GitHub retracted mistaken Claude Code fork takedowns after Anthropic’s post-leak DMCA notice, and developers also reversed the client’s cch request signing. Watch for third-party client compatibility issues and a growing gap between requested and executed takedowns.
cch= request-signing scheme, then merged support into the open source free-code client, which means third-party clients can now generate the same billing-header hash without Anthropic's official binary reverse-engineering claim implementation links.cch is a 5-character integrity hash over the serialized request body, with Claude Code first writing cch=00000 and Bun's native layer replacing it later captured billing header reverse-engineering article.nirholas/claude-code and the 96 fork URLs explicitly listed in the original notice retraction link notice history.You can read the original DMCA notice, the partial retraction, the reverse-engineering writeup on Claude Code's request signing, and the merged free-code pull request. The reverse-engineering post is especially good because it traces the hash from JavaScript placeholder to Bun-native patching. The GitHub DMCA pages are worth reading side by side because the retraction is narrower and much more precise than the takedown execution that developers saw.
The new technical detail in the fallout was not the leak itself, it was the billing header Anthropic had added to Claude Code requests. Paolo Azzan says the scheme is now fully reversed, and his screenshot shows the header format in the wild: x-anthropic-billing-header: cc_version=...; cc_entrypoint=cli; cch=...; captured billing header.
According to the reverse-engineering writeup, Claude Code's JavaScript builds that header with a dummy cch=00000, then Bun's native runtime swaps in the real value during request processing. The article says the server rejects bad values with the same error users had already seen around fast mode.
The merged PR turns that analysis into code. Its summary says cch is an xxHash64-based integrity hash over the serialized request body, masked down to 20 bits and rendered as a 5-character lowercase hex string in the billing header.
The implementation details line up across the PR and the writeup:
cch=00000That matters because the reverse-engineered version no longer depends on Anthropic's shipped CLI binary. The PR explicitly frames it as enabling third-party clients to interoperate with the subscription-backed request path that Claude Code had been gating.
The legal cleanup broke into the open when maintainers of public forks started getting GitHub takedown emails for repositories that, by their account, did not include the leaked proprietary source. Theo said his disabled repo only contained a PR that edited a skill from weeks earlier fork takedown example.
That matched the confusion in the public paperwork. Gergely Orosz pointed out that Anthropic's original notice did not mention the open source Claude Code SDK, yet GitHub still disabled forks tied to that network notice context.
By the evening, the paper trail changed. The April 1 retraction says Anthropic was retracting the March 31 notice for every disabled repository except https://github.com/nirholas/claude-code and the 96 fork URLs individually listed in the original filing.
That wording matters because it narrows the target set to the specific repo and explicit forks Anthropic says held proprietary code. It also supports the claim in the tweets that the broader fork takedowns were not the intended end state, even if developers still had to wait for GitHub to unwind them.
The most concrete explanation for the blowup lives inside GitHub's copy of the original notice. GitHub added a note saying that because the reported network was larger than 100 repositories, and the submitter alleged that most forks were infringing to the same extent as the parent, it processed the takedown against the entire network of 8.1K repositories, parent included.
That note introduces a second gap in the story, separate from the cch reverse engineering. One gap was between Anthropic's proprietary client and third-party clients. The other was between the URLs Anthropic listed and the much larger repository network GitHub says it actually processed.
we cracked it. the cch= signing system in claude code is fully reverse engineered - all credits for the work go to @ssslomp who did an amazing re work now any opensource client can let users actually use the anthropic subscription they already paid for. with whatever tool they Show more
CAREFUL: anthropic built a signature system into claude code. every API request gets signed with a cch= hash thats computed in compiled zig code if you recompile the client yourself it just sends zeros instead. they can instantly tell its not legit right now you literally can't
github.com/paoloanzn/free… article from who reversed engineer it: a10k.co/b/reverse-engi…
Anthropic DMCA’d my Claude code fork. …which did not have the Claude Code source. It was only for a PR where I edited a skill a few weeks ago. Absolutely pathetic.
Here’s the original Anthropic DMCA takedown notice, where the Claude Code SDK is not mentioned But then GitHub took down forks of those as well github.com/github/dmca/bl… (It’s now restoring them or restored them) Somewhere something went very wrong… probably at GitHub?
this was a communication mistake, see retraction here: github.com/github/dmca/bl… should be reinstated but not sure what the process is here
Reading back the history of the public DMCA request: Anthropic requested DMCA on 97 repos that (presumably) had copies of the properitary code: github.com/github/dmca/bl… Somehow GitHub started to DMCA a lot more, forks unrelated to the request (how did this happen?) Then Anthropic Show more
This should be an April Fool’s joke: but it’s not. Anthropic requested to take down 97 repositories that had copies of their proprietary Claude Code code + all forks *of those* GitHub then proceeded to take down all forks of the *open source Claude Code SDK* as well!! Uhh
