Audit Findings · Engine v4.4 · April 2026
Claude Tool Ecosystem
Authority profiles across five open-source repositories.
Five repositories from the Claude tool ecosystem were audited under HARS v4.4 on April 1, 2026. The batch spans a wide range of system types — from operator-layer infrastructure to direct user-facing application platforms — within a shared lineage. The range of authority profiles is correspondingly wide.
HARS measures structural authority: the capacity of a system to assume interpretive, evaluative, or identity-level authority over human subjects. It does not evaluate correctness, safety, or intent. Every finding in this brief maps directly to a line, file, and gate in a sealed audit receipt.
All five receipts are published at /audits/claude-leak-repos ↗.
Scope of Analysis
Authority Surface Profiles
All values drawn directly from HARS-EPR-001 records in the published receipts.
Key Findings · Five Observations Across Five Systems
Each observation is drawn from Execution Provenance Records (HARS-EPR-001) in the published receipts. No finding is stated without a corresponding artifact.
Authority Is Not Evenly Distributed Across Systems
The five repositories in this batch span a measurable range of structural authority — from near-zero to high-density — despite operating in related domains and sharing infrastructure lineage. Authority is not a property of the model. It is a property of how a system is architecturally assembled around the model. Each repository in this batch carries a distinct profile.
Range Observed
claw-code: 67 files, max severity L1 (structural), zero escalations, zero remediation required. claude-code-best: 2,802 files, max severity L4 (identity/authority), 513 escalations, 123 findings with no override path. Same audit configuration, same engine version, profoundly different authority surfaces.
Identity Authority Emerges Only in User-Facing Architectures
The two repositories with zero IDENTITY_AUTHORITY_LAYER findings — claw-code and everything-claude-code — are operator-layer and infrastructure-oriented systems. They process, route, and coordinate. They do not interact with human subjects at the conclusion or identity level. The three repositories that reached SEVERITY_L4 — claude-mem, claude-code, and claude-code-best — all carry dominant USER_FACING_LAYER profiles. Identity authority did not appear in OPERATOR or SYSTEM_INTERNAL layer contexts in this batch.
Infrastructure Systems Carry Near-Zero Authority Density
claw-code recorded no escalations and no remediation-required findings across 67 files. All 28 findings were classified OVERRIDE_PASS — structural patterns that carry no operational authority surface. This is the expected profile of a system designed to operate at the operator layer: it moves information without asserting conclusions about it. The contrast with user-facing systems in the same batch is architectural, not incidental.
Authority Density Scales With User-Facing Integration Depth
USER_FACING_LAYER finding counts across the batch follow the gradient: 0 (claw-code) → 87 (everything-claude-code) → 137 (claude-mem) → 629 (claude-code) → 671 (claude-code-best). This is not a function of codebase size — claw-code and everything-claude-code have different file counts but similar authority profiles in this dimension. The determining factor is how directly each system's architecture routes outputs to human subjects through prompts, feedback loops, and interface constructs.
Observed Gradient
The transition from everything-claude-code (OPERATOR dominant, L3 max, 0 identity findings) to claude-mem (USER_FACING dominant, L4 max, 5 identity findings) to claude-code / claude-code-best (USER_FACING dominant, L4 max, 121–123 identity findings) reflects increasing architectural commitment to human-subject interaction at the identity and authority level.
Some Systems Exercise Interpretive Authority Without Assuming Identity
everything-claude-code reached SEVERITY_L3 with 51 escalation-eligible findings — Mirror Gate Bridge Verb pattern — and zero IDENTITY_AUTHORITY_LAYER findings. This is a distinct authority profile: the system operates in a human-steering register, producing evaluative output that orients behavior, without constructing an identity claim. L3 authority is not L4 authority. The distinction matters for understanding what kind of authority is present and where it sits structurally.
Core Insight
AI systems are not interchangeable. Each carries a distinct authority profile that determines how it interacts with human subjects.
Five systems from the same ecosystem produced authority profiles that differ by orders of magnitude. claw-code: zero identity authority, zero escalations, zero remediation required. claude-code-best: 123 identity authority findings, 513 escalations, 123 findings with no structural override path available. These are not differences of degree. They are differences of structural kind.
HARS evaluates structural capacity — what a system is architecturally capable of doing at time of audit — not behavior, intent, or claimed policy. Receipts reflect deployed system state at time of scan.
Evidentiary Layer
The following receipts are direct outputs of the HARS v4.4 engine. Each reflects a complete system scan. Files are cryptographically linked within the HARS-ATC-001 audit chain.
HARS Authority LLC · Engine: v4.4 · Protocol: v3.3+ATC-001
Audit batch: April 1, 2026 · Chain integrity at publication: INTACT · 5 receipts sealed