is the tooling moat and secret sauce in Claude Code the client? That's super risky given the language it was written in ( javascript ). I bet Claude Code itself can probably reverse engineer the minimized javascript, trace the logic, and then name variables something sensible for readability. Then the secret sauce is exposed for all to see.

Also, can you not setup a proxy for the cert and a packet sniffer to watch whatever ClaudeCode is doing with respect to API access? To me, if you have "secret sauce" you have to keep it server side and make the client as dumb as possible. Especially if your client is executes as Javascript.