GitHub retracts mistaken Claude Code fork takedowns after cch signing reverse-engineering

• Gergely Orosz's read of the public DMCA history matches GitHub's own original notice: Anthropic asked for one parent repo and 96 listed forks, but GitHub says it processed the entire reported fork network, about 8.1K repositories.
• the retraction tweet linking GitHub's correction points to a partial retraction that reinstated everything except nirholas/claude-code and the 96 URLs named in the original notice.
• Theo's takedown notice showed the collateral damage clearly: a public fork with no leaked source still got disabled, which is exactly the class of mistake GitHub later reversed.
• paoloanzn's follow-up and the linked reverse-engineering writeup showed that Claude Code's cch header was an xxHash64 body-integrity check wired into a private Bun runtime, not a server-only secret.
• paoloanzn's announcement came a few hours later with an open client patch, and the linked free-code PR says third-party clients can now generate valid cch values in JavaScript without Anthropic's official binary.

GitHub's own DMCA archive says the notice got applied to an 8.1K-repo network, then corrected with a same-day retraction. You can also read the full cch reverse-engineering post, inspect the open client implementation, and compare that with Anthropic's still-public Claude Code releases page.

The public March 31 DMCA notice names nirholas/claude-code plus 96 fork URLs. GitHub then adds a note explaining that, because the reported network exceeded 100 repositories and the submitter alleged the forks were infringing to the same extent as the parent, it processed the takedown across the entire fork network, about 8.1K repositories.

That distinction became the whole story. Gergely Orosz's follow-up noted that the public notice did not mention Anthropic's open SDK repos, yet GitHub still disabled unrelated forks that shared the same name.

Theo said his fork only contained an old skill edit, not leaked Claude Code source, but GitHub still disabled it under the Anthropic notice. Gergely Orosz and his later update treated that as the visible sign that GitHub had applied the notice far beyond the listed repos.

The April 1 retraction, linked in the correction tweet, is narrow and explicit: keep nirholas/claude-code plus the 96 individually listed forks disabled, and reinstate everything else. That means the correction was not a reversal of Anthropic's original complaint. It was a rollback of the network-wide spillover.

The reverse-engineering writeup says every Claude Code request carries an x-anthropic-billing-header with cc_version, cc_entrypoint=cli, and a five-character cch value. The JavaScript layer only wrote cch=00000. The real replacement happened inside a private Bun build's native fetch implementation.

According to that writeup, the native path only activates when three conditions are true:

• the URL contains /v1/messages
• the anthropic-version header is present
• the request body still contains the cch=00000 placeholder

When those checks pass, Bun hashes the serialized request body, masks the result to 20 bits, formats it as a five-character lowercase hex string, and overwrites the placeholder before sending. The article identifies the hash as xxHash64(body, seed) & 0xFFFFF, and says bad values trigger the API error that fast mode is only available in Claude Code research preview.

The interesting part is how little mystery remained once the mechanism was spelled out. paoloanzn said the signing system had been fully reverse-engineered and merged into an open client within a day.

The linked free-code PR says the patch computes cch in JavaScript with xxhash-wasm, watches for /v1/messages requests that still contain the placeholder, and swaps in the final five-character hash before transmission. The PR also removes a NATIVE_CLIENT_ATTESTATION gate, which is a neat summary of what broke: a native-only attestation layer stopped being native-only as soon as someone reproduced the algorithm.

While GitHub was untangling the takedowns, Anthropic's own public Claude Code releases page kept moving. The v2.1.90 release landed late on April 1 with /powerup, marketplace-cache controls, protected-directory updates, and a fix for --resume prompt-cache misses.

Anthropic's official Agent SDK overview also says the old Claude Code SDK name has already been retired in docs in favor of Claude Agent SDK. That made the day's fork confusion especially messy: the company had a public repo and public SDK docs, a private leaked codebase, a GitHub notice processed across an 8.1K network, and a client-side signing scheme that the community had already cloned.