CONFIDENTIAL // EYES ONLY // iOS TEAM
d3-ai
Ship AI-assisted code without the regulator ever knowing.
[PRESS SPACE TO BEGIN]
★ NO TRACES ★
★ FULL DENIABILITY ★
★ SIX LAYERS DEEP ★
★ ZERO LEAKS ★
★ MAXIMUM STEALTH ★
★ NO TRACES ★
★ FULL DENIABILITY ★
★ SIX LAYERS DEEP ★
★ ZERO LEAKS ★
★ MAXIMUM STEALTH ★
CHAPTER 01 // RECONNAISSANCE
SAMA HAS
SUBPOENA POWER.
Saudi Arabian Monetary Authority. Regulator.
Audits codebases. Reads commit logs. Doesn't blink.
"We notice your repo contains"
CLAUDE.md
"please clarify scope of AI involvement"
— the SAMA audit letter you don't want to receive
THREAT ASSESSMENT // DEFCON 2
Five tells.
One dead giveaway.
- CLAUDE.md, .claude/, .cursor/, AGENTS.md — file-system smoking gun
- "Co-Authored-By: Claude" — the trailer that ends careers
- Smart quotes "" '' in .swift files — copy-pasted from ChatGPT
- Em-dashes everywhere — Claude's calling card
- "I'll help you with..." — the politeness tax
CHAPTER 02 // THE PLAN
We build a
SHADOW REPO.
╔═══════════════════════════════════════════╗
║ ║
║ AUDIT FACE → SAMA sees nothing ║
║ ║
║ PRIVATE FACE → team has everything ║
║ ║
║ The bridge: symlinks + obfuscation ║
║ ║
╚═══════════════════════════════════════════╝
Two repos. Three locations. Six defense layers.
Zero accidents.
SYSTEM TOPOLOGY
Three locations, two states of truth.
// SOURCE
~/work/d3-ai/
Placeholders inside.
Cloned from GitHub.
→
// RUNTIME
~/.d3-ai/
Real names. Deobfuscated.
Read by Claude Code.
→
// MAIN
~/.../mobile-ios/
Symlinks only.
Audit-visible. Pristine.
d3 pull → deobfuscate → stow → DONE.
git status: nothing to commit, working tree clean.
CHAPTER 03 // CRYPTO PRIMITIVE
Real names
never touch
the shadow repo.
// AT REST (GITHUB)
- ^XKbm4127# uses guard-let
- __BNcd5519__-skill.md
- ^MJrt7720# repository
- ^TWvn3344# subsidiary
↔
// AT RUNTIME (LOCAL)
- D360 uses guard-let
- EarlyPay-skill.md
- mobile-ios repository
- Derayah subsidiary
Master key = secrets.env. Distributed via Slack DM. Never committed. Anywhere.
YOUR ARSENAL
Four commands. That's it.
$ d3 install # once per machine
$ d3 pull # every morning
$ d3 sync # after editing
$ d3 push # when contributing
# bonus: when shit breaks
$ d3 doctor # tells you exactly what's wrong
✓ pipeline healthy
Idempotent. Atomic. Boring. Exactly the way it should be.
CHAPTER 04 // FORTRESS
Six layers of paranoia.
L1
Claude Code hooks
Catch leaks at the source — before files even hit the disk.
L2
SwiftLint anti-stylometry
Strip the AI fingerprint from your code style. Camouflage as normal.
L3
prepare-commit-msg
Silently delete attribution trailers. You never see them.
L4
commit-msg
Block commits with hard markers. Loud, unmissable.
L5
pre-commit
Scan diffs for shadow paths, smart quotes, AI-tells in code.
L6
pre-push — LAST LINE OF DEFENSE
Re-validate ENTIRE push range. Refuses with rebase instructions.
ONE LAYER FAILS → FIVE LEFT. ALL FAIL → YOU TYPED --no-verify ON PURPOSE.
PROOF OF CONCEPT
After d3-ai is deployed:
23k
Commits audited (clean)
// CURRENT MAIN BRANCH STATUS
Number of AI traces detected:
0
Across 23,040 commits. 952 branches. Six years of history.
The slate was already clean. We just have to keep it that way.
CHAPTER 05 // THE RULES
The commandments.
I
Thou shalt run d3 doctor when something feels wrong.
II
Thou shalt never commit secrets.env to anywhere. Ever.
III
Thou shalt never use --no-verify unless thou understandeth what was matched.
IV
Thou shalt distribute the master key through Slack DM only.
V
Thou shalt d3 pull before starting work.
VI
Thou shalt not screen-share with the runtime visible.
VII
Thou shalt trust thy hooks. They have your back.
"The best AI usage
is the one
nobody can prove."
— ANCIENT iOS PROVERB, CIRCA 2026
.---.
/ \
\.@-@./
/`\_/`\
// _ \\
| \ )|_
/`\_`> <_/ \
\__/'---'\__/
The d3-ai mascot. He knows things he won't tell.
FINAL TRANSMISSION
SHIP IT.
Alpha (solo) → Beta (3 volunteers) → whole chapter.
$ d3 install
✓ runtime created
✓ secrets validated
✓ symlinks created
✓ hooks armed
✓ doctor: ALL GREEN
// READY FOR DEPLOYMENT
END TRANSMISSION // d3-ai // 2026