Anthropic's Claude Code Leaked: 1,900 Files, 512,000 Lines

Claude Code CLI Source Code Leaked. .Today was D day. ---> vibe-coding is rapidly accelerating, today broke the barriers into a whole new level, breaking all frontiers — where the PC does the heavy lifting and humans just steer. ,dont blink, future is running fast before your eyes: - faster copycat tools - cheaper (or free) coding agents - no manual human work, less human brain power, more bit muscle - more HIDM (human-in-the-middle validating / checking AI code) - less “code”, more intent Are we ready ? ... too much reliance on AI can lead to creative paralysis, procrastination, and execution fatigue ... #AI #VibeCoding #SoftwareEngineering #FutureOfWork #DevSecOps https://lnkd.in/ewfD8tyj

46% of developers picked Claude Code as their most loved AI dev tool. Cursor got 19%. Copilot got 9%. I switched from Cursor six months ago. Didn't plan to. I was debugging a race condition and got tired of copy-pasting context between the terminal and the IDE like a human clipboard. So I stayed in the terminal. Haven't gone back. The thing I was wrong about: I thought the IDE was my development environment. It wasn't. It was a middleman. IDE plugins only see what the extension API exposes. Terminal tools inherit your entire machine. Git history, running containers, MCP servers, CI pipelines. I now run 4-6 Claude Code sessions simultaneously using git worktrees. Each with its own branch, its own scope. One refactors the API layer while another writes tests. Try doing that in an IDE without losing your mind. IDEs aren't dying though. I still open VS Code for visual debugging and pair programming. But the creative work, the architecture decisions, the "figure out what's wrong and fix it" work? That's terminal now. The IDE got demoted from operating system to viewer. And I don't think it's going back. Full breakdown with benchmarks and the workflow patterns that changed how I build: https://lnkd.in/db24NB8u #ClaudeCode #DeveloperTools #AgenticAI

The accidental leak that exposed how Claude Code is really built Not a snippet. Not a config file. The whole thing. 512,000 lines of TypeScript. 1,900 files. Every system prompt, every tool, every internal feature flag, every secret codename. All sitting in plain sight on the npm registry. How It Happened: When you build a JavaScript/TypeScript package, the bundler generates "sourcemap" files. These .map files contain the ENTIRE original source code - every file, every comment, every internal constant - embedded as strings in a JSON file. They're meant for debugging. But if you forget to exclude them from your published package, npm happily serves them to anyone. That's exactly what happened. Someone at Anthropic forgot to add *.map to their .npmignore. And Bun (their bundler) generates sourcemaps by default. The Irony: The codebase contains a feature called "Undercover Mode." It's an entire subsystem designed to prevent Anthropic's AI from accidentally revealing internal information when contributing to public repositories. From the actual source code: "You are operating UNDERCOVER in a PUBLIC/OPEN-SOURCE repository. Your commit messages, PR titles, and PR bodies MUST NOT contain ANY Anthropic-internal information. Do not blow your cover." They built a whole system to stop their AI from leaking secrets in git commits. Then they shipped the entire source in a .map file. What's Inside: 1. 40+ tools with a 6-layer permission security framework 2. A multi-agent orchestration system with parallel workers 3. A background "dream" system where the AI consolidates memories 4. A hidden Tamagotchi pet with 18 species and gacha mechanics 5. An always-on proactive assistant called KAIROS Internal codenames: "Tengu" (Claude Code), "Fennec" (an Opus variant), "Penguin Mode" (fast mode) 6. A system prompt architecture that treats prompts as modular, cached software I’ll unpack the architecture behind it - not the noise, but the operating model, design choices, and product thinking that make it one of the most sophisticated AI systems shipped to market.

The craziest Claude Code leak just happened. An engineer got fired over it. Kevin Naughton Jr. pushed a routine npm update for Anthropic's Claude Code package last Sunday. One small decision: include source maps to help debug faster. Except the .npmignore file didn't exclude them. By 4 AM, an intern had found a 59.8 MB file in the public npm registry containing every single line of Claude Code's source. 512,000 lines. 1,900 TypeScript files. System prompts, permission bypasses, internal telemetry. All public. Within hours, it was mirrored across GitHub. So people started reading it. Some of what they found is genuinely funny, some of it less so. Here are a few standout examples. One function in print.ts runs 3,167 lines with 12 levels of nesting. Most teams reject a 200-line function in code review. This is fifteen times that. 64,464 lines of core logic. Zero automated tests. The company building the tool that writes your tests doesn't test its own code. Claude Code uses a regex to detect when you're frustrated. Pattern-matches swear words like "wtf" and "this sucks" to change its behavior. A company whose product IS language understanding uses string matching from 1998 to figure out if you're angry. Internal logs showed sessions hitting 3,272 consecutive failures. 250,000 wasted API calls per day globally on retries that would never succeed. The fix was just three lines of code. A file called undercover.ts prevents Claude from mentioning internal codenames when working in external repos. AI-authored commits from Anthropic employees in open source look human-written. No force-off switch. And there's KAIROS, which nobody had heard of before this. An daemon that monitors your files, subscribes to GitHub webhooks, runs a process called "autoDream" overnight for memory consolidation. Runs while you're asleep. No opt-in, no announcement from Anthropic. I use Claude Code every day. It's the best coding agent on the market and nothing in the leak changes that for me. But a 3,167-line function is a choice. Someone decided shipping mattered more than refactoring. Every team makes that call every sprint. Ship anyway. Just double-check your .npmignore first....

Every developer has faced this problem — building a project takes days or weeks, but writing a proper README takes hours. And often, that README decides whether your project gets noticed or ignored. To solve this, I built 𝗥𝗘𝗔𝗗𝗠𝗘 𝗚𝗲𝗻𝗲𝗿𝗮𝘁𝗼𝗿 — a full-stack web application that automatically generates structured, professional README files using AI. The application connects directly with your GitHub account using OAuth, fetches your repositories, and allows you to select any project. Once selected, the backend analyzes the repository structure, code, and metadata, and generates a complete README within seconds. Key capabilities: • GitHub OAuth authentication (no manual setup required) • Repository search and filtering • AI-based README generation tailored to your project • Preview rendered output or view raw Markdown • Download, copy, or directly commit README to GitHub • Syntax-highlighted code sections and structured formatting Tech Stack: • Frontend: React.js • Backend: Node.js • Deployment: Vercel Frontend Repository: https://lnkd.in/dc8ex_f4 Backend Repository: https://lnkd.in/dZ2RfB7R This project focuses on reducing manual effort and improving project presentation, especially for developers who regularly build and publish repositories. The project is open source, and contributions are welcome. #WebDevelopment #OpenSource #GitHub #AI #FullStack #DeveloperTools

The Claude Code Leak: 512,000 Lines of TypeScript On March 31, 2026, a routine npm update accidentally exposed nearly 1,900 TypeScript files over 500,000 lines from Anthropic’s Claude CLI in 2.1.88 version. A large source map file was published, linking compressed code to the full source. Although Anthropic quickly fixed the issue, the code was already mirrored on public sites. No model weights, training data, or user info were leakedjust the client-side orchestration layer. The root cause was a default source map from Bun and a missing .npmignore rule. The leaked code shows features like "undercover mode" for protecting internal info and advanced agent coordination for complex tasks and some other features for background operations and proactive monitoring. GitHub link for leaked code : https://lnkd.in/gZYDDseT

Introducing Spandrel: an open source context engineering pipeline that turns scattered information into a knowledge graph served via MCP and GraphQL. Just tell your coding agent:  “Clone github(.)com/trevorfox/spandrel.git then read BOOTSTRAP.md and follow its instructions to set up my knowledge graph.” The agent reads your existing content, proposes a structure, and builds a knowledge graph you can query in minutes. You confirm what looks right, adjust what doesn't, and walk away with a compiled graph that any agent can navigate via MCP. Why I built it:  Every team building with AI agents has the same problem. The knowledge exists — in docs, Slack, notes, people's heads — but there's no structured way for agents to access it. They burn tokens loading everything or miss critical context searching for fragments. One command to set up. Markdown files in a git repo. A compiler that builds the graph. GraphQL as the universal query layer. MCP tools and skills that any agent can use. No vector database. No embeddings pipeline. No new paradigm. Just the technologies you already use, turned into powerful agent capabilities. Open source, MIT licensed: https://lnkd.in/gURKVvdW

Claude Code's source code leaked yesterday. 512,000 lines of TypeScript, now public. I went through it and extracted the architectural patterns that show up consistently across the codebase — the engineering decisions behind how it works. A few examples: Every tool throws a typed error on failure — never returns { success: false }. The framework catches it and formats it for the LLM. The tool has one job: do the work or throw. One schema definition drives both TypeScript types and JSON validation. They share one source and can never drift. Concurrency safety is evaluated per invocation, not declared statically. Same tool, different answer depending on the input. Packaged all 16 as portable skill files that load automatically into Claude Code, Cursor, Gemini CLI, Codex, and OpenCode. Zero config. MIT license. → https://lnkd.in/d6nQvdGf #AIEngineering #ClaudeCode #DeveloperTools #OpenSource

I built InsightOps Review Hub, a full-stack internal knowledge operations application for turning private source material into reviewable, citation-backed briefing answers. The project demonstrates a complete controlled AI workflow: - Workspace-based ownership and access control - Source document storage and deterministic excerpt generation - Citation-backed answer generation without external API keys - Normalized citation records instead of loose JSON references - Persisted automated evaluation runs - Separate human review decisions - Audit trail visibility across core workflow actions - Typed React + TypeScript frontend - Django REST Framework backend - SQLite local setup and PostgreSQL via Docker Compose - Backend tests, frontend tests, Playwright smoke flow, and GitHub Actions CI The goal was not just to build CRUD, but to model how AI-assisted internal tools can stay traceable, reviewable, and operationally credible. Tech stack: Django, Django REST Framework, React, TypeScript, Vite, PostgreSQL, SQLite, Docker, GitHub Actions, Vitest, Playwright. GitHub: https://lnkd.in/edURbXtY #SoftwareEngineering #AIEngineering #Django #React #TypeScript #FullStackDevelopment #Docker #PostgreSQL #InternalTools #HumanInTheLoop #AIGovernance

Waking up to the news that "Claude Code CLI" source code got exposed. 𝗪𝗵𝗮𝘁 𝗵𝗮𝗽𝗽𝗲𝗻𝗲𝗱? - A file named "cli.js(.)map" was included in version 2.1.88 of the @anthropic-ai/claude-code package. - This file was a ".map" meant for internal debugging. It pointed directly to a ZIP archive of the original, un-minified TypeScript code sitting in Anthropic's cloud storage. The Scale: Approximately 512,000 lines of code and 1,900 files were exposed. 𝗛𝗼𝘄 𝘁𝗵𝗶𝘀 𝗰𝗼𝘂𝗹𝗱 𝗵𝗮𝘃𝗲 𝗮𝘃𝗼𝗶𝗱𝗲𝗱? - Developer (or auto generated AI code) misses to update ".map" in ".npmignore" - When a developer runs npm publish, the tool looks for a file called .npmignore. If the developer forgets to tell NPM to "ignore" .map files, they get uploaded to the public registry along with the app. On key lesson learned personally: Moving forward - move away from JS frameworks to more secure programming languages for Backend interactions. ⏺ The JS framework Trade-off The only reason companies stay with JS is Development Speed. It is faster to prototype in TypeScript. However, the Claude Code leak proved, that speed comes at the cost of total exposure if one developer makes a single mistake in a config file. 𝗪𝗵𝗮𝘁 𝗶𝘀 𝘁𝗵𝗲 𝗨𝘀𝗲𝗿 𝗶𝗺𝗽𝗮𝗰𝘁? While no user data was leaked, the code revealed several of Anthropic's internal projects and strategies, 𝗖𝗼𝗺𝗽𝗲𝘁𝗶𝘁𝗼𝗿𝘀 𝗰𝗮𝗻 𝗻𝗼𝘄 𝘀𝗲𝗲 𝗲𝘅𝗮𝗰𝘁𝗹𝘆 𝗵𝗼𝘄 𝗔𝗻𝘁𝗵𝗿𝗼𝗽𝗶𝗰 𝘀𝗼𝗹𝘃𝗲𝗱 𝗰𝗼𝗺𝗽𝗹𝗲𝘅 𝗽𝗿𝗼𝗯𝗹𝗲𝗺𝘀 𝗹𝗶𝗸𝗲 "𝗮𝗴𝗲𝗻𝘁 𝗼𝗿𝗰𝗵𝗲𝘀𝘁𝗿𝗮𝘁𝗶𝗼𝗻" 𝗮𝗻𝗱 "𝗹𝗼𝗻𝗴-𝘁𝗲𝗿𝗺 𝗺𝗲𝗺𝗼𝗿𝘆 𝗺𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁," which was previously a closely guarded secret. 𝗪𝗵𝗮𝘁 𝗶𝘀 𝗶𝘁 𝗳𝗼𝗿 𝘁𝗵𝗲 𝗖𝗹𝗮𝘂𝗱𝗲 𝗨𝘀𝗲𝗿𝘀? If you're using version 2.1.88, update immediately to version 2.1.89 or higher. Anthropic has already pulled the "leaky" version from the registry, but the code itself is now widely mirrored across the internet. While Claude has already took down the repo, the repo was already mirrored. Check the Claude code mirror repo link in comments. Developer already started porting the code to "Rust" . Repo already gained 77K plus stars within 12 hours. Saravanan Gnanaguru