#
On March 31, 2026, an incident sparked by an npm package misconfiguration led to the complete source code of Claude Code—a core product under Anthropic’s AI programming tool suite—being exposed to the public. A 59.8MB source map file, containing over 512,000 lines of raw TypeScript code, completely unveiled the internal design of this agentic coding tool, which had always been distributed in a closed-source format.
Incident Recap: A Leak Caused by a Source Map
According to information posted on the social media platform X by the developer community and security researcher Chaofan Shou, the timeline of the event is clear:
- Morning of March 31, 2026: Anthropic published a new version of its npm package,
@anthropic-ai/claude-code@2.1.88.
- The Critical Error: The package mistakenly included a source map file named
cli.js.map. In web development, source maps are used to map minified, obfuscated production code back to readable source code for debugging. However, in this build process, the file not only contained the mapping relationships but also embedded the complete content of all 1,906 original TypeScript files via the sourcesContent field.
- Rapid Dissemination: After security researchers discovered and disclosed the leak, multiple GitHub mirror repositories quickly appeared. Developers could obtain the entire source code simply by downloading this historical version of the npm package. Although npm officially withdrew version 2.1.88 shortly after, the code had already spread globally, making a recall impossible.
Notably, this isn’t the first time Anthropic has made such a mistake. As early as February 2025, the company experienced a similar source map leak incident.
Source Code Analysis: The Inner Architecture of an AI Agent
The leaked code provides a rare opportunity to gain deep insights into a state-of-the-art AI Agent architecture. Claude Code is not just a simple wrapper for a model API but a complex, terminal-native intelligent programming assistant. Its key design features include:
Modern Terminal Tech Stack: The code shows that its command-line interface (CLI) is built using the Ink library, which allows developers to build interactive CLI applications with React’s component-based philosophy. It runs on the high-performance JavaScript runtime Bun to achieve faster execution speeds and lower memory usage. The entire project structure is clean, with clearly defined modules like commands, tools, agents, and coordinator under the src/ directory.
Core Reasoning Engine: QueryEngine.ts: The file QueryEngine.ts is the ‘brain’ of the entire system, with a staggering 46,000 lines of code. It’s responsible for managing the AI’s core workflow, including token usage tracking and cost control, constructing the Chain of Thought (CoT), managing multi-turn conversational reasoning, and an Agent Loop that supports a Plan-then-Execute model. The engine also supports a Coordinator Mode for concurrently orchestrating multiple sub-agents, showcasing its ability to handle complex tasks.
Rich Toolset and Deep Integration: The source code includes over 40 pre-built tools, covering file system operations, Git version control, Shell command execution, automated testing, and code formatting. More importantly, it has native support for the Language Server Protocol (LSP), enabling deep interaction with IDEs like VS Code and the JetBrains suite to obtain precise code context, rather than relying on surface-level analysis.

- Multi-Agent Collaboration Framework: The
Coordinator and Bridge modules reveal its ambition to support multi-agent collaboration. The Coordinator is responsible for task decomposition and scheduling, assigning complex tasks to multiple parallel sub-agents. The Bridge acts as a communication layer, connecting to different IDEs and development environments, and even shows potential for multi-machine distributed execution. This validates the vision mentioned by its creator, Boris Cherny, in an interview: future engineers will become orchestrators of AI teams.
Hidden Features and Future Roadmap
Beyond the known core functionalities, the source code revealed some interesting unreleased or experimental features that hint at Anthropic’s vision for the future of AI Agents:
- Kairos Mode: A background daemon mode designed to enable persistent memory and autonomous operation, allowing the agent to execute tasks independently over long periods.
- Undercover Mode: A special mode which, according to code comments, might be for internal Anthropic employees to use when submitting code to open-source communities. Its purpose is to erase traces of AI generation, sparking discussions about code provenance and transparency.
- Buddy System: A built-in ‘digital pet’ system, complete with 18 species, rarity levels, and attributes. This could be an innovative user engagement and incentive mechanism, leveraging gamification elements to increase user stickiness.
- Claude Mythos 5.0: The source code contains references to a new model codenamed ‘Capybara,’ indicating that the next-generation large language model is already in integration testing.
Industry Impact: From Closed Source to De Facto “Open Source”
This ‘accidental open-sourcing’ event will have a profound impact on the AI industry, especially in the AI coding tools sector. Firstly, it provides an invaluable reference design for open-source AI Agent projects like Aider and OpenCode, potentially closing the gap in functionality and architecture between open-source and closed-source products in the short term. Secondly, the incident prompts a re-evaluation of the ‘black box’ problem associated with closed-source models and tools. When the inner workings of a top-tier product are made public, business models that rely solely on technical secrecy will face greater challenges. Finally, the leaked code itself, with its forward-looking designs like multi-agent collaboration and persistent memory, offers the entire developer community a practical textbook on how to build complex, AI-native applications, which will undoubtedly accelerate innovation across the industry.