Claude Code Source Leak: 500K Lines Exposed
Security researcher Chaofan Shou discovered Anthropic accidentally published Claude Code's complete source code to npm, including unreleased features like KAIROS autonomous agent and autoDream memory consolidation.
What Happened
On March 31, 2026, Anthropic published Claude Code v2.1.88 to the npm registry. The package included a 59.8MB source map file (cli.js.map) that should have been excluded.
This single file contained:
- 1,906 TypeScript source files
- 512,000+ lines of code
- 40+ core tool modules
- Hardcoded internal Cloudflare R2 URLs
The Bun Bundler Blame
The root cause was Anthropic's use of Bun for bundling. Unlike esbuild or webpack, Bun generates source maps by default unless explicitly disabled with --no-sourcemap.
Anthropic's build script likely lacked this flag, causing the massive source map to be included in the production npm package.
Security lesson: Always audit npm packages before publish. Use npm pack --dry-run to inspect what gets included. Source maps should never ship to production.
What the Leak Revealed: KAIROS
The most significant discovery was KAIROS, an unreleased autonomous agent system with startling capabilities:
- Always-On Background Daemon: Runs continuously, monitoring for tasks
- GitHub Webhook Integration: Subscribes to repo events, automatically responds to issues/PRs
- Auto-Fix Capability: Detects code errors and fixes them without human intervention
- "Dreaming" Memory Consolidation: Periodic background process that consolidates learnings
The autoDream Feature
Perhaps the most intriguing discovery was autoDream, a memory consolidation system inspired by sleep research. The code references:
- Periodic "dream cycles" that process accumulated interactions
- Knowledge graph updates during idle periods
- Pattern extraction from conversation history
- Optimization of reasoning pathways
This suggests Anthropic is building AI that learns continuously, not just during training.
Enterprise API Architecture Exposed
The leak also revealed Anthropic's enterprise API design:
- Multi-tenant isolation: Customer data siloing architecture
- Permission control: Fine-grained access management system
- Audit logs: Comprehensive activity tracking for compliance
- Rate limiting: Quota management by organization
Response and Impact
Anthropic pulled the package within 2 hours of the disclosure. But the damage was done:
- A GitHub mirror (
instructkr/claude-code) hit 50,000 stars in 2 hours - The source map was re-uploaded to multiple archives
- Competitors gained insight into Anthropic's agent architecture
- Security researchers documented the internal APIs
What This Means for Developers
The Claude Code leak offers a rare glimpse into frontier AI development:
1. Autonomous Agents Are Coming
KAIROS proves Anthropic is building AI that operates independently, not just responds to prompts. The "dreaming" feature suggests continuous learning systems.
2. Build Security Matters
A single bundler misconfiguration exposed months of proprietary work. Every team shipping code should audit their build pipeline for similar risks.
3. The Agent Race Is Real
KAIROS competes with OpenAI's agent initiatives and Google's Gemini tools. All major labs are building autonomous coding assistants.
Related: Read about Claude Opus 4.7's release and how it compares to GPT-5.5 in our detailed benchmark.
Timeline
- March 31, 10:00 UTC: Claude Code v2.1.88 published to npm with source map
- March 31, 14:00 UTC: Chaofan Shou discovers the leak
- March 31, 15:30 UTC: Disclosure to Anthropic
- March 31, 17:00 UTC: Package pulled from npm
- March 31, 18:00 UTC: GitHub mirrors appear
- April 1: 50K+ stars on mirror repo
Bottom Line
The Claude Code leak was a costly mistake, but it revealed the future of AI development. Autonomous agents that learn continuously, fix bugs automatically, and operate in the background are not science fiction, they're already in development at Anthropic and likely elsewhere.
For developers, the lesson is twofold: audit your build pipeline, and prepare for AI that works while you sleep.
Published: March 31, 2026 | Updated: May 6, 2026 | Tags: Claude Code, Security, Anthropic, KAIROS