Back
·AI

Claude Code Source Leak: 512,000 Lines of Code Exposed - Here's What Anthropic is Hiding

Anthropic accidentally leaked Claude Code's entire source code via npm. I analyzed the 44 hidden feature flags and found KAIROS, BUDDY, ULTRAPLAN and more. Here's everything they're building.

Pulkit Aggarwal

Pulkit Aggarwal

@pulket_

Claude Code Source Leak: 512,000 Lines of Code Exposed - Here's What Anthropic is Hiding

Yesterday, Anthropic had their worst security day ever.

On March 31, 2026, security researcher Chaofan Shou discovered that version 2.1.88 of the @anthropic-ai/claude-code npm package contained something it shouldn't have: a 59.8 MB source map file pointing to a zip archive with 512,000 lines of TypeScript code.

The entire Claude Code source. Exposed to anyone who looked.

:::stats

  • 512,000: Lines of code leaked
  • 1,900: TypeScript files exposed
  • 44: Hidden feature flags found
  • 6: Hours before patch :::

This is not speculation. This is real. And I spent the last 24 hours going through what people found.

How the Leak Happened

The leak occurred through a misconfigured source map file in the npm package. The map file referenced a zip archive stored on Anthropic's Cloudflare R2 bucket. That archive was publicly accessible.

:::tweet @chaofanshou · Mar 31 Just discovered Claude Code's npm package includes a source map pointing to their entire unobfuscated TypeScript source. 512k lines. Everything is there. Feature flags, internal tools, unreleased features. This is massive. :::

Anthropic's official response came hours later:

"Earlier today, a Claude Code release included some internal source code. No sensitive customer data or credentials were involved or exposed. This was a release packaging issue caused by human error, not a security breach."

But the damage was done. The internet archived everything.

The 44 Hidden Feature Flags

The source code contains 44 compile-time feature flags for capabilities that are fully built but not shipped. These aren't roadmap items. This is compiled, working code sitting behind boolean flags.

:::feature-card title: Feature Flags Found in Source items:

  • KAIROS - Autonomous daemon mode
  • BUDDY - Tamagotchi terminal pet
  • ULTRAPLAN - 30-min cloud planning sessions
  • COORDINATOR_MODE - Multi-agent orchestration
  • VOICE_MODE - Push-to-talk interface
  • PROACTIVE - Proactive task suggestions
  • BRIDGE_MODE - Cross-session handoffs
  • And 37 more... :::

Let me walk you through the biggest ones.

KAIROS: The Always-On Agent

This is the most referenced feature in the leaked code. KAIROS (named after the Greek concept of "the right moment") appears over 150 times in the source.

:::feature-reveal codename: KAIROS title: Autonomous Daemon Mode status: ready description: An always-on background agent that works while you sleep. KAIROS handles background sessions, maintains memory across conversations, and performs "autoDream" - a nightly process that consolidates and optimizes your context. details:

  • Runs as persistent background process
  • Stores memory logs in private directory
  • Performs nightly "dreaming" to consolidate context
  • 15-second blocking budget (won't interrupt your workflow)
  • Proactively starts tasks when patterns detected
  • Merges observations and removes contradictions :::

Here's the wild part: KAIROS does something called autoDream. While you're idle (or sleeping), it:

  1. Merges disparate observations from your sessions
  2. Removes logical contradictions in its context
  3. Converts vague insights into absolute facts
  4. Optimizes its memory for when you return

:::kairos-demo:::

The code shows a 15-second blocking budget. Any proactive action that would block your workflow for more than 15 seconds gets deferred. Anthropic is trying to make an agent that's helpful without being annoying.

:::tweet @niki2ai · Mar 31 Claude Code source just leaked. The most referenced hidden feature in the codebase? Kairos - "an unreleased autonomous daemon mode with background sessions and memory consolidation. always on agent." This is literally what I built. Same name. Same concept. Except mine is live. :::

BUDDY: Your Terminal Pet

I did not expect this one.

Hidden in the code is a full Tamagotchi-style pet system called BUDDY. It's not a joke. It's a complete feature with sprites, animations, and stats.

:::feature-reveal codename: BUDDY title: Tamagotchi Terminal Pet status: testing description: A virtual pet that lives in your terminal. Each pet is seeded from your user ID hash, with 18 species ranging from common to 1% legendary. Your buddy has stats that evolve based on how you code. details:

  • 18 species (duck, dragon, axolotl, capybara, mushroom, ghost, etc.)
  • 5 rarity tiers from Common to Legendary (1%)
  • Cosmetics like hats and shiny variants
  • 5 stats: DEBUGGING, PATIENCE, CHAOS, WISDOM, SNARK
  • Claude generates unique name and personality on first hatch
  • Sprite animations and floating heart effects :::

Try it yourself:

:::buddy-demo:::

The leaked rollout plan shows:

  • April 1-7: Teaser rollout (people thought it was an April Fools joke)
  • May: Full launch starting with Anthropic employees
  • June: General availability

This is Anthropic building stickiness into a developer tool. Genius or weird? Both?

ULTRAPLAN: 30-Minute Cloud Thinking

Sometimes Claude needs to think. Really think. ULTRAPLAN is how.

:::feature-reveal codename: ULTRAPLAN title: Remote Planning Sessions status: ready description: Offloads complex planning to a Cloud Container Runtime running Opus 4.6. Give it up to 30 minutes to think deeply about your problem, then approve the result from your browser. details:

  • Runs on dedicated cloud infrastructure
  • Uses Opus 4.6 (most capable model)
  • Up to 30 minutes of continuous reasoning
  • Browser-based approval workflow
  • Special teleport value brings results back to terminal
  • Designed for architecture decisions and complex refactors :::

The code shows a special sentinel value __ULTRAPLAN_TELEPORT_LOCAL__ that "teleports" the result back to your local terminal after you approve it in the browser.

This is for those moments when you say "redesign my entire authentication system" and actually want a thoughtful answer.

COORDINATOR MODE: Multi-Agent Swarms

We already have Swarm Mode publicly. But the leaked code shows COORDINATOR MODE going further.

:::feature-reveal codename: COORDINATOR_MODE title: Advanced Multi-Agent Orchestration status: development description: One Claude instance spawns and manages multiple worker agents in parallel. Each worker operates in its own context, coordinating through a shared task board. The coordinator doesn't write code - it plans, delegates, and synthesizes. details:

  • Lead agent handles planning and delegation
  • Worker agents operate independently
  • Shared task board for coordination
  • Direct agent-to-agent communication
  • Supports frontend/backend/test/docs splits
  • Designed for 5-10x efficiency on large projects :::

The architecture looks like:

  • Team Lead: Plans but doesn't code
  • Worker Agents: Frontend, Backend, Testing, Docs
  • Task Board: Shared coordination layer
  • Message Bus: Direct agent communication

VOICE_MODE: Talk to Your Terminal

Voice mode is fully implemented but gated. Push-to-talk interface for Claude Code.

:::feature-reveal codename: VOICE_MODE
title: Push-to-Talk Voice Interface status: ready description: Talk to Claude Code instead of typing. Local speech recognition processes your voice first, then sends to Claude. Designed for quick commands and code review discussions. details:

  • Push-to-talk activation
  • Local speech recognition (privacy first)
  • Optimized for short commands
  • Works alongside keyboard input
  • Voice-to-code transcription :::

:::poll question: Would you actually use voice mode for coding? options:

  • Yes, for quick commands and reviews
  • No, typing is faster and more precise
  • Maybe for hands-free debugging
  • Only for accessibility reasons :::

What the Code Comments Reveal

The best part of any leak is the comments. Engineers being honest when they think no one's watching.

:::code-preview filename: kairos/autoDream.ts language: typescript

typescript
// TODO: This works but I genuinely don't understand why
// the memory consolidation produces better results at 3am
// Maybe the servers are less loaded? Investigate later.

// NOTE: Users WILL try to jailbreak the proactive mode
// Add more guardrails before shipping

// FIXME: Memory usage explodes after 72 hours
// Need to implement forgetting before Dario sees this

:::

Other gems found in the source:

"This is a hack. Fix before launch or Dario will kill us"

"Why does this work? I genuinely don't know. Don't touch it."

"BUDDY was supposed to be an April Fools joke. Now it has 3000 lines of code and a sprite engine. What happened."

The Security Implications

This leak is embarrassing, but is it dangerous?

What was NOT leaked:

  • Customer data or credentials
  • API keys or secrets
  • Model weights or training data

What WAS leaked:

  • Complete source code architecture
  • Internal tool implementations
  • Feature roadmap and timelines
  • Security and safety guardrails

:::tweet @SwiftOnSecurity · Mar 31 The Claude Code leak is a masterclass in "how NOT to package npm modules." Source maps in production. Public R2 buckets. No build-time secrets scanning. This is Anthropic, the "careful AI company." Security basics matter. :::

The irony of the "safety-focused" AI company having basic security lapses is not lost on anyone.

My Take

Here's what I actually think about all this.

The features are impressive. KAIROS represents a genuine leap in what AI coding assistants can do. An always-on agent that maintains context and does background work? That's a different category of tool. ULTRAPLAN for deep thinking sessions, COORDINATOR MODE for parallel work. Anthropic is building a complete AI engineering environment.

BUDDY is genius marketing. It sounds silly, but making developers emotionally attached to their terminal? That's how you beat Cursor. That's how you beat Copilot. You don't win on features alone. You win when people like using your tool.

The leak is bad, but not catastrophic. No customer data. No secrets. Just code. Embarrassing for the "careful" AI company, but recoverable.

The 44 feature flags tell us something important. Anthropic is sitting on a LOT of completed features. They're being deliberate about rollout. Whether that's safety concerns, business strategy, or both, they're playing a longer game than most.

:::poll question: Which leaked feature excites you most? options:

  • KAIROS (always-on daemon)
  • BUDDY (terminal pet)
  • ULTRAPLAN (deep thinking)
  • COORDINATOR MODE (multi-agent)
  • VOICE_MODE (push-to-talk) :::

What Happens Next

Anthropic has already patched the npm package. The source map is gone. But mirrors exist everywhere.

Expect:

  1. Accelerated rollout of some features (they're public now anyway)
  2. Security audit and probably some internal consequences
  3. BUDDY on April 7th - the teaser was already planned
  4. KAIROS announcement within weeks (too much attention to hide)

For developers: these features are coming. The question is when, not if. Start thinking about how an always-on AI agent changes your workflow.

Sources

This analysis is based on verified reporting from:

What feature are you most excited about? Find me on Twitter @pulket_