The entire internet is buzzing: the source code of fork Claude Code has been leaked and open-sourced.

The AI community has gone completely crazy!

Just now, an X account named Chaofan Shou posted saying, “Claude Code’s source code was leaked through a mapping file in its npm registry!”

In a short time, the post has already drawn several million views. And a bunch of netizens have quickly followed suit, started疯狂 forking this project, and analyzing the source code.

Link:

One user said, “This should be Claude Code’s official team accidentally uploading the v2.1.88 source code directly into an npm package. The overall code structure is very mature; the whole repo is split very meticulously. The main flow includes REPL startup, QueryEngine, tool registration, slash commands, a permissions system, a task system, and multi-layer state management—an extremely typical production-grade AI agent harness design. And you can view all the tools.”

Link:

According to more updates from Twitter users, this “wasn’t a hack—it’s that Anthropic itself, when publishing on npm, packaged the source map into the production version.”

The leak came from a cli.js.map file of about 57MB. The file contains the complete contents of 4,756 source files: 1,906 of them are Claude Code’s own TypeScript/TSX source code, and the remaining 2,850 come from node_modules dependencies.

More importantly, the extraction method has almost no barrier. cli.js.map is essentially just a JSON file, whose core contains two arrays:

• sources: a list of file paths
• sourcesContent: the corresponding complete source code

These two arrays correspond one-to-one and match by index. That means there’s no need for decompilation or deobfuscation—sourcesContent already directly stores the verbatim content of the original source. You only need a simple script to bulk restore it.

From the code recovered this way, you can clearly see Claude Code’s overall architecture:

• The CLI interface is built with React + Ink
• The core is a REPL loop that supports natural-language input and slash commands
• Under the hood, it interacts with the large-model API through a tool system

Including key implementation details like architecture design, the system prompt, and tool-calling logic—everything is fully exposed.

Image source:

At present, in communities like GitHub, Hacker News, and Reddit, people are carefully “appraising” this code and have dug out quite a few secrets that Anthropic didn’t plan to make public.

For example, an employee-exclusive “Undercover Mode”—when the system detects that the user is an Anthropic internal employee and is operating a publicly available GitHub repository, this mode automatically activates. Its purpose is to erase all traces of AI-generated code and attribution information, and the system prompt explicitly instructs the large model to “not reveal your identity.” Even more remarkable: the code contains no switch that forcibly disables this feature.

“Easter egg” electronic pets (Buddy System)—the developers embedded a system called Buddy in the code. It includes 18 different virtual pets (including ducks, dragons, and Capybara—one of the water creatures Anthropic internally loves very much). These pets even have rare “1% drop rate” settings, hats you can equip, and five-dimensional attributes (debugging ability, patience, chaos value, wisdom, and a sarcastic tongue). To prevent the company’s internal “leak-scanning tools” from discovering that they’re goofing off, the developers also intentionally used String.fromCharCode () to obfuscate the pet name strings.

KAIROS back-end guardian mechanism—at present, Claude Code is still a command-line tool where “you kick it and it moves,” but the leaked code reveals Anthropic’s next ambition: keeping the Agent online forever. The code includes a feature-flag-hidden functionality module codenamed KAIROS. This is an automated back-end guardian process (Daemon mode). Once activated, the Agent gains background session capabilities and can directly subscribe to GitHub Webhooks (for example, once there’s a new error, it starts fixing it in the background by itself). Even more interesting is that it includes a memory organization mechanism called “dream,” used to compress and consolidate long-term memories when idle.

The mysterious “Capybara” model—there really is a capybara model. In the leaked code comments, an unpublished model codename “Capybara” appears multiple times (recently, leaked internal documentation also says its official name is Claude Mythos, a brand-new generation of powerful model positioned above Opus). The leaked code contains information about the capybara-fast version, as well as developers’ internal debugging logs when they “make false claims” for this model.

Emotion monitoring—the telemetry system at the code’s base shows that Anthropic is highly concerned about developers’ “frustration.” The system specifically tracks whether the user curses at Claude in the terminal, as well as the frequency of continuous inputs of continue (typically resulting from the irritation caused by interruptions in model output).

Afterward, Anthropic has already realized the issue and removed the source map; meanwhile, on GitHub, the repository used to extract the source code was also taken down under the DMCA. But because the early npm package had already been cached and mirrored, these source codes had long since spread widely across the community, making it difficult to fully recover them.

Some users also say this is Anthropic’s second time making such a basic mistake. As early as February 2025, there was a previous leak. At the time, Anthropic urgently pulled it down and patched it—but this time it crashed again in the same place.

Currently, multiple complete mirror repositories have already appeared on GitHub (such as leeyeel, dnakov, ghuntley, etc.). The source code has been neatly organized, and anyone can directly study it and even fork it.

In just one short hour, the GitHub project stars for one of the Claude Code “clone” projects have already exceeded 12k, and the fork count has broken 18k.

Project address:

Regarding this Claude Code leak, someone joked, “This is the best birthday gift ever.”

This round of Claude Code is basically being open-sourced—an important product from this star AI company has been laid bare. For the industry, many things also count as having some reference value, whether more or less.

Now, the industry’s top AI company’s “best practices” are right in front of everyone. How to do context compression? How to manage an agent’s long-term memory? How to securely schedule the MCP protocol? These things that used to have a bit of confidentiality attached now come with publicly available references.

Maybe in a few days, it won’t be surprising if agents from various companies also roll out big version updates.