Claude Code Leak Deep Dive, What's Next for Anthropic?

Original Article Title: What to Prepare for Based on the Claude Code Leak
Original Author: Elliot Arledge
Translation: Peggy, BlockBeats

Editor's Note: In the early hours of March 31st, Chaofan Shou from Solayer Labs discovered that Anthropic's Claude Code accidentally included the full source code when published on npm. Within hours, the related code was synced to GitHub, quickly gaining attention.

An oversight in a build configuration allowed outsiders a rare opportunity to observe the true progress of their product from a code perspective. Based on this "accidental disclosure" of the source code, the author, after reading through the source code, attempts to answer two questions: Where is the Claude Code heading? And what does this mean for users?

From the code perspective, the Claude Code is introducing a series of undisclosed capabilities, including the continuous running autonomous mode (KAIROS), the PROACTIVE mode that can actively perform tasks in user downtime, and the COORDINATOR mechanism for scheduling multiple sub-agents. These changes collectively point in a clear direction: AI is shifting from a tool that responds to commands to a system that can run continuously and execute tasks proactively. Meanwhile, design elements such as permission automation, stealthy collaboration, and team memory also reflect a practical concern: as AI truly enters workflows, how to enhance efficiency while controlling risks and boundaries.

So, what does this mean for users?

In fact, these capabilities are not just added in isolation but are gradually building an "agent system" that has background running capabilities, cross-task memory, parallel agent collaboration, and can directly call tools to complete tasks. The future competition may no longer be just about model capabilities but about who can make this system more stable and controllable.

The significance lies not in the "accidental disclosure" itself but in the direction it prematurely revealed.

The following is the original article:

Earlier today, @Fried_rice on X discovered that when Anthropic released the Claude Code CLI to npm, it accidentally included a source map file.

Specifically, version 2.1.88 of the @anthropic-ai/claude-code package contained a 59.8MB file cli.js.map, which embedded the entire original TypeScript source code in the sourcesContent field. This was not a hack but rather an oversight in the build configuration—debug artifacts were bundled into the production environment. However, this also inadvertently exposed the future direction of the Claude Code.

I spent several hours reading through this source code. Here are some key points I noticed and what they might mean for the user.

Key Features

Automated Intelligence is on the Way

The most frequently referenced feature flag in the codebase is called KAIROS (appearing 154 times). From the code, this seems to be a "Self-Governance Mode" that can turn Claude Code into a continuously running intelligence. It includes background sessions, a memory consolidation mechanism called "dream," GitHub webhook subscriptions, push notifications, and channel-based communication.

Additionally, there is PROACTIVE mode (appearing 37 times), allowing Claude to operate independently between user messages. The system sends "tick" prompts to keep the intelligence running, and Claude will autonomously decide what to do upon each "awakening." The prompts even explicitly state, "You are running autonomously," instructing the model to "look for useful work" and "act based on best judgment, not request confirmation."

COORDINATOR_MODE (appearing 32 times) goes even further—it turns Claude into an orchestrator that can create and manage multiple concurrent worker intelligences. This coordinator is responsible for assigning tasks to different workers for research, implementation, and validation. The system prompts also include detailed instructions on how to write prompts for workers, when to continue using existing workers, when to spawn new agents, and how to handle worker failures.

Permission Prompts May Vanish

There is a flag called TRANSCRIPT_CLASSIFIER (appearing 107 times). From the context, it seems like an "Automatic Mode" that automatically approves tool permissions using an AI classifier. If this feature goes live, the current frequent interrupting permission confirmation prompts may become optional or even entirely disappear within trusted operations.

Model Codenames and Versioning

The source code also reveals some internal codenames for the Claude model:

Capybara appears to be a variant of Claude 4.6. The comments mention "Capybara v8" and note some bug fixes, such as a false positive rate of 29–30% (compared to 16.7% in v4), a tendency to overcomment code, and a mechanism called "assertiveness counterweight."

Fennec was once a codename but later transitioned to Opus 4.6.

Numbat has not been released yet. There is a comment saying, "Remove this section upon numbatt release."

The code also mentions opus-4-7 and sonnet-4-8, explicitly stating that these version numbers should not appear in public commits—implying that these versions already exist internally.

"Undercover Mode": Anonymous Participation in Open Source

There is also a feature called "Undercover Mode," specifically used by Anthropic employees when submitting code from Claude Code to public repositories. This mode removes all AI-related identifiers, including:

· No AI attribution in commits

· Hiding model codenames

· Removing all references to "Claude Code" or AI

· Not even disclosing the model's own version

A tooltip explicitly states, "You are running in UNDERCOVER mode in a public/open-source repository. Your commit messages, PR titles, and bodies must not contain any Anthropic internal information. Do not expose your identity."

Furthermore, there is no toggle to turn off this mode—it is enabled by default whenever the system cannot ascertain that it is in an internal repository.

Voice Mode

VOICE_MODE is mentioned 46 times, indicating that the system has integrated voice interaction capabilities, including speech-to-text and text-to-speech.

An "Electronic Pet" System

Now, this is a bit intriguing. The code contains a hidden BUDDY system, essentially an "electronic pet" within the terminal (similar to Tamagotchi). This includes:

·18 species (duck, goose, cat, dragon, octopus, owl, penguin, turtle, ghost, hexadecidragon, etc.)

·Rarity system (Legendary tier with 1% probability)

·Cosmetic decorations (crown, top hat, halo, wizard hat, etc.)

·Attribute values (DEBUGGING, PATIENCE, CHAOS, WISDOM, SNARK)

·There are even "Shiny" versions

The species name capybara is obfuscated through String.fromCharCode(), aiming to avoid triggering internal leak detection systems — which indirectly indicates the sensitivity of this codename.

Other notable features

FORK_SUBAGENT: Allows self-forking into multiple concurrent agents

VERIFICATION_AGENT: Used for independent, adversarial result validation

ULTRAPLAN: Advanced planning capability

WEB_BROWSER_TOOL: Browser automation

TOKEN_BUDGET: Allows explicit token budgeting (e.g., "+500k" or "spend 2M tokens")

TEAMMEM: Supports inter-team shared memory

What Does This Mean

Key takeaways:

The Claude Code is notably moving towards "high autonomy." Features like KAIROS, PROACTIVE, and COORDINATOR point to a future where Claude can run as a background daemon, continuously monitoring repositories and actively performing tasks.

Permission friction is being reduced. Automated approval mechanisms indicate their efforts to decrease frequent manual confirmation steps.

The model versioning system is far more complex than the public API. It contains multiple variations, quick modes, and a codename system, corresponding to different abilities and issues.

Security mechanisms are highly emphasized. The Bash command validation alone consists of over 2500 lines of code, along with sandboxing, stealth mode, and input sanitization.

The product is introducing "personality." The Buddy system implies that Claude Code is not just a tool but is attempting to become a "companion."

How to View Yourself

As of the time of writing, this source code is still available on npm. Download @anthropic-ai/claude-code@2.1.88, locate cli.js.map, parse the JSON, and extract the sourcesContent field. I will not redistribute the code, but analyzing and discussing publicly accessible content is fair game.

The initial discovery was credited to @Fried_rice on X.

[Original Tweet]