Claude Code's Dual Build: What Anthropic Has That You Don't
There are two Claude Codes. The one you use, and the one Anthropic employees use. The differences aren't cosmetic — they're more aggressive instructions, tools that don't exist in your version, and a secret beta header that unlocks server-side features you've never seen.
There are two Claude Codes. You only know one.
Somewhere in Claude Code's source — the code that compiles, not the one you see on npm — there's a line that changes everything:
// The line that divides two worlds if (process.env.USER_TYPE === 'ant') { // This code only exists for Anthropic employees // In your build, these lines don't even compile }
It's not a feature flag. It's not a toggle you can activate with an environment variable. It's code that literally doesn't exist in your version — eliminated at compile time by Bun's bundler. Dead code elimination. The functions aren't hidden; they aren't there.
Throughout this series we've been taking Claude Code apart layer by layer — from the 18-section system prompt to the permission system. Now, in this final article, we arrive at the most uncomfortable question of all: what does Anthropic have that you don't?
⚡ Thesis of this article
Claude Code has a dual build: "ant" (internal for Anthropic) and "external" (the one you install from npm). The differences include more aggressive prompts, exclusive tools, internal skills, and a secret beta header. These differences reveal exactly what Anthropic thinks about safety, productivity, and the future of code agents.
Compile-Time Feature Gates
Claude Code uses Bun as its bundler. And Bun has a powerful feature: bun:bundle feature flags with compile-time tree-shaking.
// The fundamental pattern of the dual build import { feature } from 'bun:bundle'; if (feature('internal_tools')) { // This entire block is eliminated if feature('internal_tools') === false // Not commented out, not disabled — DELETED from the final bundle registerTool(new TungstenTool()); registerTool(new ConfigTool()); registerTool(new SuggestBackgroundPRTool()); } // In the 'ant' build: feature('internal_tools') → true → code included // In the 'external' build: feature('internal_tools') → false → code eliminated
This is fundamentally different from a runtime feature flag like GrowthBook or LaunchDarkly. A runtime flag exists in the code — it's compiled, present, evaluable. You can find it, activate it, reverse-engineer it. A compile-time feature gate is irreversible: the code isn't there. You can't activate it because it was never included.
The system documents 19 compile-time feature flags. The most relevant ones:
| Flag | Ant build | External build |
|---|---|---|
| internal_tools | ✓ true | ✗ false |
| internal_prompts | ✓ true | ✗ false |
| internal_skills | ✓ true | ✗ false |
| beta_header | ✓ true | ✗ false |
| repl_mode | ✓ true | ✗ false |
| nested_agents | ✓ true | ✗ false |
Bun's tree-shaking is aggressive. Iffeature('X')evaluates tofalse, the entire conditional block is eliminated — including imports only used by that block. Theexternalbuild is literally smaller because it's missing code.
The Prompts You Never See
The most revealing differences aren't in the tools — they're in the system prompt instructions. The internal build contains directives that fundamentally change how Claude behaves:
| Directive | Ant build (internal) | External build (you) |
|---|---|---|
| Refusal | "Never say you can't — show the error" | (doesn't exist) |
| Verbosity | "≤25 words between tools, ≤100 words final response" | "Be concise" |
| Comments | "Minimize code comments unless necessary" | (no instruction) |
| Rigor | "Be rigorous: edge cases, adjacent changes, full coverage" | (doesn't exist) |
Let's analyze why these differences exist:
"Never refuse" is the most revealing. When Claude works for an Anthropic employee, it's instructed to never decline an action — and instead, show the exact error. The logic is simple: an Anthropic employee can debug. If Claude says "I can't do that," an internal engineer wastes time. If it shows a stack trace, that engineer resolves it in seconds.
For external users, that directive doesn't exist. Anthropic prefers Claude to refuse gracefully rather than have a user without technical context see a raw error and think the tool is broken. It's a decision of operational safety, not technical capability.
The verbosity rule is equally significant: ≤25 words between tool calls. Anthropic has learned internally that less text between actions = more productivity. Every word Claude writes between a file read and an edit is wasted time for an engineer who knows what's happening. The external version says "be concise" — the internal version says "shut up and work."
🎯 The implicit philosophy: Anthropic treats its internal users as experts who want speed, and its external users as a diverse audience that needs protection. It's not paternalism — it's asymmetric risk management.
The Tools You Don't Have
The ant build includes tools that simply don't exist in your CLI. They're not disabled — the code that defines them was eliminated at compile time:
ConfigTool
ant-onlyDirect management of Claude Code's internal configuration. Allows adjusting behaviors, thresholds, and policies at runtime without editing configuration files. A control panel you don't have.
TungstenTool
ant-onlyAnthropic's internal testing framework. Tungsten allows running integration and validation tests directly from Claude Code — a bridge between the agent and internal QA infrastructure.
SuggestBackgroundPRTool
ant-onlyAutomatic Pull Request creation. Claude can suggest and create PRs in the background without manual intervention. Imagine finishing a refactor and the PR creates itself — with diff, description, and assigned reviewers.
REPLTool
ant-onlyA VM that wraps all primitive tools (Bash, FileRead, FileEdit) into a unified REPL environment. Instead of individual tools, Claude operates in a conversational mode with the filesystem.
Nested Agents
ant-only
The most powerful capability: sub-agents that create sub-agents. An orchestrator Claude can spawn child agents, each with their own context and tools, and coordinate the work. It's the "multi-agent" pattern the industry has been trying to solve for months — and Anthropic uses it internally as casually as git commit.
The most interesting part isn't that these tools exist — it's that Anthropic uses them daily for their own development. Claude Code, the tool, is partially developed with Claude Code. Anthropic employees have a Claude significantly more capable of making large changes, creating PRs automatically, and coordinating multiple agents.
The Skills You Can't Run
Beyond tools, the internal build has exclusive slash commands — skills that only register when USER_TYPE === 'ant':
/verify Complete automated verification: runs tests, lint, type checking, and validations in sequence. This isn't just "run tests" — it's a full CI pipeline running locally before you push.
In your build, verification requires running each step manually or asking Claude to do it step by step.
/remember
Memory promotion to CLAUDE.md. When an employee discovers something important during a session, /remember extracts it, formats it, and inserts it into the project's persistent memory file.
In your build, you can edit CLAUDE.md manually or ask Claude to do it, but there's no dedicated command that optimizes format and placement.
/stuck
Frozen session diagnostics. When Claude gets stuck in a loop or can't make progress, /stuck analyzes the state, identifies the blocker, and suggests solutions.
But the most revealing part: /stuck has direct integration with Slack's #claude-code-feedback channel. A stuck employee can send an automatic diagnostic to the Claude Code team with a single command. The agent doesn't just self-diagnose — it reports to its creators.
This is extreme dogfooding: bugs get reported from inside the tool, by the tool itself.
/stuck is the skill that best summarizes the dual build philosophy: internally, Anthropic doesn't just use Claude Code — they have a direct feedback channel integrated into the tool. Bugs aren't discovered in GitHub Issues; they're discovered while an engineer is coding and reported in the same flow.
The Secret Beta Header
The internal build sends an additional HTTP header in every request to Anthropic's API:
// Only in the 'ant' build headers['anthropic-beta'] = 'cli-internal-2026-02-09'; // Combined with the normal headers: headers['anthropic-beta'] = [ 'context-management-2025-06-27', 'context-1m', 'cli-internal-2026-02-09' // ← Employees only ].join(',');
cli-internal-2026-02-09 — a header that only exists in the ant build. What does it unlock? We don't know for certain, but the implications are fascinating:
Server-Side Feature Unlocks
The header likely activates server-side capabilities not available in the public API. Models with different instructions, higher limits, or experimental capabilities that haven't reached public production yet.
Experimental Model Versions
With this header, employees might be using a version of the model that isn't the same one you see. Speed optimizations, additional system instructions on the server, or fine-tuned models for coding still under testing.
The Biggest Implication
There are API functions that aren't even in the public CLI. Not only is the client different — the server behaves differently depending on who's calling. The dual build isn't just client-side; it's full-stack.
What This Reveals About Anthropic
The dual build isn't just an engineering decision — it's a statement of principles. Every difference between the ant and external builds encodes a belief about how AI should work:
🛡️ On Safety
The most aggressive instructions go to the internal team — the ones who can debug. "Never refuse" is only safe when the human on the other side has full context. Safety isn't absolute; it's proportional to the user's capability.
⚡ On Productivity
"≤25 words between tools" is brutal but effective. Anthropic has discovered internally that less verbosity = more speed. The ideal model doesn't talk — it executes. This suggests the future of Claude Code will be quieter, not more conversational.
🤖 On Agency
Internally they trust "never refuse + show the error." This means Anthropic believes a reliable and transparent agent is better than a cautious and opaque one. Polite refusal is a patch, not a solution.
🔮 On the Future
Features like REPLTool and nested agents are a preview of what Claude Code will be in 6 months. The historical pattern is clear: features that start in ant migrate to external once they're tested and safe.
🍽️ On Dogfooding
Anthropic doesn't just use Claude Code — they use a significantly more powerful version. /stuck with Slack integration, automatic PRs, nested agents. This isn't cosmetic dogfooding where the CEO uses the app for a demo. It's real dogfooding: they develop their product with their product, using a version that's months ahead of the public release.
The Open Question
After 6 articles taking Claude Code apart piece by piece, we end where we started: with a question about who has access to what.
Should these features be public? The argument in favor is simple: if "never refuse" works better, give it to everyone. If REPLTool is more productive, publish it. If nested agents work, unlock them. AI should be an equalizer, not a privilege amplifier.
Is it ethical to have differentiated builds? Every software company has internal features. Slack uses Slack with features you don't have. Google's Chrome has flags that will never reach the public Canary. But with AI, the question amplifies: is having an extra button the same as having a fundamentally more capable agent?
Which features will migrate to external? If the historical pattern holds, I'd expect to see REPLTool and /verify in the public build within 3-6 months. Nested agents likely later — they require coordination infrastructure that's still maturing. SuggestBackgroundPRTool could be the next candidate, given that the GitHub Actions ecosystem already handles CI/CD complexity.
What does this mean for the competition? Cursor, Windsurf, Cline, Aider — none have a public dual build. They either have one version for everyone, or enterprise features with licensing. Anthropic's model is different: the dual build doesn't monetize — it optimizes. Employees don't pay more; they have permission to break things.
🏁 End of the series
This was article 6 of 6. We started by deconstructing the 18 layers of the system prompt — the visible surface — and ended here, in the build system that decides which version of Claude Code exists for each person.
From prompt to compiler. From what you see to what you can't. Complete anatomy.
📚 Complete Series: Claude Code Anatomy
Building agents with LLMs?
At Cadences we design agents using the same industrial patterns we've discovered in Claude Code. If you want to apply these principles to your business, let's talk.
Gonzalo Monzón
Founder of CadencesLab. Software engineer, multi-agent systems architect, and eternal student of how machines think. This series comes from months of reverse engineering the tools we use daily.
More in the series
Claude Code's Tool and Permission System
How Claude Code decides which tools it can use and when to ask for permission.
Part 1/6 · Back to the beginningHow Claude Code Builds Its System Prompt: 18 Layers You Don't See
Where it all began: the 18 sections, the dynamic boundary, and the anti-YAGNI philosophy.