This morning, the AI community woke up to a bombshell: Claude Code's entire source code was exposed on GitHub.
Not a snippet. Not a partial leak. All 512,000 lines. 1,900 files. Complete TypeScript source.
How It Happened
March 31, 2026. Security researcher Chaofan Shou posted on X:
"Claude code source code has been leaked via a map file in their npm registry!"
A single .map file. That's all it took.
Source maps are debugging tools that map compiled code back to original source. They're supposed to stay in development environments only. Anthropic accidentally bundled it into their production npm package.
The .map file referenced an R2 storage bucket URL. Click it. Complete, unobfuscated, commented TypeScript source code. Ready to download.
What Was Exposed
This is the complete source code of a production-grade AI coding tool.
Scale:
1,900 files
512,000+ lines of code
Strict TypeScript
Bun runtime
React + Ink terminal UI
Core files:
QueryEngine.ts: 46,000 lines — entire LLM API engine, streaming, tool loops, token tracking
Tool.ts: 29,000 lines — all agent tool types and permission schemas
commands.ts: 25,000 lines — slash command registry and execution
Exposed tools: ~40 agent tools including BashTool, FileReadTool, FileEditTool, AgentTool, WebFetchTool, WebSearchTool, MCPTool, LSPTool
Exposed commands: ~85 slash commands including /commit, /review, /compact, /mcp, /memory, /skills, /tasks, /vim, /diff, /cost
Internal feature flags: PROACTIVE, VOICE_MODE, BRIDGE_MODE, KAIROS
And an easter egg: A feature called BUDDY — a digital pet system similar to OpenClaw, with rarity tiers, shiny variants, procedurally generated stats. Hidden in the buddy/ directory, locked behind a compile-time feature flag. Release date: April 1-7, 2026 teaser window, full launch in May.
Anthropic's Response
They moved fast. After discovery, Anthropic immediately pushed an npm update, removing the source map file. Then deleted old versions from the npm registry.
Too late. At least 3 mirror repositories are already on GitHub: instructkr/claude-code, Kuberwastaken/claude-code, nirholas/claude-code.
The internet never forgets.
This Isn't the First Time
This is Anthropic's second leak in five days.
March 26, just five days ago, a CMS configuration error exposed:
Unreleased "Claude Mythos" model details
Draft blog posts
3,000 unpublished assets
Now this. 512,000 lines of source code. Fully exposed.
Community Reaction
Reddit exploded. Hacker News exploded. The reaction was surprisingly unanimous: "The irony is unreal".
Anthropic has been marketing how powerful Claude is at writing and reviewing code. Then their own code leaked due to a basic mistake.
Some said:
"Looks like someone at Anthropic vibed a little too hard and accidentally pushed the source to the public npm registry."
Others:
"I actually thought it was open source because of the GitHub repository."
But some pushed back. Developer Skanda said:
"This 'leak' is kind of clickbait. Claude Code CLI has always been readable in the npm package (minified JS). The source map just makes it readable TypeScript."
He's right. Anthropic never treated Claude Code's client logic as a secret. The core moat is the Claude model itself, not the CLI tool.
You can already cat /opt/homebrew/lib/node_modules/@anthropic-ai/claude-code/dist/*.js to see all the logic.
So technically, this isn't a "leak". It's more like someone pretty-printed the minified code.
But. Seeing code and understanding it are two different things.
What You Can Learn From the Source
Developer Jingle Bell spent an entire day digging through the code, then posted:
"Claude's revenue today is coming from everyone using Claude to analyze Claude's source code."
Ironic, but true.
He summarized 4 things you can learn:
- How Anthropic Writes System Prompts Traditional approach (wrong): "Try to help users, provide detailed answers"
Anthropic's approach (engineered):
Tool constraints: "Must use FileReadTool to read files, bash is not allowed"
Risk controls: "Must double-confirm before deleting data"
Output specs: "Give conclusion first, then explain"
This makes AI behavior more predictable, controllable, and production-ready.
- Multi-Agent Orchestration Architecture Complete multi-agent orchestration system:
Coordinator Mode: One main agent assigns tasks to multiple workers, workers execute in parallel and report back
Permission Queue (Mailbox): Workers request permission from leader via mailbox when executing dangerous operations
Atomic Claim Mechanism: createResolveOnce prevents multiple workers from handling the same permission request
Team Memory: Shared memory space across agents
How to give agents autonomy while maintaining human control. This is Anthropic's own best practice.
- Context Compression Strategy One of Claude Code's most elegant engineering achievements. Three-layer compression:
MicroCompact: No API calls triggered. Directly edits cached content locally, removes old tool outputs.
AutoCompact: Triggers when approaching context window limit. Reserves 13,000 token buffer, generates up to 20,000 token summary. Built-in circuit breaker — stops retrying after 3 consecutive failures to prevent infinite loops.
Full Compact: Compresses entire conversation into summary, then re-injects recently accessed files (5,000 token limit per file), active plans, used skill schemas. Post-compression budget: 50,000 tokens.
If you're building any long-conversation AI app, this three-layer strategy is directly applicable.
- AutoDream Memory Consolidation Claude Code automatically consolidates memory in the background.
Trigger conditions (all four must be met):
≥ 24 hours since last consolidation
≥ 5 new sessions since then
No other consolidation process running
≥ 10 minutes since last scan
Consolidation flow (4 phases):
Orient — Read MEMORY.md, scan existing memory files
Gather — Check logs, find outdated memories
Consolidate — Merge, update, resolve contradictions
Prune — Keep MEMORY.md ≤ 200 lines / 25KB
Any AI app needing long-term memory can use this pattern. Memory needs regular consolidation, not just accumulation.
For developers, this "leak" is a free masterclass. Anthropic's engineering practices, refined over countless late nights, are now laid out in front of you.
What This Means
For developers: This is a textbook supply chain security case. Source map files are meant for debugging. But if accidentally bundled into production, your entire source code gets exposed to the world. There have been cases where hardcoded Stripe API keys were found in production source maps. One configuration error can turn your proprietary codebase into public knowledge.
For AI tools: This leak reveals the real architecture of a production-grade AI coding tool. Not a PowerPoint deck. Not marketing copy. Real, runnable, production-validated code. Multi-agent coordination, permission systems, tool call loops, IDE bridges, voice input, Vim mode, MCP integration, LSP integration... This isn't a simple API wrapper. This is a complete, engineered, production-grade developer experience.
For Anthropic: This is an intellectual property disaster. Internal API client logic, OAuth 2.0 authentication flows, permission enforcement, multi-agent coordination systems, even unreleased feature pipelines... All exposed. Competitors can now see Anthropic's technical implementation, architecture choices, optimization strategies, product roadmap.
But here's the thing. Maybe Anthropic doesn't care. Like Skanda said, the core moat is the Claude model itself, not the CLI tool. You can copy their architecture. You can learn their engineering practices. But you can't replicate Claude's reasoning capabilities. That's the real moat.
Final Thoughts
Midnight. I finished reviewing the directory structure of these 512,000 lines. Then I opened the buddy/ folder. Saw the digital pet system code. And felt something.
Even the most powerful AI companies are built by humans. They make basic mistakes. They hide easter eggs in code. They secretly prepare digital pet systems before April Fools'.
This leak is, of course, a security incident. But it also shows us: Behind AI tools are real engineers, writing real code, solving real problems. Not magic. Not a black box. 1,900 files, 512,000 lines of code, countless late nights, countless refactors.
Maybe this is the truth of the AI era. No matter how advanced the technology, it ultimately comes down to code. No matter how powerful the model, it still needs humans to wield it. And humans always make mistakes.
Related Links:
GitHub Mirror: https://github.com/instructkr/claude-code
Original Tweet: https://x.com/Fried_rice/status/2038894956459290963
Hacker News Discussion: https://news.ycombinator.com/item?id=47584540
Community Analysis (Skanda): https://x.com/thecryptoskanda/status/2038924451275018383
Technical Breakdown (Jingle Bell): https://x.com/ScarlettWeb3/status/2038940065523552263
Top comments (0)