing `ANTHROPIC_BASE_URL` at a
|
|
128
|
+
local capture server, and temporarily maps the real relay host →
|
|
129
|
+
`127.0.0.1` in `/etc/hosts` (backed up and restored, with signal handlers)
|
|
130
|
+
so Claude Code still sees the **real hostname** while the request lands
|
|
131
|
+
locally.
|
|
132
|
+
3. It runs `claude -p` once and reads the `Today's date is …` line from the
|
|
133
|
+
actual request body, extracting the observed apostrophe + date separator.
|
|
134
|
+
|
|
135
|
+
This needs **root** (to touch `/etc/hosts`) and a working `claude` binary. No
|
|
136
|
+
real credentials are used — the request is intercepted locally — and your real
|
|
137
|
+
`~/.claude` is never modified. Reports show `真实捕获 ✓` (observed) vs
|
|
138
|
+
`计算预测` (computed).
|
|
139
|
+
|
|
140
|
+
- `--no-capture` — skip the run, use the computed reproduction instead.
|
|
141
|
+
- What-if checks (`--base-url` / `--tz`) and first-party endpoints are always
|
|
142
|
+
computed / certain (nothing to observe).
|
|
143
|
+
|
|
144
|
+
## Config resolution (evidence-based)
|
|
145
|
+
|
|
146
|
+
The tool does **not** trust the current process's environment variables alone —
|
|
147
|
+
those reflect whatever shell spawned it, so `claude` and `claude-cn-flag-check`
|
|
148
|
+
run from different shells can disagree. Instead it resolves what Claude Code
|
|
149
|
+
will *actually* use and prints every source it checked:
|
|
150
|
+
|
|
151
|
+
- **`ANTHROPIC_BASE_URL`** — merged from `env` blocks across enterprise managed
|
|
152
|
+
settings, `~/.claude/settings.json`, project `.claude/settings.json`, and
|
|
153
|
+
`.claude/settings.local.json`, then the live process env (session-dependent,
|
|
154
|
+
flagged as such). This is why a relay configured only in `settings.json` is
|
|
155
|
+
correctly detected even when your interactive shell has nothing exported.
|
|
156
|
+
- **Timezone** — a `TZ` override from those same `env` blocks, otherwise the
|
|
157
|
+
system zone from `/etc/localtime` (or `/etc/timezone`).
|
|
158
|
+
|
|
159
|
+
`--base-url` / `--tz` still override everything for what-if checks. The
|
|
160
|
+
`--json` output includes the full `resolution` evidence trail. (`ANTHROPIC_AUTH_TOKEN`
|
|
161
|
+
and other secrets are never read or printed.)
|
|
162
|
+
|
|
163
|
+
## How it stays accurate
|
|
164
|
+
|
|
165
|
+
By default the lists are extracted from your installed binary at runtime: the tool scans for the XOR-encoded base64 blobs, brute-forces the single-byte key, and validates the decode against known sentinel domains — so it keeps working across minified releases. If extraction fails it falls back to a version-stamped snapshot (currently `2.1.170`: 147 domains, 11 keywords).
|
|
166
|
+
|
|
167
|
+
## Disclaimer
|
|
168
|
+
|
|
169
|
+
For transparency and self-audit only. Based on public reverse-engineering; not an official Anthropic statement, and behavior may change between Claude Code versions (Anthropic announced removal of this mechanism). Verify against your own installed version with `--show-list`.
|
|
170
|
+
|
|
171
|
+
## License
|
|
172
|
+
|
|
173
|
+
MIT © shellus
|
package/README.zh-CN.md
ADDED
|
@@ -0,0 +1,162 @@
|
|
|
1
|
+
# claude-cn-flag-check
|
|
2
|
+
|
|
3
|
+
> Claude Code 会不会把**你**的环境悄悄标记成「中国用户」?一条命令就能自查。
|
|
4
|
+
|
|
5
|
+
[English →](./README.md)
|
|
6
|
+
|
|
7
|
+
2026 年年中,有人[逆向](https://www.reddit.com/r/)发现 Claude Code(`@anthropic-ai/claude-code` CLI,自 **v2.1.91** 起)会静默判断一条请求是否来自中国大陆,并用 **Unicode 隐写术**把结果编码进 system prompt——不走任何遥测字段,发布日志里也只字未提。Anthropic 随后[承认](https://www.ithome.com/0/971/118.htm)这是一项「实验性」的防转售 / 防蒸馏措施,并称将移除。
|
|
8
|
+
|
|
9
|
+
本工具**默认进行真实检测**:实际运行一次 Claude Code、指向本地端点,读取它*真正*
|
|
10
|
+
发出的隐写标记——不是预测;也可退回本地复刻逻辑做计算估算(`--no-capture`)。只读取
|
|
11
|
+
你自己的环境,不上传任何数据。
|
|
12
|
+
|
|
13
|
+
已针对 **`@anthropic-ai/claude-code@2.1.170` 验证**:域名 / 关键词清单在运行时直接从你已安装的二进制里去混淆解出,因此结论与你实际运行的版本一致。
|
|
14
|
+
|
|
15
|
+
## 检测机制到底是怎样的
|
|
16
|
+
|
|
17
|
+
只有当你通过 `ANTHROPIC_BASE_URL` 把 Claude Code 指向**第三方端点**(中转站 / 代理)时才会触发。走官方 `api.anthropic.com`、或没设 base URL 时**完全跳过**——那种情况下**时区无所谓**。触发时会计算三个正交信号:
|
|
18
|
+
|
|
19
|
+
| 信号 | 来源 | 如何编码进 `Today's date is …` |
|
|
20
|
+
|---|---|---|
|
|
21
|
+
| `cnTZ` | 系统时区为 `Asia/Shanghai` 或 `Asia/Urumqi` | 日期分隔符 `-` → `/`(如 `2026-07-03` → `2026/07/03`) |
|
|
22
|
+
| `known` | 中转 hostname 命中内置 **147 条域名清单**(精确或子域;清单含裸 `cn`,所以**任何 `*.cn` 主机都命中**) | 撇号 → `U+2019` |
|
|
23
|
+
| `labKw` | 中转 hostname 含中国 **AI 实验室关键词**(`deepseek`、`moonshot`、`dashscope` 等) | 撇号 → `U+02BC` |
|
|
24
|
+
| `known` + `labKw` 同时命中 | — | 撇号 → `U+02B9` |
|
|
25
|
+
|
|
26
|
+
`Today's` 里的撇号 + 日期分隔符共同构成一个 2–3 bit 标记,服务器侧读回——在任何编辑器里都和正常那行长得一模一样。
|
|
27
|
+
|
|
28
|
+
## 安装
|
|
29
|
+
|
|
30
|
+
```bash
|
|
31
|
+
npm install -g claude-cn-flag-check
|
|
32
|
+
# 或免安装直接跑一次:
|
|
33
|
+
npx claude-cn-flag-check
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
需要 Node.js ≥ 18(装了 Claude Code 就一定有 Node)。
|
|
37
|
+
|
|
38
|
+
## 使用
|
|
39
|
+
|
|
40
|
+
自查当前环境:
|
|
41
|
+
|
|
42
|
+
```bash
|
|
43
|
+
claude-cn-flag-check
|
|
44
|
+
```
|
|
45
|
+
|
|
46
|
+
CLI 会先把所有检测项列出来,再用扫描动画逐项刷新结果(像网页扫描器),最后给出
|
|
47
|
+
**0–100 风险分**与判定。输出为中文;`--json` 保留英文结构化字段。示例(中国时区 +
|
|
48
|
+
命中清单的中转,最坏情况,已省略部分):
|
|
49
|
+
|
|
50
|
+
```
|
|
51
|
+
检测项(4 项区域信号)
|
|
52
|
+
⚑ 端点类型 第三方中转 · 触发地区检测
|
|
53
|
+
✗ 系统时区 (权重 40) 命中 · 中国时区,把日期分隔符 - 改成 /
|
|
54
|
+
✗ 中转域名清单 (权重 35) 命中 · 撇号被改成 U+2019
|
|
55
|
+
✓ AI 实验室关键词 (权重 25) 未命中
|
|
56
|
+
|
|
57
|
+
风险分 75/100 ██████████████████░░░░░░ [高]
|
|
58
|
+
|
|
59
|
+
✗ 会被识别为中国大陆请求。
|
|
60
|
+
进入封号风控队列的可能性:高
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
### 风险分
|
|
64
|
+
|
|
65
|
+
只有三个真正影响 CLI 的信号计入评分(字体、`navigator.language` 等浏览器信号对 CLI
|
|
66
|
+
无意义,已剔除)。`marked` 仍是确定性的是/否,评分只表示严重程度:
|
|
67
|
+
|
|
68
|
+
| 信号 | 权重 |
|
|
69
|
+
|---|---|
|
|
70
|
+
| `cnTZ` — 中国时区(挂代理也会泄露) | 40 |
|
|
71
|
+
| `known` — 中转主机命中域名清单 | 35 |
|
|
72
|
+
| `labKw` — 中转主机含 AI 实验室关键词 | 25 |
|
|
73
|
+
|
|
74
|
+
分档:`安全`(0)· `低`(1–30)· `中`(31–60)· `高`(61–100)。第一方端点恒为 0。
|
|
75
|
+
|
|
76
|
+
**会被标记时进程退出码为 `1`**,干净时为 `0`,便于接进启动脚本做环境门禁:
|
|
77
|
+
|
|
78
|
+
```bash
|
|
79
|
+
claude-cn-flag-check >/dev/null || echo "⚠️ 当前 shell 会被 Claude Code 打标记"
|
|
80
|
+
```
|
|
81
|
+
|
|
82
|
+
### 假设性检查(What-if)
|
|
83
|
+
|
|
84
|
+
不改动环境,测试某个中转或时区:
|
|
85
|
+
|
|
86
|
+
```bash
|
|
87
|
+
claude-cn-flag-check --base-url https://my-relay.example.com --tz Asia/Tokyo
|
|
88
|
+
```
|
|
89
|
+
|
|
90
|
+
### 选项
|
|
91
|
+
|
|
92
|
+
| 参数 | 含义 |
|
|
93
|
+
|---|---|
|
|
94
|
+
| `--base-url <url>` | 检查一个假设的 `ANTHROPIC_BASE_URL` |
|
|
95
|
+
| `--tz <zone>` | 检查一个假设的 IANA 时区 |
|
|
96
|
+
| `--assume-first-party` | 模拟 `_CLAUDE_CODE_ASSUME_FIRST_PARTY_BASE_URL=1` |
|
|
97
|
+
| `--snapshot` | 用内置清单快照,跳过实时提取 |
|
|
98
|
+
| `--binary <path>` | 指定用于提取清单的 `claude` 二进制路径 |
|
|
99
|
+
| `--show-list` | 打印解码出的域名 / 关键词清单 |
|
|
100
|
+
| `--json` | 机器可读输出 |
|
|
101
|
+
| `-h`, `--help` / `-v`, `--version` | — |
|
|
102
|
+
|
|
103
|
+
## 如何降低风控值
|
|
104
|
+
|
|
105
|
+
- **时区(`cnTZ`)**——用非中国时区启动:`TZ=Asia/Tokyo claude`。这是**最有效**的一招,因为系统时区即使挂了代理也会泄露。
|
|
106
|
+
- **中转 hostname(`known` / `labKw`)**——换一个不在清单、且不含 AI 实验室关键词、也不是 `.cn` 后缀的中转;用中性域名自建可同时避开两者。
|
|
107
|
+
- **彻底关闭**——`_CLAUDE_CODE_ASSUME_FIRST_PARTY_BASE_URL=1` 可关掉整套机制(让客户端把你的 base URL 当作第一方)。依赖前请了解其影响。
|
|
108
|
+
|
|
109
|
+
## 作为库调用
|
|
110
|
+
|
|
111
|
+
```js
|
|
112
|
+
const { check, isClaudeChinaUser } = require('claude-cn-flag-check');
|
|
113
|
+
|
|
114
|
+
isClaudeChinaUser(); // 布尔,当前环境
|
|
115
|
+
check({ baseUrl: 'https://r.example.com', timezone: 'Asia/Shanghai' });
|
|
116
|
+
// → { marked, signals: { cnTZ, known, labKw }, carrier: { dateLine, ... }, features: [...] }
|
|
117
|
+
```
|
|
118
|
+
|
|
119
|
+
## 真实检测(默认)
|
|
120
|
+
|
|
121
|
+
默认做的是真实捕获,不是预测:
|
|
122
|
+
|
|
123
|
+
1. 从配置解析出你真实的中转主机(见下节)。
|
|
124
|
+
2. 写一个临时 `CLAUDE_CONFIG_DIR`,把 `ANTHROPIC_BASE_URL` 指向本地捕获服务器,并
|
|
125
|
+
临时在 `/etc/hosts` 里把真实中转主机映射到 `127.0.0.1`(自动备份+还原+信号兜底),
|
|
126
|
+
这样 Claude Code 仍**看到真实主机名**,而请求落到本地。
|
|
127
|
+
3. 运行一次 `claude -p`,从真实请求体里读出 `Today's date is …` 那行,提取观测到的
|
|
128
|
+
撇号 + 日期分隔符。
|
|
129
|
+
|
|
130
|
+
这需要 **root**(改 `/etc/hosts`)和可用的 `claude`。**不使用真实凭证**(本地拦截),
|
|
131
|
+
**不修改**你真实的 `~/.claude`。报告会标注 `真实捕获 ✓`(观测)或 `计算预测`。
|
|
132
|
+
|
|
133
|
+
- `--no-capture`——不运行 claude,改用复刻逻辑做计算。
|
|
134
|
+
- what-if(`--base-url` / `--tz`)与第一方端点始终为计算 / 确定(无可观测对象)。
|
|
135
|
+
|
|
136
|
+
## 配置解析(基于依据)
|
|
137
|
+
|
|
138
|
+
工具**不只信**当前进程的环境变量——那反映的是启动它的那个 shell,所以从不同 shell
|
|
139
|
+
跑 `claude` 和 `claude-cn-flag-check` 可能不一致。它会解析 Claude Code **实际会用**的
|
|
140
|
+
配置,并把检查过的每个来源都打印出来:
|
|
141
|
+
|
|
142
|
+
- **`ANTHROPIC_BASE_URL`**——合并企业管理设置、`~/.claude/settings.json`、项目
|
|
143
|
+
`.claude/settings.json`、`.claude/settings.local.json` 的 `env` 块,再叠加进程环境
|
|
144
|
+
变量(会话相关,已标注)。所以**只在 `settings.json` 里配了中转、交互 shell 没
|
|
145
|
+
export** 的情况,也能被正确检出。
|
|
146
|
+
- **时区**——先看上述 `env` 块里的 `TZ` 覆盖,否则读系统 `/etc/localtime`(或
|
|
147
|
+
`/etc/timezone`)。
|
|
148
|
+
|
|
149
|
+
`--base-url` / `--tz` 仍可覆盖一切做假设检查。`--json` 输出包含完整的 `resolution`
|
|
150
|
+
依据链。(`ANTHROPIC_AUTH_TOKEN` 等密钥永远不读取、不打印。)
|
|
151
|
+
|
|
152
|
+
## 准确性如何保证
|
|
153
|
+
|
|
154
|
+
默认在运行时从你已安装的二进制提取清单:扫描 XOR 编码的 base64 blob,暴力破解单字节密钥,再用已知哨兵域名校验解码结果——因此在混淆变量名逐版本变化的情况下依然可用。提取失败时回退到打了版本戳的内置快照(当前 `2.1.170`:147 域名、11 关键词)。
|
|
155
|
+
|
|
156
|
+
## 免责声明
|
|
157
|
+
|
|
158
|
+
仅用于透明性与自查。基于公开逆向分析,非 Anthropic 官方结论,且行为可能随 Claude Code 版本变化(Anthropic 已宣布将移除该机制)。请用 `--show-list` 对照你自己安装的版本。
|
|
159
|
+
|
|
160
|
+
## 许可证
|
|
161
|
+
|
|
162
|
+
MIT © shellus
|