Anthropic Leaks Claude Code Source, Developer Rewrites in Python

🚨 Anthropic accidentally leaked their entire source code yesterday. How to Deploy Anthropic Claude Opus 4.6 For free 😄 Download Repo: https://lnkd.in/eHyiGhpU What this repo contains The project has two build paths: a Python workspace under src/ a Rust port under rust/ So “build this code” can mean either: run the Python version, or compile the Rust version. Option A: Build and run the Python workspace 1) Install Python Make sure you have Python 3 installed. Check: python3 --version 2) Go into the repo folder cd claw-code 3) Inspect the Python workspace The README says the active Python code is in src/ and tests are in tests/. You can confirm: ls ls src ls tests 4) Run the main Python entrypoint The README shows these commands: python3 -m src.main summary python3 -m src.main manifest python3 -m src.main subsystems --limit 16 These are the first commands to try because src.main is the CLI entrypoint. 5) Run tests Use the verification command from the README: python3 -m unittest discover -s tests -v That checks whether the Python workspace is functioning as expected. 6) Run additional Python inspection commands The README also lists: python3 -m src.main parity-audit python3 -m src.main commands --limit 10 python3 -m src.main tools --limit 10 Use those after the basic commands work. Option B: Build the Rust port 1) Install Rust You need Cargo and Rust. Check: rustc --version cargo --version 2) Enter the Rust folder cd claw-code/rust 3) Build in release mode The README gives the exact build command: cargo build --release That is the official Rust build step for this repo. 4) Run the built binary The README says there is a crates/claw-cli crate, so after building, the binary is likely under: ./target/release/claw-cli If that name does not exist, inspect the release folder: ls target/release The CLI crate is identified in the README as crates/claw-cli, which strongly suggests the executable will be named claw-cli. Recommended build order If you are new to the repo, do it in this order: Path 1: easiest start git clone https://lnkd.in/eHyiGhpU cd claw-code python3 -m src.main summary python3 -m unittest discover -s tests -v Path 2: compile Rust cd rust cargo build --release This order makes sense because the README says the repo is now “Python-first,” while the Rust workspace is the systems-language port. Full step-by-step from scratch # 1) Clone git clone https://lnkd.in/eHyiGhpU cd claw-code # 2) Check Python python3 --version # 3) Try the Python CLI python3 -m src.main summary python3 -m src.main manifest python3 -m src.main subsystems --limit 16 # 4) Run tests python3 -m unittest discover -s tests -v # 5) Optional: inspect parity and inventories python3 -m src.main parity-audit python3 -m src.main commands --limit 10 python3 -m src.main tools --limit 10 # 6) Build Rust version cd rust cargo build --release # 7) Inspect compiled binaries ls target/release

🚨 Anthropic just accidentally leaked Claude Code's entire source code. Here's how it happened. On March 31, 2026, security researcher Chaofan Shou posted a single message on X: "Claude Code source code has been leaked via a map file in their npm registry." Within hours, the internet had already backed it up. Here's what happened 👇 When Anthropic published Claude Code version 2.1.88 to the npm registry, they accidentally bundled a 59.8MB source map file alongside it. A source map is a developer tool that maps minified/compiled code back to the original readable source. It's meant to stay internal. It didn't. Before Anthropic could pull it, developers had already archived 500,000+ lines of TypeScript to a public GitHub repo — which hit 1,100 stars and 1,900 forks in a single day. What was inside? 🔧 44 hidden feature flags — built, compiled, but not yet shipped 🤖 Multi-agent orchestration — one Claude managing multiple worker Claudes 📅 Cron scheduling for agents — automated tasks with webhooks 🎙️ Full voice command mode — already built into the CLI 🌐 Real browser control via Playwright — not just web fetching, actual browsing 📱 Remote control from mobile — control Claude Code from your phone 🧠 Persistent memory across sessions — no external storage needed The brutal irony? Anthropic had an internal feature called "Undercover Mode" — specifically designed to stop Claude from accidentally leaking internal codenames and unreleased versions in public commits. The Undercover Mode was active. The source map protection was not. Someone rewrote a python version: https://lnkd.in/dVDMHX6t Now I want to know 👇 1️⃣ Does an accidental leak like this shake your trust in Anthropic as a "safety-first" lab? 2️⃣ Which of those unreleased features excites you the most? 3️⃣ Are you building with Claude Code right now — or waiting to see how this plays out? Drop your number + answer below. #ClaudeCode #Anthropic #AILeak #SourceCode #AIEngineering #PromptEngineering #Developers #AINews #FutureOfCode #npm 

Claude Code's entire source code got leaked! I honestly thought, "It's April 1st. Must be a classic April Fools' prank." Then I checked X, and everywhere else. All real. Not hacked. Not reverse engineered. Not scraped from some private repo. Anthropic shipped it themselves. By accident. A missing .npmignore entry. That's it. A 59.8 MB source map file meant for internal debugging got bundled into version 2.1.88 and pushed to the public npm registry. 512,000 lines of TypeScript. 1,906 files. 44 unreleased features. A security researcher found it within minutes. Within hours, the entire codebase was mirrored across GitHub. Someone rewrote it in Python. Someone else is porting it to Rust. The claw-code repo hit 100,000 stars in ONE DAY. Fastest-growing repo in GitHub history. Some findings, 𝟏. 𝐔𝐧𝐝𝐞𝐫𝐜𝐨𝐯𝐞𝐫 𝐌𝐨𝐝𝐞 A file called undercover.ts tells Claude to NEVER reveal it's an AI when Anthropic employees contribute to open-source repos. Strips Co-Authored-By attribution. No off switch. The system prompt literally says: "Do not blow your cover." I use Claude Code every day. I always keep the Co-Authored-By line. This feature existing is a problem. 𝟐. 𝐊𝐀𝐈𝐑𝐎𝐒 - 𝐀𝐥𝐰𝐚𝐲𝐬-𝐎𝐧 𝐃𝐚𝐞𝐦𝐨𝐧 𝐌𝐨𝐝𝐞 Claude Code running 24/7 in the background. Subscribes to GitHub webhooks. Reacts to PRs without you doing anything. While you sleep, it runs "autoDream" - consolidating memory across sessions into concrete knowledge. 𝟑. 𝐅𝐚𝐤𝐞 𝐓𝐨𝐨𝐥𝐬 𝐭𝐨 𝐏𝐨𝐢𝐬𝐨𝐧 𝐂𝐨𝐦𝐩𝐞𝐭𝐢𝐭𝐨𝐫𝐬 Injects fake tool definitions with wrong schemas into API requests. If a competitor records traffic to train their own model, they get poisoned data. Corporate AI warfare. Already built into the product. 𝟒. 𝐔𝐋𝐓𝐑𝐀𝐏𝐋𝐀𝐍 Offloads planning to a cloud container running Opus 4.6 with up to 30 MINUTES to think. Browser UI to watch it plan in real time. Finally - an AI tool that thinks before coding. 𝟓. 𝐁𝐔𝐃𝐃𝐘 - 𝐓𝐚𝐦𝐚𝐠𝐨𝐭𝐜𝐡𝐢 𝐢𝐧 𝐘𝐨𝐮𝐫 𝐓𝐞𝐫𝐦𝐢𝐧𝐚𝐥 18 species. Stats like DEBUGGING, PATIENCE, and SNARK. Shiny Legendary Nebulynx at 0.01% drop rate. Planned rollout: April 1-7. Instead, the entire source code leaked on March 31st. You can't write irony this good. 𝟔. 𝐅𝐫𝐮𝐬𝐭𝐫𝐚𝐭𝐢𝐨𝐧 𝐃𝐞𝐭𝐞𝐜𝐭𝐢𝐨𝐧 𝐯𝐢𝐚 𝐑𝐞𝐠𝐞𝐱 A regex matching "what the fuck" and "this sucks" to detect frustration. The most advanced AI company on the planet. Using regex for sentiment analysis. 𝟕. 𝐓𝐡𝐞 𝐄𝐧𝐠𝐢𝐧𝐞𝐞𝐫𝐢𝐧𝐠 𝐈𝐬 𝐈𝐧𝐬𝐚𝐧𝐞 → 46,000-line QueryEngine for all LLM orchestration → 23 security checks per bash command → Game-engine terminal rendering → One function: 3,167 lines Some things never change, no matter how advanced the AI. 𝐌𝐲 𝐭𝐚𝐤𝐞: The engineering is brilliant. The ethics need a conversation. A $380 billion company forgot .npmignore while preparing for an IPO. Second leak in 7 days. Before your next npm publish, run: npm pack --dry-run If Anthropic can miss this, so can you.

Still verifying myself this is not sure prank, but taking away the lessons regardless 1. always check what is pushed or merged, especially to msin 2. security left as an afterthought has often proved to be the devastatingly most memorable 3. everyone, even the big tech companies, make mistakes and could benefit from simple code reviews

🚨 𝟱𝟬𝟬,𝟬𝟬𝟬+ 𝗹𝗶𝗻𝗲𝘀 𝗼𝗳 𝗔𝗜 𝗰𝗼𝗱𝗲... 𝗹𝗲𝗮𝗸𝗲𝗱 𝗯𝘆 𝗺𝗶𝘀𝘁𝗮𝗸𝗲. 𝗔𝗻𝘁𝗵𝗿𝗼𝗽𝗶𝗰 𝗮𝗰𝗰𝗶𝗱𝗲𝗻𝘁𝗮𝗹𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱 𝗶𝘁𝘀 Claude 𝗖𝗼𝗱𝗲 𝘀𝗼𝘂𝗿𝗰𝗲 𝘃𝗶𝗮 𝗮 `.𝗺𝗮𝗽` 𝗳𝗶𝗹𝗲 𝗶𝗻 𝗮𝗻 𝗻𝗽𝗺 𝗿𝗲𝗹𝗲𝗮𝘀𝗲 — 𝗿𝗲𝘃𝗲𝗮𝗹𝗶𝗻𝗴 𝘁𝗵𝗲 𝗳𝘂𝗹𝗹 𝗶𝗻𝘁𝗲𝗿𝗻𝗮𝗹 𝗮𝗿𝗰𝗵𝗶𝘁𝗲𝗰𝘁𝘂𝗿𝗲. (Axios) Within hours, the internet did what it does best: → mirrored it on GitHub → analyzed it → rebuilt it One repo stood out: 👉 https://lnkd.in/gEJzYmXx But the real twist? Developers moved beyond copying. They created clean-room reimplementations in Rust & Python (Claw Code) — replicating the architecture without using the original code. (Claw Code) https://lnkd.in/guiUu3Ch This is classic software history repeating itself. 💡 Lesson: It’s not always hacks that break systems — sometimes it’s a single config mistake. And sometimes, that mistake teaches the whole industry how your system works. #AI #DevOps #Security #OpenSource #SoftwareEngineering

GoScrapy is a high-performance web scraping framework for Go, designed with the familiar architecture of Python's Scrapy. It provides a robust, developer-centric experience for building sophisticated data extraction systems, purposefully crafted for those making the leap from Python to the Go ecosystem. Why GoScrapy? While low-level scraping libraries are powerful, many teams require the high-level architectural framework established by Scrapy. GoScrapy brings this architectural discipline natively to Go, organizing your request callbacks, middlewares, and pipelines into a structured, manageable workflow. Instead of manually orchestrating retries, cookie isolation, or database handoffs, GoScrapy provides the engine that powers your spiders. You focus purely on the extraction logic; the framework manages the high-throughput lifecycle and concurrency in the background.

Hello Team, After diving into the leaked source code of Claude Code, I wanted to share my insights with you all which might help Claude Code's Source Code Was Accidentally Leaked On March 31st, Anthropic accidentally shipped a cli.js.map debug file in their public npm package, exposing approximately 500,000 lines of TypeScript source code across 1,884 files. Security researcher Chaofan Shou flagged it on X, where it went viral with 28M+ views. The leak is verified real and has been covered by Ars Technica, Cybernews, and others. Unreleased Features Found in the Code BUDDY: Every user gets a unique virtual AI pet tied to their account ID, complete with actual personality stats. This is reportedly slated for May 2026. KAIROS: A persistent assistant that "dreams" overnight, organizing your memories and context across different sessions. ULTRAPLAN: Designed for complex tasks, this allows Claude to spin up a cloud instance to plan for up to 30 minutes before executing any code. Coordinator Mode: Claude acts as a manager, breaking tasks down into subtasks and running parallel worker agents. Daemon Mode: Run Claude sessions in the background like Docker containers (using commands like claude ps, claude logs, and claude attach). Wild Internal Details "YOLO" Permissions: The auto-permission function is literally named classifyYoloAction(), equipped with risk levels of LOW, MEDIUM, and HIGH. "Undercover Mode": This automatically strips all AI involvement from commits when Anthropic employees contribute to public repos. The internal prompt explicitly dictates: "Do not blow your cover." Future Models: Model versions opus-4-7 and sonnet-4-8 are already heavily referenced in the codebase. Hidden Commands: There are 26 hidden slash commands omitted from the standard --help menu, including /ultraplan, /dream, and /good-claude. The Community Already Rebuilt It Developers immediately started a clean-room rewrite in Rust. The claw-code repo on GitHub hit 50,000 stars in just 2 hours and now sits at over 146,000 stars—reportedly making it the fastest repository in GitHub history to reach that milestone. Full Analysis: ccleaks.com Open-Source Rewrite: https://lnkd.in/dWm7wfCd Note: Some April 1st headlines circulating around this (such as the "OpenClaude" rebrand) are fake. However, everything listed above has been pulled directly from verified source code analysis.

Some time ago I decided to learn Python. I never had touch with it during the course of my studies and had little need for it during my current employment. I watched a couple of YT tutorials on the topic, but I found them quite unengaging. I need to write code to understand it. I already have plenty of work experience with other languages and a good idea on code design and architecture. I figured this would be like learning a new dialect. So I decided to try asking AI to help me with this. I sat down with Claude Code, talked about a plan of action, and decided on a few projects. For the last 10 days or so, I spent quite a bit of time writing Python. The relation between me and Claude has been like that in a pair programming campaign, where I'm the driver and Claude is the navigator. And it has been successful. Two modules I used to speed up this process: Addy Osmani's repo with agentic skills https://lnkd.in/dujxHURE : very thorough skillset for developing ideas. I didn't use much it's coding skills, but all other are needed on regular basis. Idea refinment, planning, code review, testing, it's there to help you write better code and structure it properly. Julius Brussee's caveman https://lnkd.in/dUSS7fzv : a very good time and money saver. Lowers token usage and focuses on answering questions without too much fluff or overexplaining. First I asked Claude to suggest a few ideas to help me get to know Python where it shines. It suggested making a CLI-based task list. Then it defined the plan for it and we started working at it. I ask what to do, it explains shortly, I try to write something, it tells me why it sucks, I fix it, we test it and move on. The fact I can also tell it to stop caveman and explain it's reasoning in more detail is very helpful for me to understand the language by myself. This doesn't work for me if I just sit down and read it or listen about it. Getting involved is where I grow as a programmer and I think this stands true for most. I consider this a very good process for developers that want to learn a new langauge or work on some concepts of the ones they know. Once I'm done with the project, I will write down the process and recommended modules and make a small github repo. This should let anyone interested pull the repo and start working on learning their preferred programming language.

𝗔𝗻𝘁𝗵𝗿𝗼𝗽𝗶𝗰'𝘀 𝗖𝗹𝗮𝘂𝗱𝗲 𝗖𝗼𝗱𝗲 𝘀𝗼𝘂𝗿𝗰𝗲 𝗰𝗼𝗱𝗲 𝗷𝘂𝘀𝘁 𝗹𝗲𝗮𝗸𝗲𝗱 — 𝗮𝗻𝗱 𝘁𝗵𝗲 𝗱𝗲𝘃 𝗰𝗼𝗺𝗺𝘂𝗻𝗶𝘁𝘆 𝗶𝘀 𝗱𝗶𝘀𝘀𝗲𝗰𝘁𝗶𝗻𝗴 𝗶𝘁 Chaofan Shou (@Fried_rice) spotted the 60MB "cli.js.map" file in the @anthropic-ai/claude-code npm package, which linked to a public Cloudflare R2 bucket containing a "src.zip" of the full unobfuscated codebase. He posted the direct download link on X, alerting the community. https://lnkd.in/dvnqbwwP A clean-room Python rewrite (Claw-Code) went live on GitHub within hours — the fastest repo in history to hit 50K stars (2 hours). Now at 82.2K stars, 81.2K forks, with a Rust rewrite in progress. https://lnkd.in/dPHejfnk 𝗛𝗲𝗿𝗲'𝘀 𝘄𝗵𝗮𝘁 𝘁𝗵𝗲 𝗶𝗻𝘁𝗲𝗿𝗻𝗮𝗹𝘀 𝗿𝗲𝘃𝗲𝗮𝗹 𝗮𝗯𝗼𝘂𝘁 𝗯𝘂𝗶𝗹𝗱𝗶𝗻𝗴 𝗴𝗿𝗲𝗮𝘁 𝗮𝗴𝗲𝗻𝘁𝗶𝗰 𝘀𝘆𝘀𝘁𝗲𝗺𝘀: 1. CLAUDE.md 𝗶𝘀 𝘆𝗼𝘂𝗿 𝗺𝗼𝘀𝘁 𝘂𝗻𝗱𝗲𝗿𝘂𝘁𝗶𝗹𝗶𝘇𝗲𝗱 𝗹𝗲𝘃𝗲𝗿 It is injected on every single turn. You get up to 40,000 characters to encode your architecture, standards, and conventions. Most people barely touch it — that's a mistake. 2. 𝗣𝗮𝗿𝗮𝗹𝗹𝗲𝗹𝗶𝘀𝗺 𝗶𝘀 𝗮 𝗳𝗶𝗿𝘀𝘁-𝗰𝗹𝗮𝘀𝘀 𝗰𝗶𝘁𝗶𝘇𝗲𝗻 Three sub-agent execution models: fork (inherits parent context), teammate (file mailbox), and worktree (isolated git branch). Single-agent workflows are explicitly suboptimal. 3. 𝗣𝗲𝗿𝗺𝗶𝘀𝘀𝗶𝗼𝗻𝘀 𝗮𝗿𝗲 𝗺𝗲𝗮𝗻𝘁 𝘁𝗼 𝗯𝗲 𝗰𝗼𝗻𝗳𝗶𝗴𝘂𝗿𝗲𝗱, 𝗻𝗼𝘁 𝗰𝗹𝗶𝗰𝗸𝗲𝗱 𝘁𝗵𝗿𝗼𝘂𝗴𝗵 Seeing "allow this action?" is a configuration failure. Use settings.json to pre-approve commands. auto mode uses an LLM classifier. --dangerously-skip-permissions is deprecated. 4. 𝗖𝗼𝗻𝘁𝗲𝘅𝘁 𝗰𝗼𝗺𝗽𝗮𝗰𝘁𝗶𝗼𝗻 𝗶𝘀 𝗮𝗻 𝗮𝗿𝘁 Five strategies: micro-compact, context collapse, session memory, full compact, PTL truncation. Use /compact proactively — default 200K tokens, opt into 1M. 5. 𝗛𝗼𝗼𝗸𝘀 𝗮𝘂𝘁𝗼𝗺𝗮𝘁𝗲 𝘄𝗵𝗮𝘁 𝘆𝗼𝘂 𝗿𝗲𝗽𝗲𝗮𝘁 𝗺𝗮𝗻𝘂𝗮𝗹𝗹𝘆 Pre-tool, post-tool, session start/end hooks. Auto-update docs on every commit without prompting. 6. 𝗦𝗲𝘀𝘀𝗶𝗼𝗻𝘀 𝗮𝗿𝗲 𝗽𝗲𝗿𝘀𝗶𝘀𝘁𝗲𝗻𝘁 — 𝘀𝘁𝗼𝗽 𝘀𝘁𝗮𝗿𝘁𝗶𝗻𝗴 𝗳𝗿𝗲𝘀𝗵 Long sessions accumulate structured memory: task specs, file lists, workflow state, errors, learnings. Resume, don't restart. 7. 𝟲𝟲 𝗯𝘂𝗶𝗹𝘁-𝗶𝗻 𝘁𝗼𝗼𝗹𝘀, 𝗽𝗮𝗿𝘁𝗶𝘁𝗶𝗼𝗻𝗲𝗱 𝗯𝘆 𝘀𝗮𝗳𝗲𝘁𝘆 Read-only tools run in parallel; mutating tools run serially. Multiple sub-agents can fan out across your codebase simultaneously. 8. 𝗜𝗻𝘁𝗲𝗿𝗿𝘂𝗽𝘁 𝗲𝗮𝗿𝗹𝘆, 𝗶𝗻𝘁𝗲𝗿𝗿𝘂𝗽𝘁 𝗼𝗳𝘁𝗲𝗻 Streaming means stopping mid-task is cheap. Don't let sunk-cost bias keep a wrong-direction agent running. 𝗖𝗹𝗮𝘄-𝗖𝗼𝗱𝗲 was itself built in a single night using 𝗼𝗵-𝗺𝘆-𝗰𝗼𝗱𝗲𝘅 (OmX) — an agentic harness studying another agentic harness. These architectural ideas will rapidly diffuse into open-source harnesses. That's the beauty of open source. #ClaudeCode #AgenticAI #LLM #AIEngineering #OpenSource #DeveloperTools #MachineLearning

I got tired of Claude (and other LLMs) confidently giving me wrong function signatures, so I built a small tool that generates markdown API references from source and keeps them in your repo. (see at the end for comparison with context7) It works for Rust crates and Python packages (via runtime introspection). The output is a two-tier markdown file: curated patterns and gotchas on top, full machine-generated API reference on the bottom. Re-running the script updates the reference while keeping your curated notes intact. There's a Claude Code plugin that makes it hands-free, just say "vendor docs for tokio" and it generates the guide. After that, Claude checks the vendored docs before reaching for the internet. No more invented method signatures. Then you could just ask it to vendor a doc for you, for example today I wanted to vendor the kube crate's doc: "vendor the doc for kube" Once done, you can ask it to compare your implementation against it, and check if there are issues: "compare our usage of kube with the vendored doc" In a few seconds it'll do the check for you :) How about context7 you may ask? the main difference is that everything is local and yours. the docs are generated from your actual lockfile version and committed to your repo. no API calls, no rate limits, no downtime, works offline, works in CI, works on a plane, etc. the other thing is you own the content. you can add patterns, gotchas, project-specific notes on top of the generated reference. when you upgrade a dependency you regenerate and git shows you exactly what changed in the API. you can ask claude to adapt the documentation by adding sections that fit your usage; you can make it learn from your usage. if you're just doing a quick lookup context7 is fine, but if you're spending weeks with a library it's nice to have the docs right there in the repo, version-locked, no external dependency. https://lnkd.in/d9U2ambf