512,000+ lines of Anthropic’s Claude Code CLI leaked from a source map left in their public npm package. 1,900 TypeScript files exposing multi-agent orchestration, 40 permission-gated tools, and unreleased feature flags. Not a hack. A build config nobody checked.

Table of contents

• What got exposed
• Why this matters
• How the leak happened
• Resources

Anthropic’s Claude Code CLI, all 512,000+ lines of it, got exposed to the public. Not through a hack. Not through a whistleblower. Through a .map file left in a public npm package.

A 60MB source map, bundled into the published package by default because that’s what Bun’s bundler does. Nobody on the team caught it before release. The most sophisticated AI coding tool on the market, undone by a build config.

What got exposed

Around 1,900 TypeScript files covering the full internals of Claude Code:

• Multi-agent swarm architecture for orchestrating parallel AI agents
• 40 permission-gated tools with granular access controls
• IDE bridge integrations for editor communication
• Persistent memory systems for maintaining context across sessions
• Feature flags for unreleased capabilities: VOICE_MODE, DAEMON, AGENT_TRIGGERS, BRIDGE_MODE

To be clear, no model weights leaked. This is the application layer, the scaffolding around the model. But that scaffolding turns out to be very interesting.

Why this matters

Those feature flags are basically Anthropic’s internal roadmap. Voice mode, background daemons, event-driven agent triggers. These are capabilities that haven’t been announced yet, sitting right there in the flag registry.

For anyone who’s wondered what separates a toy AI wrapper from a production-grade coding agent, the answer is now public. It’s not magic. It’s careful prompt engineering combined with smart tool chaining, layered on top of a well-designed permission system. The “secret sauce” is really just good software engineering.

The tool registry patterns, multi-agent orchestration, permission gates, and context management strategies in this codebase amount to a free masterclass in production AI engineering. Open-source Claude Code clones will almost certainly start appearing within days.

How the leak happened

Bun’s bundler generates source maps by default. When the Claude Code team packaged their CLI for npm, the source map rode along with it. Anyone who installed the package could reconstruct the original TypeScript source.

This is a governance failure more than a technical one. Code review, CI/CD checks, package audits: somewhere in that pipeline, a step was missing. A .npmignore rule or a build flag would have prevented this entirely.

Resources

The exposed source has already been mirrored, analyzed, and dissected by the community:

• instructkr/claude-code – The primary repository tracking the exposed source. The src/ tree is now dedicated to a Python porting effort, with the original TypeScript snapshot as background context.
• claude-code-system-prompts – Analysis of hidden features extracted from the 1,809 source files, including 89 feature flags, unreleased autonomous agents, companion pets, anti-distillation systems, and more.
• aired.sh analysis – Code-level coverage of the internals.
• DeepWiki documentation – Auto-generated wiki from the repository.
• GitDiagram visualization – Visual architecture diagram of the codebase.
• 50-lesson architecture course – Community-built course covering every system with Mermaid diagrams, code snippets, and interactive quizzes.