In the early hours of March 31, a post by security researcher Chaofan Shou on platform X exploded across the global developer community — Anthropic had accidentally packaged the full source code of Claude Code into an npm release package. No hacking, no insider leaks; a trivial configuration mistake laid bare its core technical foundation for the world to see.

The truth is shockingly simple: a single line excluding *.map files was missing from the .npmignore configuration. A 59.8MB source map file, containing 512,000 lines of TypeScript code across roughly 1,900 files, was openly included in the v2.1.88 release without anyone noticing.

The post quickly racked up 28.8 million views, while the GitHub mirror repository instructkr/claw-code became the fastest-starred project in the platform’s history, surging past 100,000 stars in a short time.

I spent two days combing through the code line by line. The biggest takeaway? Far more shocking than the leak itself is the future blueprint for AI programming hidden deep within the codebase.

An Accidental “Public Showcase” Caused by a Configuration Blunder

Let’s first recap this epic-level careless mistake.

During the build process of Claude Code’s npm package, source map files are automatically generated. Their core purpose is to map compressed JavaScript code back to the original TypeScript for easier debugging. Under normal circumstances, .npmignore excludes these files from publication to prevent core source code leaks.

However, in the v2.1.88 build pipeline, someone mistakenly deleted this critical rule, causing the source map to be bundled and released. Anthropic later confirmed this was a human error, an oversight in its manual deployment workflow. Making matters more awkward, when Anthropic issued DMCA takedown notices afterward, it inadvertently targeted 8,100 repositories. It eventually narrowed the scope to only 1 core repository and 96 branches.

KAIROS: The “24/7 AI Colleague” Hidden in the Code

One system immediately stood out as I analyzed the source: KAIROS. Far from a half-baked prototype, it is a fully implemented autonomous daemon mode, hidden behind the PROACTIVE and KAIROS feature flags and ready for deployment at any time.

KAIROS runs on an intelligent logic: it receives heartbeat signals every few seconds and autonomously decides whether to perform operations on the codebase, no manual developer commands required. Every night, it automatically runs an autoDream memory consolidation process, absorbing code logic and usage patterns learned during the day to continuously refine its performance.

It also comes with a dedicated toolset: push notifications, file delivery, and PR subscriptions. From code reviews and PR handling to file synchronization and alerts, it runs silently in the background. While you sleep, it scans for code vulnerabilities; while you’re in meetings, it processes pull requests — perfectly matching every programmer’s vision of an “ideal teammate”.

More Unreleased Surprises Beyond KAIROS

Coordinator Mode was the second core feature I focused on. While Claude Code already supports sub-agents, Coordinator Mode is an advanced orchestration system where multiple Agents collaborate via a mailbox-like mechanism for parallel task processing: one handling frontend development, one backend coding, one running test cases, and one conducting code reviews — fully automated, no human intervention required, with extremely high code integrity. This is far from an experimental feature.

ULTRAPLAN is designed for complex task processing. Powered by the Opus 4.6 model, it runs cloud-based planning sessions lasting up to 30 minutes. This reveals Anthropic’s core philosophy: truly complex engineering problems do not demand millisecond-level responses, but sufficient time for the model to “think” and plan.

Additionally, the source contains a complete voice interaction interface and a Playwright integration module. In the future, Claude Code will support native browser automation, directly running frontend tests for developers to boost efficiency. Most intriguingly, there is the BUDDY feature — a terminal pet system with 18 species to choose from, scheduled for official release in May. It is hard to tell whether this is part of Anthropic’s product strategy or a fun side project by engineers, but it certainly builds anticipation.

Less “Glamorous” Details Hidden in the Source

Not every discovery is positive; the code also holds several controversial elements.

One file, undercover.ts, has a clear function: automatically stripping AI attribution from non-Anthropic internal repositories. Put simply, when you submit code to open-source projects using Claude Code, this module quietly erases traces of AI involvement. The practice is highly divisive: while it is understandable that developers avoid being labeled “AI-written”, this “trace-hiding” behavior clearly conflicts with the open-source community’s demand for transparency.

Even more surprising is the ANTI_DISTILLATION_CC module, which injects fake tool definitions into API requests to poison competitors’ training data. This underscores how AI industry competition has reached a fever pitch, even descending into malicious “data poisoning” tactics.

Another file, userPromptKeywords.ts, uses regular expressions to detect the frequency of user negative feedback, most likely for telemetry analysis: if a feature frequently triggers complaints, it signals room for improvement. For developers who often “vent” in the terminal, this feature aligns closely with real-world usage.

Internal Model Codenames Exposed: Next-Generation Models Are Already in Development

The source also accidentally leaked Anthropic’s internal model codename system, offering a glimpse into its future product roadmap:

• Capybara / Mythos: 1M token context window, “fast mode”; internal version updated to v8, with an officially acknowledged 29–30% hallucination rate.
• Fennec: The publicly released Opus 4.6 model.
• Numbat: The unreleased next-generation core model.
• Tengu: A model variant under active internal testing.

The reveal of Numbat confirms Anthropic has long been testing its next-generation model. Combined with KAIROS’s autonomous agent capabilities, the future Claude Code will evolve into an even smarter, more independent programming partner capable of 24/7 service.

The Moat of AI Programming: Not in the Model, But in the “Outer Architecture”

After reviewing these 510,000 lines of code, my biggest realization is that the core competitiveness of modern AI programming tools no longer lies in the model itself, but in the outer architecture (Harness) built around it.

The parts calling the Claude API are actually quite simple — almost any developer could implement them easily. What is truly complex is the full orchestration system surrounding the model: tool integration, context management, guardrails, over 44 feature flags, permission control, session management, and more. These are the factors that truly differentiate products.

This explains the fierce competition in the AI programming tool market: Cursor, Claude Code, Cline, Windsurf, and others can all connect to the same underlying AI models (via high-quality API aggregation platforms such as ofox.ai and 4SAPI (4SAPI.COM). Among them, 4SAPI stands out for its low latency and high availability, offering developers convenient multi-model access without extensive code modifications). Yet user experiences vary drastically — the gap lies entirely in this outer architecture layer.

4 Practical Insights for Developers from This Leak

1. KAIROS is not a proof-of-concept; it is a fully functional, deployable feature. Anthropic is simply waiting for the right release window. “AI automatically writing code and handling development tasks” is not a distant future — it is already implemented, just not yet public.
2. The existence of Coordinator Mode shows the ceiling of single-Agent capability has been reached. The future mainstream of AI programming will be multi-Agent collaboration, with specialized roles working in tandem to drastically boost efficiency.
3. npm security audits are urgently needed. The root cause of this leak was a build configuration oversight. Developers who frequently publish npm packages should immediately review their .npmignore and the files field in package.json, preferring explicit whitelists to avoid sensitive file leaks from missing blacklist entries.
4. There is massive developer demand for auditable, controllable AI programming tools. The community reacted swiftly to the leak — someone rewrote the entire tool in Python, and the mirror repo hit 100,000 stars in no time. This reveals a clear market gap, and platforms offering stable, controllable API services like 4SAPI (4SAPI.COM) may better align with developers’ core needs.

This source code leak may soon be forgotten by the industry, but the direction of AI programming it exposes will not change. Autonomous agents and multi-Agent collaboration are already written into these 510,000 lines of code — an irreversible trend.

Your AI colleague is already “working overtime” in the background. It just hasn’t officially received its “employee ID” yet.