The Claude Code Source Leak: What Was Actually Inside
Based on the Engineer's Codex article "Diving into Claude Code's Source Code Leak" by Engineer's Codex.
On March 31, 2026, Anthropic accidentally shipped a .map sourcemap file inside a Claude Code npm update. Within minutes, 600,000 lines of one of the most deliberately closed AI products in the world were mirrored, forked, ported, and uploaded to decentralized servers.
Claude Code has always been notoriously opaque — their Agent SDKs provide almost no insight into internals, and Anthropic actively keeps the source closed. Which made what happened next a very big deal.
How It Happened
A .map file is a sourcemap — a developer tool that maps minified/compiled code back to the original source. Shipping it in production is a classic mistake that CI pipelines are supposed to catch.
Boris Cherny, a Claude Code engineer at Anthropic, confirmed it was plain developer error, not a tooling bug. His follow-up was notably measured: "Mistakes happen. As a team, the important thing is to recognize it's never an individual's fault. It's the process, the culture, or the infra."
A blameless post-mortem take — the Google SRE playbook applied in real time. The goal is an environment where engineers report mistakes honestly rather than hiding them.
Chaofan Shou (@Fried_rice) was first to spot it and posted a public link. The race was on within minutes.
The Chaos That Followed
Claw-Code: 75,000 Stars Overnight
The most popular fork was claw-code on GitHub, created by @realsigridjin. Rather than just mirroring the source (which would be an obvious DMCA target), he ported the entire thing to Python — using OpenAI's Codex to do the rewrite. Deliberate irony, presumably.
The legal theory: a clean-room AI rewrite can't be touched by DMCA. Claw-code hit 75,000+ stars and 75,000+ forks.
The Copyright Question Nobody Can Answer
Traditional clean-room reverse engineering is a real legal process:
"It involves two separate teams: one analyzes the original software to create specifications, while a second 'clean' team creates the new product based only on those specifications, ensuring no proprietary code is copied."
It used to take months and cost serious money. That was the barrier.
Now anyone with a Claude Max subscription can point an agent at a codebase's tests and have the logic rebuilt overnight. The practice has never been challenged in court at this scale.
Gergely Orosz framed the PR problem neatly: even if Anthropic tries to assert copyright, do they want the battle of suing an open source project for rebuilding their own AI-written product? And could they even prove it?
Meanwhile, another user uploaded a stripped version to IPFS with all telemetry removed, security guardrails disabled, and experimental features unlocked. Whether DMCA can even reach IPFS-hosted content is its own unresolved legal question.
Status at time of writing: non-rewritten forks have been DMCA'd. Claw-code is still up.
What Was Actually Inside
This is the part that matters.
KAIROS: The Unannounced Autonomous Agent
Hidden behind feature flags named PROACTIVE and KAIROS, the codebase contains a fully built autonomous agent mode that Anthropic has never publicly announced.
KAIROS runs in the background, 24/7, without you asking. Every few seconds it receives a heartbeat prompt:
"Anything worth doing right now?"
It evaluates what's happening and makes a call: act, or stay quiet. If it acts, it can fix errors, respond to messages, update files, and run tasks — everything Claude Code can already do, except without you initiating any of it.
KAIROS has three exclusive tools that regular Claude Code doesn't:
- Push notifications — can reach you on phone or desktop even when the terminal is closed
- File delivery — can send you things it created without being asked
- Pull request subscriptions — watches your GitHub and reacts to code changes on its own
It keeps append-only daily logs of everything it noticed, decided, and did. It cannot erase its own history.
At night it runs a process the codebase literally calls autoDream — consolidating what it learned during the day and reorganising memory. It persists across sessions. Close your laptop on Friday, open it Monday: KAIROS has been working the whole time.
44 Hidden Feature Flags
Beyond KAIROS, the codebase contains 44 hidden feature flags and 20+ unshipped features total:
- Background agents running 24/7
- One Claude orchestrating multiple worker Claudes
- Cron scheduling
- Full voice command mode
- Browser control via Playwright
- Agents that sleep and self-resume
The Architectural Insight
The most interesting thing about all of this isn't the feature list — it's the architectural decision underneath it.
Regular Claude Code is reactive: it acts only when you send a message. KAIROS introduces a proactive loop, which requires a fundamentally different trust model. The agent now needs to decide on its own what is worth doing, which means the quality of that judgment becomes far more important than in a simple request-response system.
That's a hard problem. The fact that Anthropic has it fully built and gated behind feature flags suggests they've been working on it for a long time — and are being careful about when and how they ship it.
What This Actually Means
A few things land differently after this leak:
On the legal question: AI-assisted clean-room rebuilds have broken the traditional copyright moat. The cost and complexity that used to make clean-room reverse engineering prohibitive is gone. This will get litigated eventually, and the outcome will reshape how proprietary software works.
On KAIROS: Anthropic isn't behind on autonomous agents. They've shipped it internally and are gating it deliberately. Whether that's because the trust model isn't ready, the UX isn't right, or they're watching how OpenClaw lands — we don't know. But it exists.
On the mistake itself: Sourcemap files in production npm packages are a process failure, not a developer failure. The blameless post-mortem framing from Boris Cherny is the right call. The interesting question is what the process change looks like.
Source: Diving into Claude Code's Source Code Leak — Engineer's Codex, April 1, 2026.
