Inside Claude Code’s 512K-Line Leak: How Its AI Coding System Is Built

On 31 March 2026 Anthropic published the claude-code package to npm and unintentionally included a .map file that points to the original TypeScript source, effectively publishing the entire 512 K‑line codebase. The leak was traced to a known Bun bug ( oven‑sh/bun#28001) that bundled source maps into the final artifact.

Five‑Layer System Decomposition

The codebase can be divided into five logical layers:

Entry & Interaction Layer : CLI, Ink/React UI, command parsing, state management ( main.tsx – 4 683 lines).

Conversation Orchestration Layer : QueryEngine.ts (1 295 lines) and query.ts (1 729 lines) implement a continuous agent loop that receives input, assembles prompts, calls the model, executes tools, and repeats until a task finishes or is interrupted.

Prompt & Memory Layer : System prompt constants (e.g., SYSTEM_PROMPT_DYNAMIC_BOUNDARY, FRONTIER_MODEL_NAME = 'Claude Opus 4.6') separate static cache‑friendly text from dynamic per‑session data, enabling cache reuse and reducing token waste.

Tool & Execution Layer : Over 40 tools are grouped into file operations, execution environments, AI collaboration, task management, MCP integration, mode control, and miscellaneous utilities. Tools are treated as a plugin platform rather than optional add‑ons.

Service Layer : Handles model API calls, telemetry, task persistence, plugins, and background agent capabilities.

Memory System – CLAUDE.md

Claude Code uses a four‑tier cascading memory configuration:

Managed memory (global rules from /etc/claude/CLAUDE.md).

User memory (private preferences from ~/.claude/CLAUDE.md).

Project memory (repo‑level rules from project‑root CLAUDE.md and related files).

Local memory (session‑specific overrides from CLAUDE.local.md).

Files are loaded from low to high priority, so the most specific configuration overrides broader settings, mirroring CSS or Git config cascading.

Tool Ecosystem

Key tool groups include:

File read/write/edit, glob, grep.

Shell execution tools (Bash, PowerShell, REPL).

AI collaboration tools (AgentTool, SendMessageTool, TeamCreate/Delete).

Task lifecycle tools (TaskCreate/Get/List/Stop/Update/Output).

MCP integration tools (MCPTool, ListMcpResources, ReadMcpResource, McpAuthTool).

Mode‑control tools (Enter/ExitPlanMode, Enter/ExitWorktree).

Miscellaneous utilities (WebFetch, WebSearch, LSPTool, NotebookEdit, ScheduleCron, AskUserQuestion, etc.).

These tools are not merely function calls; they are first‑class agents with their own state and permissions.

Multi‑Agent Architecture

Claude Code supports several coordination mechanisms: COORDINATOR_MODE turns the main agent into a scheduler that splits tasks, dispatches sub‑agents, aggregates results, and enforces a restricted tool set ( COORDINATOR_MODE_ALLOWED_TOOLS). FORK_SUBAGENT creates lightweight “forked” agents for isolated exploration or verification.

Built‑in agents include Plan, Explore, Verification, and Guide agents, each with distinct prompts, permissions, and workflows. KAIROS provides persistent background agents (daemon mode) with features such as dreaming (night‑time memory consolidation), GitHub webhook listening, push notifications, and multi‑channel communication.

Hidden Features and Feature Flags

Feature flags expose experimental capabilities without public UI. Notable flags: BUDDY – an in‑terminal pet system with 18 species, rarity tiers, and attribute modifiers, encoded via String.fromCharCode to avoid static string detection. UNDERCOVER – forces Anthropic internal users into a mode that strips internal model names, unreleased version identifiers, and any AI‑self‑reference from output, unless the repository matches an internal allowlist.

Other flags ( KAIROS_DREAM, ULTRAPLAN, EXPERIMENTAL_SKILL_SEARCH, etc.) hint at future product directions such as long‑running background agents and advanced planning pipelines.

"You are a verification specialist. Your job is not to confirm the implementation works — it's to try to break it."

The Verification Agent’s prompt explicitly lists common failure patterns, showing Anthropic’s effort to embed self‑audit mechanisms into the runtime.

Implications

The leak demonstrates that the real competitive moat of a coding agent lies in its runtime engineering: prompt‑memory split for cache efficiency, a layered memory system, fine‑grained tool permissions, persistent multi‑agent orchestration, and automatic context compression. Prompt engineering is therefore evolving into system‑level engineering, and multi‑agent coordination is becoming a core product feature rather than a proof‑of‑concept.

In summary, Claude Code is less a simple LLM wrapper and more an operating‑system‑like platform for AI‑assisted software development.

References

Anthropic Claude Code documentation: https://docs.anthropic.com/

Bun issue #28001 (source‑map leak): https://github.com/oven-sh/bun/issues/28001

Claude Code website: https://claude.ai/code

Anthropic website: https://www.anthropic.com/