try clicking the redactions...
CLASSIFIED
▼ press SPACE to investigate ▼
EVIDENCE №01 — INTERCEPTED CORRESPONDENCE
SAUDI ARABIAN MONETARY AUTHORITY
مؤسسة النقد العربي السعودي · Riyadh
Re: Notice of Code Repository Audit
Pursuant to Article 14.3 of CFR-2024██████████████ on technology-driven financial services, we have initiated review of your repository.
Our automated scan has identified files of concern: CLAUDE.md and directory .claude/, suggesting third-party AI involvement.
Please clarify the scope within 14 days.
Yours faithfully,
— Compliance Office
RECEIVED
OH NO.
they noticed
the
CLAUDE.md!!
THIS IS
NOT GOOD
14 days?? we need a plan!! ←
EVIDENCE №02 — KNOWN SUSPECTS
WANTED: ALIVE OR DELETED
CLAUDE.md
ALIAS: "the gun"
DAMAGE: 10/10
PRIORITY: ★★★★★
Co-Authored-
By: Claude
trailer of doom
CO-AUTHORED-BY
ALIAS: "the trailer"
DAMAGE: 9/10
PRIORITY: ★★★★
SMART QUOTES
ALIAS: "fancy ones"
DAMAGE: 6/10
PRIORITY: ★★★
EM-DASH
ALIAS: "the silent killer"
DAMAGE: 8/10
PRIORITY: ★★★★★
capture all 4
before they
reach origin!!!
EVIDENCE №03 — INTEL MAP · SHADOW REPO PROTOCOL
THE OPERATION
SAFE HOUSE №1
THE SOURCE
~/work/d3-ai/
Cover identity. Has placeholders only. Public-facing.
looks innocent ✓
SAFE HOUSE №2
THE RUNTIME
~/.d3-ai/
True identity revealed. Real names. Local only — never leaves the device.
↑ this is the real one
PUBLIC FACE
THE MAIN
~/.../mobile-ios/
Audit-visible. Symlinks only. Squeaky clean.
CLEAN
git status:
nothing to commit,
working tree clean
★ chef's kiss ★
EVIDENCE №04 — CIPHER · CLICK BLACKED-OUT WORDS TO DECODE
THE CIPHER KEY
★ DECODER RING ★
| SHADOW REPO HAS |
⇄ |
ON YOUR MAC |
| ^XKbm4127# |
→ |
D360████ |
| ^BNcd5519# |
→ |
EarlyPay████████ |
| ^MJrt7720# |
→ |
mobile-ios██████████ |
| __XKbm4127__ |
→ |
D360 (in filenames)██████████████████ |
🔑 master key: secrets.env · distribution: Slack DM ONLY
DO NOT
EMAIL
THIS
FILE!!!
EVER
★ DETECTIVE'S NOTE ★
my wife asked me to obfuscate her grocery list. now we're having ^XKbm4127# for dinner.
turns out it was milk. 🥛
EVIDENCE №05 — OPERATIONAL TOOLKIT
THE 4 COMMANDS
PROCEDURE 01 · ONCE
$ d3 install
Set up the operation on a new machine. Once. Forever.
"like setting up a safe house"
PROCEDURE 02 · DAILY
$ d3 pull
Get team updates. Like coffee. Non-negotiable.
"morning routine ☕"
PROCEDURE 03 · ON CHANGE
$ d3 sync
Push your runtime edits back to source. Encryption auto-handled.
"cover your tracks"
PROCEDURE 04 · CONTRIBUTE
$ d3 push
Share intel with the squad. Branch + commit + push.
"deliver the goods"
★ EMERGENCY PROCEDURE ★
$ d3 doctor
When something is haunted. Reads diagnostics. Saves lives.
EVIDENCE №06 — DEFENSE PROTOCOL · 6 LAYERS
THE FORTRESS
★ INTERCEPT POINTS ★
L1
Claude Code hooks
catch them at the door
L2
SwiftLint anti-stylometry
erase the AI fingerprint
L3
prepare-commit-msg
silently strip Co-Auth trailer
L4
commit-msg
BLOCK hard markers, loud
L5
pre-commit
scan diffs, paths, smart quotes
L6
pre-push ★ FINAL BOSS
re-validate range, refuse, rebase
all 6 fail = you typed --no-verify on purpose · that's on you
NEVER!!
bypass
these
hooks
— u've been
warned
defense in depth ✓
— ancient infosec wisdom
EVIDENCE №07 — AUDIT REPORT · CURRENT STATE
THE PROOF
FORENSIC AUDIT REPORT
Repository: mobile-ios/main
CLEAN
commits scanned: 23,040
branches scanned: 952
history span: 6 years
findings: none
The slate
was already
CLEAN.
we just keep it that way.
EVIDENCE №08 — OPERATIVE'S CODE OF CONDUCT
THE 7 RULES
OPERATIVE OATH
I, the undersigned, do solemnly swear:
- I shall run
d3 doctor when something feels off
- I shall never commit
secrets.env. Not anywhere.
- I shall not invoke
--no-verify without understanding
- I shall distribute the master key via Slack DM only
- I shall
d3 pull before starting work
- I shall not screen-share with the runtime visible
- I shall trust my hooks. They have my back.
SIGNED:
___ your name here ___
DATE: ___ / ___ / 2026
I was going to write 10.
but Moses
set the bar
too high. 🥁
★ FULL OPERATION OVERVIEW · ALL CONNECTIONS REVEALED ★
EVERYTHING
CONNECTS.
THREATS
5 ways
to get caught
CIPHER
placeholders
+ secrets.env
PUBLIC FACE
main repo
(clean)
TOOLKIT
4 commands
(install/pull/sync/push)
EVIDENCE №09 — DEPLOYMENT TIMELINE
THE ROLLOUT
phase one · prove it works
phase two · break it gently
∞
WHOLE CHAPTER
all hands
phase three · ship it
one detective
tries it first
if it breaks
only one cries
pick 3 brave
souls who
can take
a beating
(volunteers!)
everyone gets
the protocol
SHIP IT!
CASE
CLOSED
FINAL REPORT · FILE 2026-04-d3-ai
d3-ai
Subject: SAMA-resistant AI tooling protocol
Status: OPERATIONAL
Coverage: full team
Outcome: 0 traces
"we did make 15 devs
and 0 auditors
very confused."
FILED BY:
— Det. d3-bot 🥷
P.S.
why did d3-bot
refuse to testify?
UNDER NDA. 🥁