Claude Code Leak Exposes 510k Lines of Source and Hidden Features

Leak details

On Tuesday Chaofan Shou disclosed that the source‑map file for the npm package @anthropic-ai/claude-code was published, exposing the full Claude Code codebase.

The leak contains over 1,900 TypeScript files, about 510,200 lines (≈51 万行), and a 59.8 MB cli.js.map file. The repository is available at https://github.com/instructkr/claude-code.

Technical architecture

Runtime and UI – Built with React + Ink for terminal UI and runs on the Bun runtime.

Tools toolbox – More than 40 modules providing file I/O, Bash execution, LSP integration and sub‑agent generation.

QueryEngine – The file QueryEngine.ts is ~46 k lines and implements reasoning, token counting and chain‑of‑thought loops.

Coordination layer – Components coordinator (multi‑agent scheduler) and bridge (VS Code/JetBrains integration) enable parallel sub‑agent work and IDE embedding.

Hidden capabilities discovered in the source

Kairos mode – An unreleased mode referenced in the code.

Undercover Mode – Automatically strips AI‑related traces from commits made by Anthropic staff; cannot be disabled.

Coordinator Mode – Schedules parallel sub‑agents for improved throughput.

Auto Mode – An AI classifier that auto‑approves tool permissions, removing manual prompt confirmations.

Buddy System – An embedded virtual‑pet daemon with 18 species, rarity tiers, and stat attributes.

Community reaction

The GitHub repository quickly surpassed 5 k stars and generated extensive discussion on Reddit and X (e.g., https://x.com/CoooolXyh/status/2038906318027899324, https://x.com/mark_k/status/2038905716270936419).

Implications

The accidental publication of a source‑map file exposed Anthropic’s internal “AI engineer” implementation, including detailed tool integration, multi‑agent coordination, and undocumented modes, raising security concerns about hidden back‑door functionality and the practice of publishing source‑map files in public packages.