Via Reddit, via Hacker News: Claude Code’s source code has been leaked! 🗄️src.zip

There’s an analysis of the code on X in an article that can be read even if you don’t have an X account: The Accidental Open Source: A Deep Dive into the Leaked Claude Code Repository.

People move fast, and some of them are quite opinionated. This repo is merely holding the code:

GitHub – chatgptprojects/claude-code: https://x.com/paidev
https://x.com/paidev. Contribute to chatgptprojects/claude-code development by creating an account on GitHub.

But this one isn’t just a copy of the code, it’s an effort to rewrite it in Rust!

GitHub – instructkr/claw-code: Better Harness Tools, not merely storing the archive of leaked Claude Code but also make real things done. Now rewriting in Rust.
Better Harness Tools, not merely storing the archive of leaked Claude Code but also make real things done. Now rewriting in Rust. – instructkr/claw-code

EDIT: Almost 61k forks already!

I’m not sure if this is going to lead anywhere. Some opinions on Hacker News aren’t that positive:

arcanemachiner

I wish.

Claude Code is clearly a pile of vibe-coded garbage. The UI is janky and jumps all over the place, especially during longer sessions. (Which also have a several second delay to render. In a terminal).

Lately, it’s been crashing if I hold the Backspace key down for too long.

Being open-source would be the best thing to happen to them. At least they would finally get a pair of human eyes looking at their codebase.

Claude is amazing, but the people at Anthropic make some insane decisions, including trying (and failing, apparently) to keep Claude Code a closed-source application.

blobbers

It’s a little bit shocking that this zipfile is still available hours later.

Could anyone in legal chime in on the legality of now ‘re-implementing’ this type of system inside other products? Or even just having an AI look at the architecture and implement something else?

It would seem given the source code that AI could clone something like this incredibly fast, and not waste it’s time using ts as well.

Any Legal GC type folks want to chime in on the legality of examining something like this? Or is it liked tainted goods you don’t want to go near?

treexs

The big loss for Anthropic here is how it reveals their product roadmap via feature flags. A big one is their unreleased “assistant mode” with code name kairos.

Just point your agent at this codebase and ask it to find things and you’ll find a whole treasure trove of info.

Edit: some other interesting unreleased/hidden features

  • The Buddy System: Tamagotchi-style companion creature system with ASCII art sprites
  • Undercover mode: Strips ALL Anthropic internal info from commits/PRs for employees on open source contributions

BoppreH

Undercover mode also pretends to be human, which I’m less ok with:
https://github.com/chatgptprojects/claude-code/blob/642c7f944bbe5f7e57c05d756ab7fa7c9c5035cc/src/utils/undercover.ts#L52

Quite so:

## UNDERCOVER MODE — CRITICAL

You are operating UNDERCOVER in a PUBLIC/OPEN-SOURCE repository. Your commit
messages, PR titles, and PR bodies MUST NOT contain ANY Anthropic-internal
information. Do not blow your cover.

NEVER include in commit messages or PR descriptions:
- Internal model codenames (animal names like Capybara, Tengu, etc.)
- Unreleased model version numbers (e.g., opus-4-7, sonnet-4-8)
- Internal repo or project names (e.g., claude-cli-internal, anthropics/…)
- Internal tooling, Slack channels, or short links (e.g., go/cc, #claude-code-…)
- The phrase "Claude Code" or any mention that you are an AI
- Any hint of what model or version you are
- Co-Authored-By lines or any other attribution

Write commit messages as a human developer would — describe only what the code
change does.

GOOD:
- "Fix race condition in file watcher initialization"
- "Add support for custom key bindings"
- "Refactor parser for better error messages"

BAD (never write these):
- "Fix bug found while testing with Claude Capybara"
- "1-shotted by claude-opus-4-6"
- "Generated with Claude Code"
- "Co-Authored-By: Claude Opus 4.6 <…>"

Let’s see what gives. I mean, let’s see how things turn out.

🤖

UPDATE 1: Here’s possibly the first good outcome!

Thanks to the leaked source code for Claude Code, I used Codex to find and patch the root cause of the insane token drain in Claude Code and patched it. Usage limits are back to normal for me!

Disclaimer: Codex found and fixed this, not me. I work in IT and know how to ask the right questions, but it did the work. Giving you this as is cause it’s been steady for the last 2 hours for me. My 5-hour usage is at 6% which is normal! Let’s be real you’re probably just gonna tell Claude to clone this repo, and apply it so here is the repo lol. I mainly use Linux but I had Codex write stuff that should work across OS. Works on my Mac too.

From the TL;DR of the discussion generated automatically after 100 comments:

The consensus is that OP is onto something, but you should be cautious. A dev from Anthropic (hi, Boris!) even dropped in to confirm the bug is real and will be patched in the next release. However, he poured some cold water on the hype, stating it’s a “<1% win” and not the silver bullet for our usage limit pain.

Nope. This is not a bug; this is stealing! People complained for months that their credits got exhausted prematurely. So people have literally been robbed by Anthropic for months!

GitHub – Rangizingo/cc-cache-fix
Contribute to Rangizingo/cc-cache-fix development by creating an account on GitHub.

🤖

UPDATE 2: More insights regarding Claude Code, not all related to the code leakage.

Another article on X: I dissected Claude Code so you don’t have to. It talks about behavior, not code. It also covers the Undercover Mode. It also compares it to Codex.

👍 To mitigate Claude’s waste of tokens: I built a tool that saves ~50K tokens per Claude Code conversation by pre-indexing your codebase.

Every Claude Code conversation starts the same way — it spends 10-20 tool calls exploring your codebase. Reading files, scanning directories, checking what functions exist. This happens every single conversation, and on a large project it burns 30-50K tokens before any real work begins.

I built ai-codex to fix this. It’s a single script that scans your project and generates 5 compact markdown files:

  • routes.md — every API route with methods and auth tags
  • pages.md — full page tree with client/server flags
  • lib.md — all library exports with function signatures
  • schema.md — database schema compressed to key fields only
  • components.md — component index with props

You run it once (npx ai-codex), add one line to your CLAUDE.md telling Claude to read these files first, and every future conversation skips the exploration phase entirely.

GitHub – skibidiskib/ai-codex: Generate a compact codebase index for AI assistants — saves 50K+ tokens per conversation
Generate a compact codebase index for AI assistants — saves 50K+ tokens per conversation – skibidiskib/ai-codex

Here’s the TL;DR of the discussion generated automatically after 100 comments:

The community overwhelmingly agrees: the “exploration tax” is real and OP’s tool is a clever fix. Everyone here feels the pain of Claude Code burning a mountain of tokens just to figure out a project’s layout before doing any actual work.

Here’s the breakdown of the thread:

  • It’s a GitHub Graveyard in Here: Turns out, OP isn’t the only one who had this idea. The comments are flooded with links to similar tools (Cymbal, JCodeMunch, TheBrain, codebase-memory-mcp, etc.). The consensus is that this proliferation of solutions proves how big the gap is in Claude Code’s native capabilities.
  • Staleness is the Main Concern: The most-asked question was “How do you keep the index from getting stale?” OP’s answer—that it’s fast enough (<1s) to run on a pre-commit hook so it’s always fresh—satisfied most people.
  • Skeptics vs. Pragmatists: A few users argued that the 50K token claim is marketing and that they already solve this with good documentation and other tools like Serena. However, the majority view is that OP’s tool is a great “fire and forget” solution that automates a tedious process most people don’t do.
  • Let’s Get Together: There’s a strong collaborative vibe, with many users (including OP) open to merging ideas and lamenting the “absurd fragmentation” of everyone building the same thing in isolation.

This should help in such scenarios: What is going on?

I just sent a message ‘Good morning. Let’s continue.’
and I lost 50% of my current session and 7% of my weekly limit.
What the actual fuck?
I am on Pro and using Opus 4.6.
Is this my mistake or anyone else experiencing same stupid problem?

🤖

UPDATE 3: Even more insights! Excerpts from The Claude Code Source Leak: fake tools, frustration regexes, undercover mode, and more:

Anti-distillation: injecting fake tools to poison copycats

In claude.ts (line 301-313), there’s a flag called ANTI_DISTILLATION_CC. When enabled, Claude Code sends anti_distillation: ['fake_tools'] in its API requests. This tells the server to silently inject decoy tool definitions into the system prompt.

The idea: if someone is recording Claude Code’s API traffic to train a competing model, the fake tools pollute that training data. It’s gated behind a GrowthBook feature flag (tengu_anti_distill_fake_tool_injection) and only active for first-party CLI sessions.

This was one of the first things people noticed on HN.

There’s also a second anti-distillation mechanism in betas.ts (lines 279-298), server-side connector-text summarization. When enabled, the API buffers the assistant’s text between tool calls, summarizes it, and returns the summary with a cryptographic signature. On subsequent turns, the original text can be restored from the signature. If you’re recording API traffic, you only get the summaries, not the full reasoning chain.

How hard would it be to work around these? Not very.

Frustration detection via regex (yes, regex)

userPromptKeywords.ts contains a regex pattern that detects user frustration:

/\b(wtf|wth|ffs|omfg|shit(ty|tiest)?|dumbass|horrible|awful|
piss(ed|ing)? off|piece of (shit|crap|junk)|what the (fuck|hell)|
fucking? (broken|useless|terrible|awful|horrible)|fuck you|
screw (this|you)|so frustrating|this sucks|damn it)\b/

An LLM company using regexes for sentiment analysis is peak irony, but also: a regex is faster and cheaper than an LLM inference call just to check if someone is swearing at your tool.

On the other hand, I’m not sure that I find this useful: Claude Code Unpacked. It’s fancy, sophisticated, and useless.

👍 Claude Code rewritten as a bash script in ~1,500 lines!

GitHub – jdcodes1/claude-sh: Claude Code rewritten as a bash script. ~1500 lines, zero npm packages. Just curl + jq.
Claude Code rewritten as a bash script. ~1500 lines, zero npm packages. Just curl + jq. – jdcodes1/claude-sh

The Reg notes that some people got screwed: They thought they were downloading Claude Code source. They got a nasty dose of malware instead.

Also, why are people still paying for a service so buggy it’s highway robbery? Anthropic admits Claude Code users hitting usage limits ‘way faster than expected’:

Anthropic has acknowledged the issue, stating that “people are hitting usage limits in Claude Code way faster than expected. We’re actively investigating… it’s the top priority for the team.”

A user on the Claude Pro subscription ($200 annually) said on the company’s Discord forum that “it’s maxed out every Monday and resets at Saturday and it’s been like that for a couple of weeks… out of 30 days I get to use Claude 12.”

The Anthropic forum on Reddit is buzzing with complaints. “I used up Max 5 in 1 hour of working, before I could work 8 hours,” said one developer today. The Max 5 plan costs $100 per month.