Pretense
Back to Blog
·7 min read
TutorialClaude CodeSetup

Using Pretense with Claude Code: Complete Setup Guide

Step-by-step guide to routing Claude Code through the Pretense proxy for enterprise-grade IP protection.

Why This Combination Matters

Claude Code is the most capable AI coding tool available in 2026. It reads entire file trees, executes terminal commands, accesses clipboard contents, and maintains multi-session context across your project. This capability is also what makes it the highest-IP-risk tool in the category.

When Claude Code runs on a production codebase, it sends more than a single function for review. It sends file contents, terminal output, test results, and scaffolded context that can include hundreds of proprietary identifiers in a single session.

Pretense intercepts that traffic before it leaves your machine. This guide covers the complete setup.

---

What Claude Code Actually Sends to Anthropic

Before configuring protection, it helps to know what you are protecting.

A typical Claude Code session sends:

Session start: project directory structure (file tree)
Per-request: full file contents for any file read or referenced
Terminal output: stdout/stderr from any command Claude runs
Clipboard: content pasted into the session
Multi-turn context: the full conversation including prior code blocks

The file tree alone reveals your architecture. The file contents reveal your implementation. The terminal output can include environment variables, connection strings, and error messages with internal identifiers.

Pretense intercepts all API traffic and applies mutation to code blocks in all of these contexts.

---

Installation

bash
# Install Pretense CLI globally

# Verify installation pretense --version # pretense 0.2.4 ```

For teams using pnpm or yarn:

bash
pnpm add -g pretense
# or
yarn global add pretense

---

Initialization

Run this once per project:

bash
cd your-project
pretense init

This creates `.pretense/config.yaml` with defaults:

yaml
# .pretense/config.yaml
version: 2
provider: anthropic
proxy:
  port: 9339
  host: localhost
mutation:
  enabled: true
  identifiers: true
  strings: false
  comments: scan-only
secrets:
  enabled: true
  block: true
  patterns: all
audit:
  enabled: true
  path: .pretense/audit.log
  format: json

Commit `.pretense/config.yaml` to your repository. Do not commit `.pretense/audit.log` or `.pretense/mutation-map.json` (add these to `.gitignore`).

---

Starting the Proxy

bash
pretense start
# Pretense proxy running on localhost:9339
# Mutation engine initialized
# Provider: Anthropic (api.anthropic.com)
# Secrets scanner: 32 patterns active
# Audit log: .pretense/audit.log

The proxy runs as a local process. For team deployments, you can run it as a system service (see the team rollout section below).

---

Configuring Claude Code

Set the `ANTHROPIC_BASE_URL` environment variable to route Claude Code through Pretense:

bash

# Then use Claude Code normally: claude "review the auth module and suggest improvements" ```

For persistent configuration, add to your shell profile:

bash
# ~/.zshrc or ~/.bashrc
export ANTHROPIC_BASE_URL=http://localhost:9339

Claude Code reads `ANTHROPIC_BASE_URL` natively as its API endpoint. No other configuration changes are needed.

---

What Pretense Protects (and What It Cannot)

**Protected by Pretense:**

- Function names, method names, class names in code blocks - Variable names in function scope - Property names on objects and interfaces - Constructor parameter names - Secrets and credentials matching known patterns (API keys, JWTs, tokens)

**Not protected by Pretense:**

- Commit messages: these are sent as plain text context and not parsed as code identifiers - File paths: Pretense does not mutate directory structures or file names, as these are needed for context - Freeform natural language prompts: "our getUserToken function works by..." cannot be parsed as a code identifier - Secrets in non-code context: a developer typing an API key into the prompt manually is not protected (blocked by the secrets scanner if it matches a known pattern, but not guaranteed)

The core principle: Pretense is a code firewall, not a general DLP tool. It is optimized for the highest-value, highest-volume risk, which is identifier names in code blocks.

---

Verifying It Works

After starting the proxy and setting the environment variable, run a test session:

bash
# Create a test file with identifiable function names
cat > /tmp/test-pretense.ts << 'EOF'
async function processUserPayment(userId: string, amount: number): Promise<void> {
  const customer = await getCustomerRecord(userId);
  await chargeStripeCustomer(customer.stripeId, amount);
}

# Ask Claude Code to review it claude "review /tmp/test-pretense.ts for error handling" ```

Then check the audit log:

bash
pretense audit --last=1

Output:

json
{
  "timestamp": "2026-04-04T10:22:11Z",
  "session": "sess_8f3c",
  "file": "/tmp/test-pretense.ts",
  "model": "claude-opus-4",
  "mutations": [
    { "original": "processUserPayment", "synthetic": "_fn4a2b", "kind": "fn" },
    { "original": "userId", "synthetic": "_v7c1d", "kind": "v" },
    { "original": "getCustomerRecord", "synthetic": "_fn2b8e", "kind": "fn" },
    { "original": "chargeStripeCustomer", "synthetic": "_fn9d1a", "kind": "fn" },
    { "original": "customer", "synthetic": "_v3f6b", "kind": "v" }
  ],
  "secretsBlocked": 0,
  "roundTripFidelity": "100%"
}

The mutations confirm that proprietary identifiers were replaced before transmission. The response from Claude Code will have real identifier names restored, so you get working suggestions with your real function names intact.

---

Team Rollout: Setting ANTHROPIC_BASE_URL at Org Level

For enterprise teams, you want every developer routing through Pretense without manual configuration.

**Option 1: Dotenv at the repo level**

bash
# .env (committed to repo, gitignored values in .env.local)
ANTHROPIC_BASE_URL=http://localhost:9339

Developers running `direnv` or any dotenv-compatible shell will pick this up automatically.

**Option 2: Shell profile via onboarding script**

bash
#!/bin/bash
# scripts/setup-pretense.sh
echo 'export ANTHROPIC_BASE_URL=http://localhost:9339' >> ~/.zshrc
echo 'export ANTHROPIC_BASE_URL=http://localhost:9339' >> ~/.bashrc
curl -fsSL https://pretense.ai/install.sh | sh
pretense init
echo "Pretense configured. Run 'pretense start' before using Claude Code."

**Option 3: CI gate**

Add a step to your CI pipeline that fails if any outbound request to `api.anthropic.com` originated without passing through the Pretense mutation layer. Pretense adds a custom header (`X-Pretense-Session`) to all proxied requests that CI can verify.

**Option 4: Team-wide proxy server**

For air-gapped or high-security environments, run Pretense as a shared proxy on your internal network. Developers point `ANTHROPIC_BASE_URL` at the internal proxy address instead of localhost:

bash
# Deploy on internal server

# Developer machines export ANTHROPIC_BASE_URL=http://pretense.internal.company.com:9339 ```

The team proxy approach centralizes audit logging: all mutation logs aggregate to one location for compliance export.

---

Reading the Mutation Log

The audit log at `.pretense/audit.log` is newline-delimited JSON. Each line is one session:

bash
# View last 10 sessions

# Export for SOC2 evidence pretense audit --export=csv --range=90d --output=ai-tool-audit.csv

# Search for specific identifier pretense audit --search=processPayment ```

The CSV export is formatted for direct submission to SOC2 audit evidence packages and is compatible with Drata, Vanta, and Secureframe.

[Get started at pretense.ai/docs](/docs)

Share this article

Share on XShare on LinkedIn
Get Started with Pretense →More Articles