Claude Code — Leaked Source (2026-03-31)

On March 31, 2026, the full source code of Anthropic's Claude Code CLI was leaked via a .map file exposed in their npm registry.

How It Leaked

Chaofan Shou (@Fried_rice) discovered the leak and posted it publicly:

"Claude code source code has been leaked via a map file in their npm registry!"

— @Fried_rice, March 31, 2026

The source map file in the published npm package contained a reference to the full, unobfuscated TypeScript source, which was downloadable as a zip archive from Anthropic's R2 storage bucket.

Quick Setup

Prerequisites

• Bun v1.3+ (the project's runtime)
• Node.js v18+ (for npm package installation)
• An Anthropic API key (set as ANTHROPIC_API_KEY environment variable)

Install & Run

# 1. Install Bun (if not already installed)
curl -fsSL https://bun.sh/install | bash
source ~/.bash_profile  # or restart your terminal

# 2. Install dependencies
npm install --legacy-peer-deps

# 3. Run Claude Code
bun run start

# Or with arguments:
bun run start -- --help
bun run start -- --version
bun run start -- -p "Hello Claude"

Available Scripts

Environment Variables

Notes

• Some modules from the original source were not included in the leak (Anthropic-internal @ant/* packages, some tools). These have been replaced with stubs that export no-ops.
• The bun:bundle feature flag system is shimmed via a Bun plugin at plugins/bunBundleDev.ts. All flags default to false unless enabled via FEATURE_FLAGS.
• The MACRO.* build-time constants are defined in bunfig.toml and injected by Bun's --define system.

Overview

Claude Code is Anthropic's official CLI tool that lets you interact with Claude directly from the terminal to perform software engineering tasks — editing files, running commands, searching codebases, managing git workflows, and more.

This repository contains the leaked src/ directory.

• Leaked on: 2026-03-31
• Language: TypeScript
• Runtime: Bun
• Terminal UI: React + Ink (React for CLI)
• Scale: ~1,900 files, 512,000+ lines of code

Directory Structure

src/
├── main.tsx                 # Entrypoint (Commander.js-based CLI parser)
├── commands.ts              # Command registry
├── tools.ts                 # Tool registry
├── Tool.ts                  # Tool type definitions
├── QueryEngine.ts           # LLM query engine (core Anthropic API caller)
├── context.ts               # System/user context collection
├── cost-tracker.ts          # Token cost tracking
│
├── commands/                # Slash command implementations (~50)
├── tools/                   # Agent tool implementations (~40)
├── components/              # Ink UI components (~140)
├── hooks/                   # React hooks
├── services/                # External service integrations
├── screens/                 # Full-screen UIs (Doctor, REPL, Resume)
├── types/                   # TypeScript type definitions
├── utils/                   # Utility functions
│
├── bridge/                  # IDE integration bridge (VS Code, JetBrains)
├── coordinator/             # Multi-agent coordinator
├── plugins/                 # Plugin system
├── skills/                  # Skill system
├── keybindings/             # Keybinding configuration
├── vim/                     # Vim mode
├── voice/                   # Voice input
├── remote/                  # Remote sessions
├── server/                  # Server mode
├── memdir/                  # Memory directory (persistent memory)
├── tasks/                   # Task management
├── state/                   # State management
├── migrations/              # Config migrations
├── schemas/                 # Config schemas (Zod)
├── entrypoints/             # Initialization logic
├── ink/                     # Ink renderer wrapper
├── buddy/                   # Companion sprite (Easter egg)
├── native-ts/               # Native TypeScript utils
├── outputStyles/            # Output styling
├── query/                   # Query pipeline
└── upstreamproxy/           # Proxy configuration

Core Architecture

1. Tool System (src/tools/)

Every tool Claude Code can invoke is implemented as a self-contained module. Each tool defines its input schema, permission model, and execution logic.

2. Command System (src/commands/)

User-facing slash commands invoked with / prefix.

3. Service Layer (src/services/)

4. Bridge System (src/bridge/)

A bidirectional communication layer connecting IDE extensions (VS Code, JetBrains) with the Claude Code CLI.

• bridgeMain.ts — Bridge main loop
• bridgeMessaging.ts — Message protocol
• bridgePermissionCallbacks.ts — Permission callbacks
• replBridge.ts — REPL session bridge
• jwtUtils.ts — JWT-based authentication
• sessionRunner.ts — Session execution management

5. Permission System (src/hooks/toolPermission/)

Checks permissions on every tool invocation. Either prompts the user for approval/denial or automatically resolves based on the configured permission mode (default, plan, bypassPermissions, auto, etc.).

6. Feature Flags

Dead code elimination via Bun's bun:bundle feature flags:

import { feature } from 'bun:bundle'

// Inactive code is completely stripped at build time
const voiceCommand = feature('VOICE_MODE')
  ? require('./commands/voice/index.js').default
  : null

Notable flags: PROACTIVE, KAIROS, BRIDGE_MODE, DAEMON, VOICE_MODE, AGENT_TRIGGERS, MONITOR_TOOL

Key Files in Detail

QueryEngine.ts (~46K lines)

The core engine for LLM API calls. Handles streaming responses, tool-call loops, thinking mode, retry logic, and token counting.

Tool.ts (~29K lines)

Defines base types and interfaces for all tools — input schemas, permission models, and progress state types.

commands.ts (~25K lines)

Manages registration and execution of all slash commands. Uses conditional imports to load different command sets per environment.

main.tsx

Commander.js-based CLI parser + React/Ink renderer initialization. At startup, parallelizes MDM settings, keychain prefetch, and GrowthBook initialization for faster boot.

Tech Stack