The AI community has gone crazy!

Just now, an X account named Chaofan Shou posted, "The source code of Claude Code was leaked through a mapping file in its npm registry!"

In just a short time, the post has generated millions of views. A number of netizens have quickly followed up and started frantically forking the project and analyzing the source code.

Link: https://github.com/sanbuphy/claude-code-source-code

Some netizens said, "This should be due to Claude Code official accidentally transferring the source code of v2.1.88 directly to the npm package. The overall code structure is very mature, and the entire repo is very detailed. The main process includes REPL startup, QueryEngine, tool registration, Slash command, permission system, task system, and multi-layer status management. It is a very typical production-level AI agent harness. Design. All tools included."

Link: https://x.com/sanbuphy/status/2038912992457408838

According to more Twitter users, this time "it was not a hacker attack, but Anthropic themselves packaged the source map into the production version when npm was released."

This leak originated from a cli.js.map file with a volume of about 57MB. The file contains the complete content of 4756 source files: 1906 of them are Claude Code's own TypeScript/TSX source code, and the remaining 2850 are from node_modules dependencies.

More importantly, there is almost no threshold for extraction. cli.js.map is essentially just a JSON file, containing two arrays at its core:

• sources: file path list

• sourcesContent: the corresponding complete source code

These two arrays correspond one to one and match by index. In other words, there is no need to decompile or deobfuscate, the verbatim content of the original source code has been directly saved in sourcesContent. Batch restore can be done with a simple script.

From these recovered codes, you can clearly see the overall architecture of Claude Code:

• CLI interface is built based on React + Ink

• The core is a REPL loop that supports natural language input and slash commands

• The bottom layer interacts with the large model API through a tool system

Key implementation details, including architecture design, system prompt, tool calling logic, etc., are completely exposed.

Picture source: https://x.com/chenchengpro/status/2038904406406476195

Currently in communities such as GitHub, Hacker News and Reddit, people are carefully "appreciating" this code and have dug up many secrets that Anthropic did not intend to disclose.

For exampleEmployee-specific "Undercover Mode" (Undercover Mode) - This mode will be automatically activated when the system detects that the user is an internal employee of Anthropic and is operating a public GitHub repository. Its function is to erase all traces and attribution information of AI-generated code, and clearly requires the large model to "do not expose your identity" in the system prompts. What's even more amazing is that there is no switch in the code to force this feature off.

"Easter Egg" Electronic Pet (Buddy System)——The developer buried a system called Buddy in the code. It includes 18 different virtual pets (including ducks, dragons, and Anthropic’s favorite capybara, Capybara, etc.). These pets even have a "1% drop rate" rarity setting, dressable hats, and five-dimensional attributes (debugging ability, patience, chaos value, wisdom, poisonous tongue). In order to prevent the company's internal "anti-leakage scanner" from discovering that they were not doing their job properly, the developers also deliberately used String.fromCharCode () to obfuscate the string of the pet's name.

KAIROS background daemon - The current Claude Code is still a command-line tool that "kicks it and it moves", but the leaked code exposed Anthropic's next ambition: to keep the Agent online forever. The code contains a feature module hidden by the Feature Flag (build flag), code-named KAIROS. This is an automated background daemon process (Daemon mode). Once activated, the Agent has background session capabilities and can directly subscribe to GitHub's Webhook (for example, once a new error is reported, it will start repairing it in the background). More interestingly, it contains a memory organization mechanism called "dream", which is used to compress and consolidate long-term memory at idle times.

Mysterious "Capybara" model - There really is a Capybara model, and an unreleased model codename "Capybara" appears many times in the leaked code comments (recently, internal documents have also been leaked saying that it is officially called Claude Mythos, and it is a new generation of powerful model positioned above Opus). The leaked code contains information about the capybara-fast version, as well as internal debugging records of developers "making false claims" against the model.

Emotion Monitoring - The telemetry system at the bottom of the code shows that Anthropic is very concerned about the "frustration" of developers. The system specifically tracks whether the user curses at Claude in the terminal and how often continue is entered (an irritating behavior usually caused by interruptions in model output).

Afterwards, Anthropic has realized the problem and removed the source map; at the same time, the repository used to extract the source code on GitHub has also been delisted by DMCA. However, since early npm packages have been cached and mirrored, these source codes have been widely spread in the community and are difficult to completely recycle.

Some netizens said that this is the second time Anthropic has made such a stupid mistake. There was a leak as early as February 2025, when Anthropic was urgently removed from the shelves for repairs, but it overturned in the same place this time.

Currently, there are multiple complete mirror repositories on GitHub (such as leeyeel, dnakov, ghuntley, etc.). The source code is organized in an orderly manner, and anyone can directly study or even fork.

In just one hour, the GitHub project star of one of the Claude Code "clone" projects has exceeded 12k, and the number of forks has exceeded 18k.

Project address: https://github.com/instructkr/claude-code

Regarding the leak of Claude Code, someone joked, "This is the best birthday gift ever."

This wave of Claude Code has indeed been open sourced. This important product of this star AI company has been completely ignored by people. For the industry, many things can be regarded as more or less reference.

Now, the "best practices" of the top AI companies in the industry are directly in front of everyone. How to do context compression? How to manage an agent's long-term memory? How to schedule MCP protocol securely? These things that used to be somewhat confidential now have open reference books.

Perhaps it won’t be surprising that agents from various companies will receive major version updates in a few days.