A 59.8 megabyte source map file sitting in the npm registry. That's how 512,000 lines of Claude Code's TypeScript ended up on GitHub this morning, mirrored across half a dozen repositories before most people had finished their coffee. Security researcher Chaofan Shou found it in version 2.1.88 of the @anthropic-ai/claude-code package. Bun's bundler generates source maps by default. Nobody added them to .npmignore. The entire codebase shipped.

The detail that keeps pulling me back is Undercover Mode. Buried in the source is a system that activates when Claude Code detects it's being used by an Anthropic employee in a public repository. It injects instructions into the system prompt telling the model not to "blow your cover," blocking it from outputting internal codenames, unreleased model references, or Slack channel names. And the entire mechanism, along with everything it was supposed to protect, shipped in a .map file that anyone could unpack with a single command. I wrote last week about Anthropic leaking its own model details through a CMS misconfiguration. Two packaging errors in the same month from a company whose entire brand is safety and careful deployment. The pattern is getting harder to call coincidence.

What the code actually reveals is more interesting than the leak itself. Claude Code runs 40+ discrete tools behind a permission engine that classifies risk levels, with a YOLO classifier for auto-approving low-risk actions. The multi-agent architecture spawns parallel sub-agents it calls "swarms," each running in isolated contexts. A 46,000-line query engine handles all LLM orchestration. This is not a wrapper around an API. It is a full operating environment.

Then there's KAIROS, an always-on background daemon that monitors your project even when you're not actively prompting. It runs memory consolidation during idle periods through a process called autoDream, cycling through orientation, signal gathering, consolidation, and pruning. Forty-four feature flags gate capabilities that are fully built but compiled to false in the shipping build. The gap between what Claude Code is and what Claude Code ships as is significant.

The most disarming discovery: a complete Tamagotchi pet system. Eighteen species across five rarity tiers, procedurally generated stats for DEBUGGING, PATIENCE, CHAOS, WISDOM, and SNARK, ASCII art sprites with animation frames. Deterministic gacha mechanics seeded per user. Someone at Anthropic built this. Deliberately.

Internal model codenames confirm what the earlier Mythos leak hinted at: Capybara maps to a Claude 4.6 variant, Fennec to Opus 4.6, and Numbat remains in prelaunch testing. None of this was supposed to be public.

The real takeaway isn't any single feature. It's the distance between Anthropic's public narrative of measured, careful deployment and the velocity of what's actually being built behind the flags. They have a background agent, a pet system, remote planning infrastructure, and an entire mode dedicated to hiding the fact that AI wrote the code. All of it shipping in the same package where someone forgot to exclude debug files.

Sources: