The internet had a field day on March 31, 2026. Anthropic accidentally shipped the entire source code of Claude Code — their flagship AI coding CLI — inside an npm package via a source map file. A single missing line in .npmignore. That is all it took.
At Gerus-lab, we spent the weekend going through what leaked. Not to gloat — we have made our own embarrassing mistakes shipping proprietary code to production. But because the internals of Claude Code reveal a blueprint for how serious AI agent infrastructure actually works. And it is fascinating.
How Did This Even Happen?
The short version: Anthropic uses Bun as their bundler. Bun generates source maps by default unless you explicitly disable it. Source maps contain the full original source code embedded as JSON strings in sourcesContent. They forgot to exclude *.map files from their npm publish config.
The result? Anyone who ran npm pack @anthropic-ai/claude-code could extract 785KB of production TypeScript — including system prompts, internal tooling, and some genuinely surprising architectural decisions.
The irony that makes this story legendary: Claude Code contains an "Undercover Mode" — an entire subsystem designed to prevent the AI from accidentally leaking internal Anthropic codenames in git commits. They built a secrecy system for Claude, then shipped their own source code to the world. Presumably through Claude itself.
We are not here to pile on Anthropic. This is a mature, well-funded team building genuinely impressive software. The lesson is not "Anthropic is incompetent." The lesson is: this kind of mistake is trivially easy to make, and the consequences can be severe.
What is Actually Inside Claude Code
Here is what caught our attention as a team that builds AI agent systems for clients:
1. A Custom React Renderer for the Terminal
Claude Code does not use a standard TUI library. They built a custom React renderer that outputs to terminal. This means the UI layer is declarative, component-based, and testable — the same mental model web developers already know, applied to CLI interfaces.
When we built our TON blockchain agent earlier this year, we struggled with terminal state management. We went with a simpler approach. After seeing Claude Code architecture, we are reconsidering.
2. "Dream" — Background Memory Consolidation
There is a background process called dream that runs memory consolidation tasks. The name is intentional — like human sleep consolidating memories, Claude Code dream mode processes and compresses conversation history into higher-level summaries.
This is sophisticated. Most AI agents we have built and seen treat context as a flat window you stuff full of text until you hit the token limit. Claude Code has a dedicated subsystem for managing what to remember and what to compress. That is the difference between an MVP demo and production-grade tooling.
At Gerus-lab, our AI agent projects have consistently run into the context window problem for long-running tasks. We tried naive summarization. We tried chunking. The dream architecture suggests a more principled approach: continuous background consolidation rather than reactive compression.
3. Multi-Agent Orchestration with a Coordinator
The leaked code shows a multi-agent swarm system with a dedicated coordinator. Individual agents handle specific tasks; the coordinator manages delegation, result aggregation, and conflict resolution.
This matches what we have been building for enterprise clients. The pattern works. But seeing Anthropic implementation details — particularly how they handle agent-to-agent communication and failure cases — validated several architectural decisions we had made independently and flagged others we had gotten wrong.
4. BUDDY — The Tamagotchi Nobody Expected
This deserves its own section because it is delightful.
Buried in the codebase, behind a compile-time feature flag called BUDDY, is a fully functional companion creature system. Think Tamagotchi meets gacha game, running in your terminal. There are 18 species with rarity tiers (Common through Legendary), shiny variants, procedurally generated personalities, and — I am not making this up — a "soul description" that Claude writes at the creature first hatching.
Species names were obfuscated via String.fromCharCode() arrays to prevent string searches from surfacing them. Anthropic clearly knew this was in the codebase and actively tried to hide it from casual inspection.
Is it shipping to users? Unknown. Is it the most human thing in the entire leaked codebase? Absolutely.
The Security Lessons (The Ones That Actually Matter)
We have seen three patterns that lead to this kind of leak, and we have personally hit two of them:
1. Bundler defaults are not production defaults
Every bundler generates source maps by default for developer experience. Source maps in production are a liability. Bun, webpack, esbuild, Rollup — check your config. Add *.map to .npmignore if you are publishing. Add it to .gitignore too. Add a CI check that fails if map files are detected in the publish artifact.
2. .npmignore is not inherited from .gitignore
This surprises a lot of people. Your .gitignore tells git what to ignore. Your .npmignore tells npm what to exclude from published packages. They are separate files. If you do not have an .npmignore, npm uses your .gitignore as a fallback — but only for files that are tracked by git. Generated build artifacts that are not tracked can slip through.
3. "It is compiled, so it is safe" is a myth
Minification is not obfuscation. Compilation is not encryption. If your build output contains a source map — or even just readable string constants from your source — consider your source code exposed. This is especially critical for AI systems where system prompts, tool definitions, and model routing logic may be commercially sensitive.
At Gerus-lab, we now run a publish artifact audit step before every npm release on internal packages. It is five lines of shell script. It has caught three issues in the last six months.
What This Means for the AI Agent Ecosystem
The Claude Code leak is, in the end, a gift to the developer community. Not because Anthropic made an embarrassing mistake — but because we now have a rare, detailed look at how a state-of-the-art AI agent system is actually architected.
The dream memory system. The multi-agent coordinator. The custom terminal renderer. The 40+ tools. These are not research concepts — they are production code, shipping to millions of developers, from a team with the resources to build things properly.
For teams like us at Gerus-lab, building AI agents for clients in Web3, GameFi, and SaaS, this is invaluable reference material. Not to copy — to understand the shape of the problem space and where the serious engineering effort goes.
The systems that matter most in AI agents are not the model calls. They are the plumbing: memory management, tool orchestration, failure handling, state persistence. Claude Code internals show exactly how much engineering goes into getting that plumbing right.
Our Takeaways
- Audit your build artifacts before publishing. Always. Automate it.
- Memory management is an architectural concern, not a prompt engineering problem. Build for it early.
- Multi-agent coordination is harder than it looks. The coordinator pattern works, but failure modes are subtle.
- Ship the product, not the source map. Obvious in retrospect. Catastrophic in practice.
We are already incorporating some of what we learned into our current projects. If you are building AI agents — whether on TON, Solana, or in a traditional SaaS context — we would love to talk about the architecture.
Building AI agents that need to survive in production? Talk to the Gerus-lab team. We have made most of the mistakes so you do not have to.
Top comments (0)