This document covers the licensing terms for Claude Code and the security vulnerability disclosure process. It also documents data collection practices and privacy safeguards implemented in the system.
For information about security isolation mechanisms and sandbox configuration, see Sandbox Environment. For enterprise security controls and permission management, see Configuration and Permission Model.
Claude Code is proprietary software owned by Anthropic PBC. The codebase includes built-in security features for development environment isolation, vulnerability reporting mechanisms, and privacy-conscious data collection practices.
Sources: LICENSE.md1 README.md60-72 SECURITY.md1-13
Claude Code is copyrighted software subject to Anthropic's Commercial Terms of Service. The software is not open source and all rights are reserved by Anthropic PBC.
License Statement:
© Anthropic PBC. All rights reserved.
Use is subject to Anthropic's Commercial Terms of Service.
Users must comply with the Commercial Terms of Service when using Claude Code.
Sources: LICENSE.md1
Anthropic operates a formal vulnerability disclosure program managed through HackerOne. Security researchers who identify potential vulnerabilities should report them through the official channels rather than public issue trackers.
Security Vulnerability Reporting Workflow
| Aspect | Details |
|---|---|
| Program Manager | HackerOne |
| Submission Form | https://hackerone.com/anthropic-vdp/reports/new |
| Program Guidelines | https://hackerone.com/anthropic-vdp |
| Scope | Claude Code functionality and related services |
| Priority | Security of systems and user data |
Important: Do not report security vulnerabilities through GitHub Issues or public channels. Use the HackerOne submission form exclusively for validated security issues.
Sources: SECURITY.md1-13
Claude Code collects specific types of data to improve the product and provide user support. The collection is designed with privacy safeguards and limited retention policies.
Data Collection Architecture
| Data Type | Source | Purpose |
|---|---|---|
| Usage Data | Code acceptance/rejection actions | Product improvement and feature validation |
| Conversation Data | Session context and interactions | Support and debugging |
| User Feedback | /bug and /feedback commands | Issue tracking and user experience improvements |
Claude Code implements multiple privacy protections:
Relevant Policy Documents:
Sources: README.md60-72
Claude Code includes a hardened development container environment with network isolation and firewall controls. This architecture is documented in SECURITY.md1-13 and implemented across multiple configuration files.
DevContainer Security Implementation
| File | Purpose | Security Function |
|---|---|---|
| .devcontainer/init-firewall.sh1-92 | Firewall initialization | Sets up iptables rules for network isolation |
| .devcontainer/Dockerfile86-91 | Sudo configuration | Grants limited sudo access for firewall script only |
| .devcontainer/devcontainer.json | Container lifecycle | Runs firewall as postStartCommand before container ready |
The firewall script .devcontainer/init-firewall.sh1-92 implements defense-in-depth:
Sudoers Configuration:
node ALL=(root) NOPASSWD: /usr/local/bin/init-firewall.sh
This grants the node user permission to run only the firewall initialization script with root privileges, nothing else.
Sources: .devcontainer/Dockerfile1-92 .devcontainer/init-firewall.sh1-92
Beyond the DevContainer, Claude Code implements application-level sandbox controls for bash command execution. This is configured through settings files and documented in detail at Sandbox Environment.
Sandbox Configuration Hierarchy
The CHANGELOG documents multiple security fixes related to sandbox bypass attempts:
| Version | Security Fix | CVE/Issue |
|---|---|---|
| 2.1.49 | Fixed unbounded WASM memory growth during long sessions | CHANGELOG.md18 |
| 2.1.47 | Fixed permission bypass via shell line continuation | CHANGELOG.md470 |
| 2.1.21 | Fixed security vulnerability where wildcard permission rules could match compound commands | CHANGELOG.md449 |
| 2.1.34 | Fixed sandbox bypass via excludedCommands with autoAllowBashIfSandboxed | CHANGELOG.md199 |
| 2.1.38 | Improved heredoc delimiter parsing to prevent command smuggling | CHANGELOG.md185 |
Sources: CHANGELOG.md1-1000
Claude Code provides built-in commands for users to report issues and provide feedback securely.
Feedback Command Flow
The /bug command referenced in README.md62 generates a GitHub issue URL with relevant context:
The /feedback command mentioned in README.md62 provides a similar flow but submits directly to Anthropic's feedback API rather than GitHub.
Sources: README.md52-72 CHANGELOG.md405
Security fixes follow Anthropic's standard release process, documented in the CHANGELOG. Critical security patches are released promptly and documented with issue references.
Security Release Workflow
Security fixes are documented in CHANGELOG.md1-1000 with specific issue numbers and descriptions. Examples include:
All security-related changes can be tracked through the CHANGELOG, which includes anthropics/claude-code issue numbers for traceability.
Sources: CHANGELOG.md1-1000
For enterprise deployments, Claude Code supports managed settings that enforce security policies centrally. This is documented in Configuration Management.
Enterprise Security Controls
Version 2.1.49 introduced the ConfigChange hook event (CHANGELOG.md24) that fires when configuration files change during a session. This enables:
Sources: CHANGELOG.md24-28
Claude Code's security model operates at multiple layers:
For technical implementation details of security features, see Sandbox Environment and Configuration and Permission Model.
Sources: LICENSE.md1 SECURITY.md1-13 README.md60-72 CHANGELOG.md1-1000 .devcontainer/Dockerfile1-92
Refresh this wiki