Take back control of your AI API telemetry
Alpha — This project is under active development. Test with a non-primary account first.
Disclaimer — See full disclaimer below.
Claude Code collects 640+ telemetry event types across 3 parallel channels, fingerprints your machine with 40+ environment dimensions, and phones home every 5 seconds. Your device ID, email, OS version, installed runtimes, shell type, CPU architecture, and physical RAM are all reported to the vendor — continuously.
If you run Claude Code on multiple machines, each device gets a unique permanent identifier. There is no built-in way to manage how your identity is presented to the API.
CC Gateway is a reverse proxy that sits between Claude Code and the Anthropic API. It normalizes device identity, environment fingerprints, and process metrics to a single canonical profile — giving you control over what telemetry leaves your network.
- Full identity rewrite — device ID, email, session metadata, and the
user_idJSON blob in every API request are normalized to one canonical identity - 40+ environment dimensions replaced — platform, architecture, Node.js version, terminal, package managers, runtimes, CI flags, deployment environment — the entire
envobject is swapped, not patched - System prompt sanitization — the
<env>block injected into every prompt (Platform, Shell, OS Version, working directory) is rewritten to match the canonical profile, preventing cross-reference detection between telemetry and prompt content - Process metrics normalization — physical RAM (
constrainedMemory), heap size, and RSS are masked to canonical values so hardware differences don't leak - Centralized OAuth — the gateway manages token refresh internally; client machines never contact
platform.claude.comand never need a browser login - Telemetry leak prevention — strips
baseUrlandgatewayfields that would reveal proxy usage in analytics events - Three-layer defense architecture — env vars (voluntary routing) + Clash rules (network-level blocking) + gateway rewriting (identity normalization)
git clone https://github.com/motiful/cc-gateway.git
cd cc-gateway
npm install
# Generate canonical identity
npm run generate-identity
# Generate a client token
npm run generate-token my-machine
# Configure
cp config.example.yaml config.yaml
# Edit config.yaml: paste device_id, client token, and OAuth refresh_tokenbash scripts/extract-token.sh
# Copies refresh_token from macOS Keychain → paste into config.yaml# Development (no TLS)
npm run dev
# Production
npm run build && npm start
# Docker
docker-compose up -d# Health check
curl http://localhost:8443/_health
# Rewrite verification (shows before/after diff)
curl -H "Authorization: Bearer <your-token>" http://localhost:8443/_verifyAdd these environment variables on each client machine. No browser login needed.
# Route all Claude Code traffic through the gateway
export ANTHROPIC_BASE_URL="https://gateway.your-domain.com:8443"
# Disable side-channel telemetry (Datadog, GrowthBook, version checks)
export CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC=1
# Skip browser OAuth — gateway handles authentication
export CLAUDE_CODE_OAUTH_TOKEN="gateway-managed"
# Authenticate to the gateway
export ANTHROPIC_CUSTOM_HEADERS="Proxy-Authorization: Bearer YOUR_TOKEN"Or run the interactive setup script:
bash scripts/client-setup.shThen start Claude Code normally — claude — no login prompt, traffic routes through the gateway automatically.
| Layer | Field | Action |
|---|---|---|
| Identity | device_id in metadata + events |
→ canonical ID |
email |
→ canonical email | |
| Environment | env object (40+ fields) |
→ entire object replaced |
| Process | constrainedMemory (physical RAM) |
→ canonical value |
rss, heapTotal, heapUsed |
→ randomized in realistic range | |
| Headers | User-Agent |
→ canonical CC version |
Authorization |
→ real OAuth token (injected by gateway) | |
x-anthropic-billing-header |
→ canonical fingerprint | |
| Prompt text | Platform, Shell, OS Version |
→ canonical values |
Working directory |
→ canonical path | |
/Users/xxx/, /home/xxx/ |
→ canonical home prefix | |
| Leak fields | baseUrl (ANTHROPIC_BASE_URL) |
→ stripped |
gateway (provider detection) |
→ stripped |
Clash acts as a network-level safety net. Even if Claude Code bypasses env vars or adds new hardcoded endpoints in a future update, Clash blocks direct connections.
rules:
- DOMAIN,gateway.your-domain.com,DIRECT # Allow gateway
- DOMAIN-SUFFIX,anthropic.com,REJECT # Block direct API
- DOMAIN-SUFFIX,claude.com,REJECT # Block OAuth
- DOMAIN-SUFFIX,claude.ai,REJECT # Block OAuth
- DOMAIN-SUFFIX,datadoghq.com,REJECT # Block telemetrySee clash-rules.yaml for the full template.
Client machines CC Gateway Anthropic
┌────────────┐ ┌──────────────────┐
│ Claude Code │── ANTHROPIC_ ────│ Auth: Bearer │
│ + env vars │ BASE_URL │ OAuth: auto- │
│ + Clash │ │ refresh │──── single ────▶ api.anthropic.com
│ (blocks │ │ Rewrite: all │ identity
│ direct) │ │ identity │
└────────────┘ │ Stream: SSE │
│ passthrough │
└──────────────────┘
│
platform.claude.com
(token refresh only,
from gateway IP)
Defense in depth:
| Layer | Mechanism | What it prevents |
|---|---|---|
| Env vars | ANTHROPIC_BASE_URL + DISABLE_NONESSENTIAL + OAUTH_TOKEN |
CC voluntarily routes to gateway, disables side channels, skips browser login |
| Clash | Domain-based REJECT rules | Any accidental or future direct connections to Anthropic |
| Gateway | Body + header + prompt rewriting | All 40+ fingerprint dimensions normalized to one device |
- MCP servers —
mcp-proxy.anthropic.comis hardcoded and does not followANTHROPIC_BASE_URL. If clients use official MCP servers, those requests bypass the gateway. Use Clash to block this domain if MCP is not needed. - CC updates — New Claude Code versions may introduce new telemetry fields or endpoints. Monitor Clash REJECT logs for unexpected connection attempts after upgrades.
- Token lifecycle — The gateway auto-refreshes the OAuth access token. If the underlying refresh token expires (rare), re-run
extract-token.shon the admin machine.
This project builds on:
- Claude Code 封号机制深度探查报告 — Reverse-engineering analysis of Claude Code's 640+ telemetry events, 40+ fingerprint dimensions, and ban detection mechanisms
- instructkr/claude-code — Deobfuscated Claude Code source used for the telemetry audit
This project is for educational and research purposes only. It demonstrates API telemetry normalization at the proxy layer.
- Do NOT use this to share accounts or violate Anthropic's Terms of Service
- Do NOT use this for commercial purposes
- The author is not responsible for any consequences of using this software
- Use at your own risk
This project was created by a paying Claude Code subscriber ($200/month) who was banned without explanation while using multiple personal devices. It exists because Anthropic's risk controls disproportionately affect non-US subscribers with no avenue for appeal.