A significant portion of the source code for Anthropic's Claude Code has been inadvertently exposed, following the discovery of a source map file within its npm registry. This leak, first reported by Twitter user @chaofan_shou (via @fried_rice), has provided unprecedented insight into the inner workings of the advanced AI coding assistant.
The leaked data, which includes a downloadable zip file containing the source code, has been widely shared and analyzed within the developer community. The implications of this exposure are far-reaching, offering valuable information for competitors looking to build similar tools or for developers seeking to understand and potentially enhance Claude Code's capabilities.
What Was Leaked?
The leak consists of over 2,300 original files from Claude Code's codebase. These files offer a detailed look at the tool's architecture, including:
- The exact prompts and agent setup used to build and guide Claude Code.
- How the AI handles permissions and orchestrates multiple "sub-agents."
- Specific safety features and checks implemented in the system.
- The methods used for managing context and long conversations.
- The underlying tool system and its extensibility through hooks.
Key Revelations from the Source Code
Analysis of the leaked code by figures like Twitter user @mal_shaik has highlighted several critical aspects of Claude Code's design:
1. CLAUDE.md is Loaded Every Turn
The source code reveals that the CLAUDE.md file, which likely contains core instructions, coding style preferences, and other global configurations, is loaded for every single query iteration. This means Claude Code re-reads and re-evaluates these instructions with each turn, allowing for highly dynamic and responsive behavior. This is described as a high-leverage feature that many users might not be fully utilizing.
2. Subagents Share Prompt Cache for Free Parallelism
A particularly mind-blowing revelation is that Claude Code's subagents share a prompt cache. When Claude Code forks a subagent, it creates a byte-identical copy of the parent context. This shared cache means that running multiple agents simultaneously to work on different parts of a codebase incurs minimal additional cost compared to running a single agent sequentially. This enables efficient parallel processing, a feature that is not commonly leveraged by most users who tend to treat Claude Code as a single worker.
3. Configurable Permissions, Not Click-Through
The source code indicates a robust, five-level permission system designed to be configured rather than simply accepted via a prompt. When Claude Code asks for permission to perform an action, clicking "yes" signifies a failure in configuration, not a feature. The system allows for granular control through glob patterns in a ~/.claude/settings.json file, enabling users to pre-configure which actions are always allowed, never allowed, or require explicit approval. This layered approach aims to prevent users from blindly accepting actions, promoting a more secure and deliberate interaction.
4. Context Compaction Strategies
Claude Code employs five different strategies to compress conversation context when it becomes too long:
- Microcompact: Time-based clearing of old tool results.
- Context Collapse: Summarizes spans of conversation.
- Session Memory: Extracts key context to a file.
- Full Compact: Summarizes the entire history.
- PTL Truncation: Drops the oldest message groups.
Understanding these strategies is crucial, as context overflow is a central problem in LLMs. Proactively using the /compact command is recommended to preserve important context and prevent the model from forgetting crucial information.
5. The Hook System as the Real Extension API
The source code reveals a powerful hook system with over 25 lifecycle events that developers can hook into. These events cover various stages of the interaction, such as PreToolUse, PostToolUse, UserPromptSubmit, and session lifecycle events. These hooks can be triggered by five types of actions: running a shell command, injecting context via LLM, running a full agent verification loop, calling a webhook, or running JavaScript functions. This system allows for deep customization and integration with external workflows, such as auto-linting before file writes, running tests after edits, injecting relevant documentation, sending Slack notifications, or validating security patterns.
Implications for Competitors and Developers
This leak provides a significant advantage to competitors and researchers. They can now study the exact prompts, agent logic, and architectural decisions made by Anthropic, potentially accelerating their own development cycles and identifying areas for improvement or differentiation. The open nature of these insights fosters a more competitive and innovative landscape in the AI development space. Furthermore, understanding these internal mechanisms can help developers better utilize Claude Code itself, leading to more efficient and effective interactions with the AI assistant.
