클로드 코드 유출

A curated list of resources related to the Claude Code source code leak (March 31, 2026) — the incident where Anthropic accidentally shipped a 59.8 MB source map file ( cli.js.map ) in version 2.1.88 of the@anthropic-ai/claude-code npm package, exposing ~1,900 files and 512,000+ lines of proprietary TypeScript source code. - What Happened - Source Code Archives - Clean-Room Reimplementations - Technical Breakdowns & Analysis - Key Discoveries from the Leak - News Coverage - Expert & Community Reactions - Blog Posts & Deep Dives - Videos & Podcasts - Security & Legal Implications - Related Prior Incidents - Further Reading On March 31, 2026, security researcher Chaofan Shou (@Fried_rice on X), an intern at Solayer Labs, discovered that the entire source code of Claude Code — Anthropic's flagship AI coding CLI — was publicly accessible via a source map file (.map ) bundled into the published npm package @anthropic-ai/claude-code v2.1.88. - The .map file was 59.8 MB and contained the full, readable original TypeScript source - ~1,900 files and 512,000+ lines of code were exposed - The leak was caused by a missing .npmignore rule or bundler misconfiguration (Bun generates source maps by default) - Anthropic scrambled to remove the package, but the code was already archived and forked 41,500+ times on GitHub within hours - This was the second time Claude Code source was leaked — the first was in February 2025 - gitlawb/claude-code — Decentralized mirror of the leaked Claude Code source on GitLawb - chatgptprojects/claude-code — Original leaked source code archive — the primary repository preserving the full extracted TypeScript source from the npm sourcemap - Kuberwastaken/claude-code (Rust) — Rust port of Claude Code's behavior, clean-room reimplementation - instructkr/claw-code (Python) — Python rewrite by Sigrid Jin (top Claude API consumer, featured in WSJ), capturing the agent harness architecture - JackChen-me/open-multi-agent — MIT-licensed TypeScript ~8,000-line clean-room multi-agent SDK inspired by the leak; runs in-process unlike claude-agent-sdk - Kuberwastaken's Breakdown — Comprehensive README covering every major system: BUDDY, KAIROS, Dream, Undercover Mode, Coordinator Mode, tool registry, and more - Kuber's Blog Post — Same breakdown with better reading UX - alex000kim — "The Claude Code Source Leak: fake tools, frustration regexes..." — Deep dive into fake tools, frustration detection, and anti-distillation measures - dev.to — Gabriel Anhaia — "1,900 files. 512,000+ lines. Everything." - apiyi.com — Interpretation of the Claude Code source code leak — Impact analysis on the AI agent industry Notable features and systems found in the leaked source: - Undercover Mode — System that hides Anthropic identity when employees use Claude Code on public/open-source repos. Prompt: "You are operating UNDERCOVER... Do not blow your cover." - BUDDY — A full Tamagotchi-style companion pet system with gacha mechanics, 18 species, shiny variants, procedurally generated stats, and "soul descriptions" - KAIROS — "Always-On Claude" — a persistent, proactive assistant mode that watches and acts without user input (gated behind PROACTIVE feature flag) - Dream System — Background memory consolidation engine where Claude literally "dreams" — has a three-gate trigger and four phases - ULTRAPLAN — 30-minute remote planning session system - Multi-Agent Orchestration / Coordinator Mode — Full multi-agent system spawning parallel workers, activated via CLAUDE_CODE_COORDINATOR_MODE=1 - Agent Teams / Swarm — In-process and process-based teammates with tmux/iTerm2 panes (feature gate: tengu_amber_flint ) - 40+ Tool Registry — Complete tool system with risk classification (LOW/MEDIUM/HIGH), ML-based auto-approval, and YOLO classifier - Penguin Mode — Internal codename for "Fast Mode" - Upcoming Models — References to Capybara (new model family, v2, with 1M context), Opus 4.7, and Sonnet 4.8 - Internal Codename: Tengu — Claude Code's internal project codename, appearing hundreds of times as prefix for feature flags - Anti-Distillation Measures — Fake tools and frustration detection regexes to prevent model distillation - Hidden Beta Headers — Unreleased API features including redact-thinking ,afk-mode ,advisor-tool ,task-budgets , and more - Supply Chain Attack — Between 00:21–03:29 UTC on March 31, malicious axios versions (1.14.1, 0.30.4) containing a RAT were distributed to users who installed during the window - VentureBeat — "Claude Code's source code appears to have leaked: here's what we know" - Fortune — "Anthropic leaks its own AI coding tool's source code in second security lapse" - CNBC — "Anthropic leaks part of Claude Code's internal source code" - The Register — "Anthropic accidentally exposes Claude Code source code" - NDTV — "Anthropic's AI Coding Tool Leaks Its Own Source Code For The Second Time In A Year" - NDTV Profit — "Anthropic Source Code Leaked For Second Time In A Week" - Decrypt — "Anthropic Accident