Summary

Claude Code (cac) addresses the need for isolated, protected, and managed Claude Code environments. It targets users requiring version control, distinct configurations, and enhanced privacy for their Claude interactions, offering a robust solution for running Claude Code securely and flexibly.

How It Works

cac functions as a process-level wrapper, intercepting Claude Code execution without source code modification. It manages distinct Claude Code versions, isolates .claude configuration directories, and employs Node.js hooks and shell shims to spoof hardware UUIDs, hostnames, and MAC addresses. Advanced privacy features include telemetry blocking via DNS guards and fetch interception, with configurable modes, and mTLS client certificate injection for secure communication.

Quick Start & Requirements

• Installation: npm install -g claude-cac or via a provided installation script.
• Prerequisites: Node.js (via npm).
• Setup: Zero-configuration, auto-initializes on first use. Requires an initial /login command for OAuth authorization.
• Documentation: Docs.

Highlighted Details

• Environment Isolation: Each environment maintains separate Claude Code versions, .claude configurations (sessions, settings, memory), unique identities (UUID, hostname, MAC), and independent proxy routing.
• Privacy Features: Implements device fingerprint spoofing, graded telemetry blocking (conservative/aggressive), and mTLS client certificate support.
• Version Management: Allows installation, switching, pinning, and uninstallation of specific Claude Code versions per environment.
• Docker Support: Offers a fully isolated Docker container mode with TUN networking and pre-installed Claude Code.

Maintenance & Community

• Community: Active Telegram community (https://t.me/claudecodecloak).
• Health: Maintained via npm package and GitHub repository.

Licensing & Compatibility

• License: MIT License.
• Compatibility: Permissive MIT license suitable for commercial use and integration into closed-source projects.

Limitations & Caveats

cac provides device-level privacy but explicitly states it cannot prevent account-level bans, which stem from OAuth, payment methods, or IP reputation. Users are advised to disable local proxy/VPN tools due to experimental TUN mode compatibility. System-wide IPv6 should be disabled to prevent address leaks.