You stay in control. Claude explains the pitfalls.
Demeanor ships an MCP server — 20 tools your AI agent can call to
inspect your assemblies and your source. Claude reads your code, explains in plain
English exactly what would break after obfuscation and why, and proposes
specific fixes: an exclusion rule here, an [Obfuscation] attribute there,
a CLI option for the build. You read the explanation. You choose the fix.
Claude then updates the Demeanor configuration accordingly.
demeanor --mcp. It communicates over local stdio
— no network sockets, no cloud calls, no telemetry. The CLI, MSBuild task,
and every protection feature work identically without it. Safe for air-gapped
and regulated builds.
Claude advises. You decide. Claude applies.
Obfuscation has always been hard because every app has its own reflection, serialization, and framework pitfalls. Claude reads your code and surfaces your specific risks — then waits for you.
What Claude does
- Runs the Demeanor audit against your compiled assemblies
- Reads your source to confirm each finding in context
- Explains each risk in plain English — what would break, why, and when
- Proposes concrete fixes: exclusion rules, attributes, CLI flags, or code changes
- Shows tradeoffs: smaller attack surface vs. more exclusions, each with a rationale
- Once you approve, writes the configuration, updates the
.csproj, runs a dry-run, and reports the diff
What you do
- Read the explanation — Claude cites the exact file and line for every risk
- Decide which fix fits your app: exclude a type, annotate it, or change the code
- Accept, reject, or edit each proposed change before it’s written
- Review the dry-run diff; approve the final obfuscation
- Ship with confidence — the CI build runs Demeanor unattended, no AI in the pipeline
What one conversation looks like
9:14 — A senior .NET engineer opens Claude Code in her
product repo. She types /obfuscate.
9:15 — Claude calls demeanor_audit and reads
the findings back to her in plain English. Three risks stand out: EF Core entity
types routed by reflection, a SignalR hub invoked by method name, and a
JsonSerializer<T> call on a DTO. For each, Claude cites the file
and line, explains what would break at runtime, and lays out the options.
9:18 — She reads the tradeoffs. For the EF types she picks “exclude the entity namespace” over attributes — less code churn. For the SignalR hub she decides to rename the method and keep it excluded. She tells Claude what she wants.
9:20 — Claude writes the [Obfuscation]
attributes and a Directory.Build.props entry to match her decisions,
runs demeanor_obfuscate in dry-run mode, and shows her the report
diff. She reads it and approves.
9:22 — Claude commits the config, updates the CI
workflow, and reminds her to set DEMEANOR_LICENSE as a secret. The
Release build in GitHub Actions is now obfuscated — no AI in the build
pipeline, just dotnet publish.
Two weeks later — A customer reports a crash with an
obfuscated stack trace. She pastes it into Claude. Claude calls
demeanor_deobfuscate_stacktrace, reads the mapped frames against the
source tree, and proposes a fix in a pull request. She reviews it and merges.
20 failure patterns Claude can explain to you
Every other obfuscator makes you discover these the hard way — broken at runtime, days of debugging. Demeanor’s audit finds them before obfuscation runs; Claude explains each one in the context of your code so you know what to do.
Auto-handled
No action needed. Demeanor detects and preserves these automatically; Claude tells you it found them so you aren’t surprised.
- JSON serialization (JsonSerializer<T>, [JsonSerializable])
- INotifyPropertyChanged / INotifyPropertyChanging
- Blazor [Parameter], [Inject], [CascadingParameter]
- String-based reflection (Type.GetType, GetMethod, GetField)
- WCF [DataContract] / [DataMember]
- DLR / dynamic dispatch
- COM interop
- XML serialization attributes
Needs your decision
Claude explains the risk, proposes the options, and waits for you to choose.
- SignalR Hub methods (invoked by name from clients)
- MVC/API Controllers (routed by name)
- EF Core DbContext + entity types
- IOptions<T> configuration binding
- MEF [Export] / [Import] plugins
- gRPC service types
- WPF/XAML BAML data bindings
- Minimal API handler return types
The experience gap (by design)
Standalone users have every capability. Claude users get the explanations, tradeoffs, and context on top — so the decisions they make are better informed.
| Task | Standalone CLI | With Claude |
|---|---|---|
| Audit | Read terminal table, interpret yourself | Claude explains each risk against your code; you decide |
| Configure | Wizard asks Y/N questions | Claude lays out tradeoffs; you choose; Claude writes it |
| Debug crash | deobfuscate maps names; you investigate | Claude maps names, reads your code, proposes a root cause |
| CI failure | audit + report to find what changed | Claude diffs reports, explains what changed, proposes a fix |
| Exclusion rules | Trial-and-error with validate-exclusions | Claude explains the rule syntax and what your proposed rule will cover |
| New pattern | Manual discovery, read docs | Claude detects it, explains it, remembers it for next session |
No other .NET obfuscator ships an MCP server
As of April 2026, verified across the 12 active .NET obfuscators in the market. See full comparison →
| Demeanor | Dotfuscator | SmartAssembly | Eazfuscator | .NET Reactor | |
|---|---|---|---|---|---|
| AI explains risks in your code | Yes | No | No | No | No |
| AI stack trace decoding | Yes | No | No | No | No |
| Pre-obfuscation audit | Yes (20 patterns) | No | No | No | No |
| Learns from failures | Yes | No | No | No | No |
| MCP integration | 20 tools | No | No | No | No |
Setup in 60 seconds
1. Install Demeanor (one command)
dotnet tool install -g WiseOwl.DemeanorNative AOT global tool. Installs demeanor and inspect on PATH. On first invocation, demeanor auto-installs the /obfuscate skill into ~/.claude/skills/ and registers itself as an MCP server in ~/.claude.json. No additional configuration needed.
2. Set your license key
export DEMEANOR_LICENSE="your-enterprise-key"3. Type /obfuscate in Claude Code
Claude runs the audit, explains what it found, and waits for your decisions.
Every obfuscator on the market requires your developers to learn a configuration language, manually identify reflection risks, and debug obfuscated failures through trial and error. That expertise takes weeks to build and walks out the door when the developer leaves.
Demeanor is the only obfuscator with an AI workflow where the AI explains the pitfalls in your app and gives you the information you need to decide. You remain in control; Claude is the reviewer who read every line of your code and knows every reflection trap in the framework. The result is a build configuration that runs unattended in CI — no ongoing AI dependency, no mystery.