Sometimes the most interesting things happen by accident. On March 31st, Anthropic shipped version 2.1.88 of Claude Code with a 59.8 MB source map file accidentally included in the npm package. Inside: roughly 1,900 TypeScript files containing over 512,000 lines of code. Essentially the complete architecture of their most successful product — out in the open.
What happened?
A developer at Solayer Labs spotted the file at 4:23 AM ET and posted the discovery on X. Within hours, the code was mirrored on GitHub and analyzed by thousands of developers. Anthropic’s response was remarkably calm: ‘A release packaging issue caused by human error, not a security breach.’ No customer data or credentials were involved.
For a company with an estimated $19 billion annual revenue run-rate and Claude Code ARR of $2.5 billion, it’s still a significant blow. Especially since it was the second leak in a single week — following the accidentally published Mythos blog post.
What’s in the code?
The truly fascinating part isn’t the circumstances of the leak, but what developers found inside.
KAIROS — the autonomous daemon: The code contains a feature flag called KAIROS (after the Greek concept of ‘the right moment’), referenced over 150 times. KAIROS turns Claude Code into a persistent background agent. Particularly interesting: a function called autoDream that performs ‘memory consolidation’ while the user is idle — resolving contradictory observations and converting vague insights into verified facts.
44 feature flags: The code contains 44 feature flags for fully built but unreleased features. They compile to false in the external build.
Three-layer memory system: Claude Code uses a sophisticated memory architecture with a lightweight MEMORY.md index (pointers only), on-demand topic files, and transcripts that are only searched via grep. The agent treats its own memory as a ‘hint’ and always verifies against the actual codebase.
Internal codenames: Capybara is the internal name for a Claude 4.6 variant, Fennec maps to Opus 4.6, and Numbat is still in testing. Internally, Anthropic is already on Capybara v8 — but with a false claims rate of 29-30%, actually a regression from the 16.7% in v4.
Undercover Mode: Anthropic apparently uses Claude Code for stealth contributions to public open-source repositories. The system prompt literally says: ‘You are operating UNDERCOVER… Your commit messages MUST NOT contain ANY Anthropic-internal information.’
Buddy — the terminal Tamagotchi: And then there’s ‘Buddy’, a hidden Tamagotchi-like system with stats like CHAOS and SNARK. Anthropic is building personality directly into the product.
What does this mean?
For users: don’t panic. Your data isn’t affected. But if you installed or updated Claude Code via npm on March 31 between 00:21 and 03:29 UTC, you should check your lockfiles for compromised axios versions (1.14.1 or 0.30.4) — there was a separate supply-chain attack on the axios package around the same time.
For the industry, this leak is an unintentional open-sourcing of best practices for AI agents. Competitors can now study how Anthropic solves context entropy, builds memory systems, and orchestrates agents. The blueprint is out there.
And Anthropic? They have yet another reason to forget March 2026 as quickly as possible.
Sources: