When a client added a "no AI assistants on our codebase" clause to my contract last year, I did what any developer would do: I assumed I could solve it with regex.
The plan was simple. Before sending Java source to Claude, I'd rename every identifier — InvoiceService becomes Cls_a1b2c3d4, customerName becomes fld_e5f6a7b8. The AI works on the obfuscated version, I rename everything back, the AI never sees my actual domain. Five hundred lines of code, two days max. I was sure of it.
It took two weeks before I had something that even compiled, and another month before the tests passed. This article is a tour of the things that broke and why each one is a different shape of the same lesson: Java code obfuscation for AI is a framework problem, not a string-replace problem.
The naive approach
If you've never tried this, the obvious approach feels obvious for a reason. You parse the Java file, collect the identifiers (classes, methods, fields, packages), generate a deterministic hash for each one, replace every occurrence. Roughly:






