feat: fix PRNG algorithm and add native Bun cracker

[CoreSheep]

Summary

Built on top of the reverse-engineering work from claude-buddy-hatchery. While using the original hatch.py, I discovered a critical algorithm mismatch that produces incorrect companion results. This PR adds corrected native Bun scripts and includes the original Python implementation for reference.

What was the problem

The original hatch.py uses SplitMix32 as its PRNG, but the actual Claude Code binary (2.1.89+) uses Mulberry32. These are different algorithms with different output sequences — meaning every cracked userID from hatch.py produces the wrong companion when used in the real Claude Code client.

Additionally, hatch.py cracks 64-char hex userID strings, but Claude Code actually seeds the companion from accountUuid (a 36-char UUID format like 8df629b4-c274-22d7-4b23-c2993422180d).

Key differences found

	hatch.py (original)	crack.mjs / verify.mjs (this PR)
PRNG	SplitMix32	Mulberry32 (matches binary)
Target field	userID (64-char hex)	accountUuid (36-char UUID)
Runtime	Python + subprocess to Bun	Native Bun (single process)
Hash	Bun.hash via subprocess (or FNV-1a fallback)	Bun.hash native

What's included

crack.mjs — Native Bun companion cracker

• Uses the correct Mulberry32 PRNG (verified against the binary)
• Cracks accountUuid (the field Claude Code actually reads)
• Generates proper 36-char UUID candidates
• Runs entirely in Bun — no subprocess overhead, millions of hashes/sec

verify.mjs — UUID verification tool

• Takes a cracked UUID and outputs the full companion roll (rarity, species, eye, hat, shiny, stats)
• Uses the exact same algorithm as the Claude Code binary
• Useful for confirming crack results before injecting

hatch.py — Original Python hatchery (reference)

• Full Python reimplementation from cminn10/claude-buddy-hatchery
• Beautiful ASCII art card rendering, interactive mode, hunt/crack modes
• Note: Still uses SplitMix32 — results won't match the real client but the UI/UX is excellent for exploration

How I found the issue

1. Cracked a "legendary shiny dragon" UUID using hatch.py
2. Injected it into .claude.json and ran /buddy
3. Got a completely different companion (wrong species, wrong rarity)
4. Diffed the PRNG constants against the decompiled binary — discovered hatch.py implements SplitMix32 but the binary uses Mulberry32
5. Built crack.mjs with the correct algorithm, verified results match

Future improvements

• Upstream the Mulberry32 fix to claude-buddy-hatchery
• Add accountUuid cracking mode to hatch.py (Python Mulberry32 implementation)
• GPU-accelerated cracking for shiny+legendary combos (~1/10M odds)
• Batch verification tool for sharing cracked UUIDs

Usage

# Crack a legendary dragon
bun crack.mjs "legendary dragon"

# Crack a shiny capybara
bun crack.mjs "shiny capybara"

# Verify a cracked UUID
bun verify.mjs <uuid>

Credits

• Original reverse-engineering and hatchery: cminn10/claude-buddy-hatchery
• PRNG fix and native Bun cracker: this PR

🤖 Generated with Claude Code

Summary by CodeRabbit

New Features

• Companion creature generation system with deterministic traits (species, rarity, appearance, shininess)
• Hunt mode to brute-force search for companions matching specific criteria
• Crack mode to discover userIDs that produce desired companion configurations
• Verification utility to inspect companion attributes from any userID
• Interactive trait selection and formatted terminal display of companion details

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR adds three new executable scripts implementing a creature companion generation system: crack.mjs and verify.mjs (JavaScript) derive and reverse-engineer creature attributes from UUIDs using seeded PRNGs, while hatch.py (Python) provides a comprehensive CLI with hatching, hunting, and cracking modes for companion generation.

Changes

Cohort / File(s)

Summary

Creature Companion System crack.mjs, hatch.py, verify.mjs

New executable scripts for deterministic creature generation with PRNG-based attribute derivation. JavaScript scripts handle UUID verification and brute-force candidate searching. Python CLI provides interactive hatching, hunt mode (batch seed generation via Bun), and crack mode (reverse-engineering userIDs). Features include hashing strategies (Bun CLI with FNV-1a fallback), rarity/species/eye/hat/stat derivation, and formatted terminal output with ASCII art.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Python as Python (hatch.py)
    participant Bun as Bun CLI
    participant JS as verify.mjs
    
    User->>Python: --crack --target "rare species"
    Python->>Python: Interactive trait selection
    Note over Python: Generate random userID candidates
    loop Until match found
        Python->>Bun: Generate batch hashes for candidates
        Bun-->>Python: Hash values
        Python->>Python: Derive attributes via PRNG
        Python->>Python: Check if matches target criteria
    end
    Python->>JS: Execute with matched userID
    JS-->>Python: JSON attributes from verify
    Python->>Python: Verify match & display companion
    Python-->>User: Print cracked userID + companion details

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Poem

🐰 With hashes and random seeds we play,
Generating companions in every way!
Hunt through the UUID sky so wide,
Crack the code with PRNG guide,
Verify each creature with delight,
Our Buddy Hatchery shines so bright! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 51.35% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the two main changes: fixing the PRNG algorithm (from SplitMix32 to Mulberry32) and adding a native Bun cracker implementation.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 7

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@crack.mjs`:
- Around line 99-100: The log currently emits the cracked value under the wrong
key `userid`; change the output to use the correct `accountUuid` (or `uuid`) key
instead by replacing the `userid: candidate` entry in the JSON payload with
`accountUuid: candidate` (keeping the rest of the object spread of `result`,
`attempts`, and `elapsed_sec` intact), so the console.log(JSON.stringify(...))
call reflects the correct field name for downstream consumers.
- Around line 62-64: The current substring matching using target.includes(...)
causes "uncommon" to match "common"; change matching in the
wantRarity/wantSpecies detection to test whole tokens instead: split/tokenize
the target string (e.g., on whitespace/punctuation) into normalized words and
check if any token equals an entry from RARITIES or SPECIES, or alternatively
use word-boundary regex (\b) when testing each r in RARITIES and s in SPECIES;
update the blocks that set wantRarity and wantSpecies to use this exact-token
check against target instead of includes to avoid partial matches.

In `@hatch.py`:
- Around line 572-580: The parsing loops for RARITIES and SPECIES wrongly match
shorter tokens like "common" before "uncommon", causing want_rarity/want_species
to be set incorrectly in hunt() and crack(); fix by matching longest tokens
first or using whole-word/token comparison: reorder or sort RARITIES and SPECIES
by descending length (or split target into words and compare for equality)
before the for-loops that set want_rarity and want_species so "uncommon" will be
matched before "common".
- Around line 635-640: The Bun crack flow is still generating 64-char hex
"userID" values and instructing users to edit "userID"; change this to generate
and use 36-char UUIDs (accountUuid) to match the validated client flow: replace
the random 64-char hex generator with a UUID v4 generator, update all literal
"userID" usages to "accountUuid", ensure Bun.hash and the SplitMix32
seeding/forward steps consume the 36-char UUID string (or its exact canonical
bytes) the real client hashes, and update comments/outputs accordingly (also
apply the same replacements where "userID" appears in the other occurrences
noted).
- Around line 845-850: The verification currently only compares verified.rarity
and verified.species so other fields (eye, hat, shiny, stats, etc.) can differ
and still print "matches"; update the check in the hatch verification block
(where hatch(userid) is assigned to verified and compared to comp) to compare
the entire companion object—either call a comprehensive equality method (e.g.,
implement/use Companion.__eq__ or a compare_companions(verified, comp) helper)
or explicitly check all relevant attributes (verified.eye, verified.hat,
verified.shiny, verified.stats, rarity, species) and only print the success
message when all fields match, otherwise print the warning.
- Around line 779-781: The guard in _interactive_select(mode="crack") only
checks want_rarity, want_species, and want_shiny and therefore wrongly rejects
valid hat-only or eye-only searches; update the conditional to include the
hat/eye flags (e.g., want_hat and want_eye) so the check becomes "if not
(want_rarity or want_species or want_shiny or want_hat or want_eye):" and also
update the printed prompt to list 'hat' and 'eye' along with RARITIES, SPECIES
and 'shiny' so the user message accurately reflects the selectable traits.

In `@verify.mjs`:
- Around line 77-81: The current top-level code in verify.mjs falls back to a
hard-coded UUID by using process.argv[2] || '<sample>', so change the behavior
to require an explicit UUID: remove the default fallback and check the variable
(uuid from process.argv[2]) and if missing print a concise usage/error message
and exit non‑zero; keep the existing SALT, hashString and roll calls but only
run them when uuid is provided. Locate the usage around the uuid assignment and
the console.log calls (symbols: process.argv[2], uuid, SALT, hashString, roll)
and implement the guard that prints usage and calls process.exit(1) when no UUID
is supplied.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 525783dd-d7ec-40ae-9ff0-7d3d152427f8

📥 Commits

Reviewing files that changed from the base of the PR and between f66f3ab and 679dc4a.

📒 Files selected for processing (4)

• CLAUDE.md
• crack.mjs
• hatch.py
• verify.mjs

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Parse target traits as whole tokens.

target.includes(r) makes "uncommon" match "common" first, so an uncommon request is cracked as common. Tokenize the input or use word boundaries before matching rarities/species.

Proposed fix

-let wantRarity = null, wantSpecies = null, wantShiny = target.includes('shiny')
-for (const r of RARITIES) { if (target.includes(r)) { wantRarity = r; break } }
-for (const s of SPECIES) { if (target.includes(s)) { wantSpecies = s; break } }
+const tokens = new Set(target.split(/\s+/).filter(Boolean))
+let wantRarity = null, wantSpecies = null, wantShiny = tokens.has('shiny')
+for (const r of RARITIES) { if (tokens.has(r)) { wantRarity = r; break } }
+for (const s of SPECIES) { if (tokens.has(s)) { wantSpecies = s; break } }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	let wantRarity = null, wantSpecies = null, wantShiny = target.includes('shiny')
	for (const r of RARITIES) { if (target.includes(r)) { wantRarity = r; break } }
	for (const s of SPECIES) { if (target.includes(s)) { wantSpecies = s; break } }
	const tokens = new Set(target.split(/\s+/).filter(Boolean))
	let wantRarity = null, wantSpecies = null, wantShiny = tokens.has('shiny')
	for (const r of RARITIES) { if (tokens.has(r)) { wantRarity = r; break } }
	for (const s of SPECIES) { if (tokens.has(s)) { wantSpecies = s; break } }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@crack.mjs` around lines 62 - 64, The current substring matching using
target.includes(...) causes "uncommon" to match "common"; change matching in the
wantRarity/wantSpecies detection to test whole tokens instead: split/tokenize
the target string (e.g., on whitespace/punctuation) into normalized words and
check if any token equals an entry from RARITIES or SPECIES, or alternatively
use word-boundary regex (\b) when testing each r in RARITIES and s in SPECIES;
update the blocks that set wantRarity and wantSpecies to use this exact-token
check against target instead of includes to avoid partial matches.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Don’t publish the cracked UUID as userid.

This tool is explicitly cracking UUID/accountUuid values, but the success payload still uses the old userid key. That makes it easy for downstream consumers to keep wiring the wrong field.

Proposed fix

-  console.log(JSON.stringify({ userid: candidate, ...result, attempts, elapsed_sec: elapsed }))
+  console.log(JSON.stringify({ accountUuid: candidate, ...result, attempts, elapsed_sec: elapsed }))

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const elapsed = ((performance.now() - start) / 1000).toFixed(2)
	console.log(JSON.stringify({ userid: candidate, ...result, attempts, elapsed_sec: elapsed }))
	const elapsed = ((performance.now() - start) / 1000).toFixed(2)
	console.log(JSON.stringify({ accountUuid: candidate, ...result, attempts, elapsed_sec: elapsed }))

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@crack.mjs` around lines 99 - 100, The log currently emits the cracked value
under the wrong key `userid`; change the output to use the correct `accountUuid`
(or `uuid`) key instead by replacing the `userid: candidate` entry in the JSON
payload with `accountUuid: candidate` (keeping the rest of the object spread of
`result`, `attempts`, and `elapsed_sec` intact), so the
console.log(JSON.stringify(...)) call reflects the correct field name for
downstream consumers.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

uncommon is parsed as common in both CLI paths.

Both loops check if r in target.lower() while iterating RARITIES in ["common", "uncommon", ...] order. A target like uncommon shiny matches common first, so hunt() and crack() search for the wrong rarity.

Also applies to: 770-777

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@hatch.py` around lines 572 - 580, The parsing loops for RARITIES and SPECIES
wrongly match shorter tokens like "common" before "uncommon", causing
want_rarity/want_species to be set incorrectly in hunt() and crack(); fix by
matching longest tokens first or using whole-word/token comparison: reorder or
sort RARITIES and SPECIES by descending length (or split target into words and
compare for equality) before the for-loops that set want_rarity and want_species
so "uncommon" will be matched before "common".

[coderabbitai]

⚠️ Potential issue | 🟠 Major

This crack flow still targets the old identifier.

It brute-forces 64-char hex userIDs and tells users to edit "userID", while the validated Bun flow elsewhere in this PR moved to 36-char UUID/accountUuid values. Keeping this path as-is will keep generating values the real client never hashes.

Also applies to: 689-693, 733-735, 856-859

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@hatch.py` around lines 635 - 640, The Bun crack flow is still generating
64-char hex "userID" values and instructing users to edit "userID"; change this
to generate and use 36-char UUIDs (accountUuid) to match the validated client
flow: replace the random 64-char hex generator with a UUID v4 generator, update
all literal "userID" usages to "accountUuid", ensure Bun.hash and the SplitMix32
seeding/forward steps consume the 36-char UUID string (or its exact canonical
bytes) the real client hashes, and update comments/outputs accordingly (also
apply the same replacements where "userID" appears in the other occurrences
noted).

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Hat-only / eye-only interactive searches are blocked.

_interactive_select(mode="crack") lets users choose hat and eye, but this guard ignores both fields and rejects the request unless rarity/species/shiny is also set.

Proposed fix

-    if not want_rarity and not want_species and not want_shiny:
-        print(f"  Specify at least one trait: {', '.join(RARITIES + SPECIES + ['shiny'])}")
+    if not any([want_rarity, want_species, want_shiny, want_hat, want_eye]):
+        print("  Specify at least one trait.")
         return

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if not want_rarity and not want_species and not want_shiny:
	print(f" Specify at least one trait: {', '.join(RARITIES + SPECIES + ['shiny'])}")
	return
	if not any([want_rarity, want_species, want_shiny, want_hat, want_eye]):
	print(" Specify at least one trait.")
	return

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@hatch.py` around lines 779 - 781, The guard in
_interactive_select(mode="crack") only checks want_rarity, want_species, and
want_shiny and therefore wrongly rejects valid hat-only or eye-only searches;
update the conditional to include the hat/eye flags (e.g., want_hat and
want_eye) so the check becomes "if not (want_rarity or want_species or
want_shiny or want_hat or want_eye):" and also update the printed prompt to list
'hat' and 'eye' along with RARITIES, SPECIES and 'shiny' so the user message
accurately reflects the selectable traits.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Verify the full companion before printing “matches”.

This currently compares only rarity and species, so a mismatch in eye, hat, shiny, or stats still reports a successful verification.

Proposed fix

-    if verified.rarity != comp.rarity or verified.species != comp.species:
+    if (
+        verified.rarity != comp.rarity
+        or verified.species != comp.species
+        or verified.eye != comp.eye
+        or verified.hat != comp.hat
+        or verified.shiny != comp.shiny
+        or verified.stats != comp.stats
+    ):
         print(f"  {BOLD}WARNING: verification mismatch — hash inconsistency{RESET}")
     else:
         print(f"  {DIM}Verified: hatch(userID) matches Bun output{RESET}")

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# Verify with our own pipeline
	verified = hatch(userid)
	if verified.rarity != comp.rarity or verified.species != comp.species:
	print(f" {BOLD}WARNING: verification mismatch — hash inconsistency{RESET}")
	else:
	print(f" {DIM}Verified: hatch(userID) matches Bun output{RESET}")
	# Verify with our own pipeline
	verified = hatch(userid)
	if (
	verified.rarity != comp.rarity
	or verified.species != comp.species
	or verified.eye != comp.eye
	or verified.hat != comp.hat
	or verified.shiny != comp.shiny
	or verified.stats != comp.stats
	):
	print(f" {BOLD}WARNING: verification mismatch — hash inconsistency{RESET}")
	else:
	print(f" {DIM}Verified: hatch(userID) matches Bun output{RESET}")

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@hatch.py` around lines 845 - 850, The verification currently only compares
verified.rarity and verified.species so other fields (eye, hat, shiny, stats,
etc.) can differ and still print "matches"; update the check in the hatch
verification block (where hatch(userid) is assigned to verified and compared to
comp) to compare the entire companion object—either call a comprehensive
equality method (e.g., implement/use Companion.__eq__ or a
compare_companions(verified, comp) helper) or explicitly check all relevant
attributes (verified.eye, verified.hat, verified.shiny, verified.stats, rarity,
species) and only print the success message when all fields match, otherwise
print the warning.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Require an explicit UUID here.

Falling back to a hard-coded sample makes a missing argument look like a successful verification run. For a verifier CLI, returning a usage error is safer than silently checking the demo value.

Proposed fix

-const uuid = process.argv[2] || '8df629b4-c274-22d7-4b23-c2993422180d'
+const uuid = process.argv[2]
+if (!uuid) {
+  console.error('Usage: bun verify.mjs "<uuid>"')
+  process.exit(1)
+}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const uuid = process.argv[2] || '8df629b4-c274-22d7-4b23-c2993422180d'
	console.log('UUID:', uuid)
	console.log('Key:', uuid + SALT)
	console.log('Hash:', hashString(uuid + SALT))
	console.log('Result:', JSON.stringify(roll(uuid), null, 2))
	const uuid = process.argv[2]
	if (!uuid) {
	console.error('Usage: bun verify.mjs "<uuid>"')
	process.exit(1)
	}
	console.log('UUID:', uuid)
	console.log('Key:', uuid + SALT)
	console.log('Hash:', hashString(uuid + SALT))
	console.log('Result:', JSON.stringify(roll(uuid), null, 2))

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@verify.mjs` around lines 77 - 81, The current top-level code in verify.mjs
falls back to a hard-coded UUID by using process.argv[2] || '<sample>', so
change the behavior to require an explicit UUID: remove the default fallback and
check the variable (uuid from process.argv[2]) and if missing print a concise
usage/error message and exit non‑zero; keep the existing SALT, hashString and
roll calls but only run them when uuid is provided. Locate the usage around the
uuid assignment and the console.log calls (symbols: process.argv[2], uuid, SALT,
hashString, roll) and implement the guard that prints usage and calls
process.exit(1) when no UUID is supplied.

[brrock]

This should be properly intergrated into the atucal buddy code, not just be a few bash sricpts