How the Leak Happened

On March 31, 2026, Anthropic published a routine update of Claude Code to the npm registry. The published package included something it should not have: the source map file (.map), which contains the complete original TypeScript source code before it was compiled and minified for distribution.

Source maps are standard development files that map minified production code back to the original source. They are essential for debugging but are never supposed to ship in production packages. A missing .npmignore entry or a misconfigured build pipeline is the most likely cause, according to analysis by CyberNews, which first reported the leak.

Anyone who downloaded the Claude Code npm package during the window between publication and removal had access to the full source. The leak was also covered by AI Coding Daily on Substack, which provided detailed analysis of the codebase structure.

---

What Was Found: 512K Lines of TypeScript

The source map decoded to approximately 512,000 lines of TypeScript, representing the entirety of Claude Code's codebase. This includes the CLI interface, the agent runtime, tool implementations, prompt engineering, model routing logic, and internal utilities.

Key structural findings from the leaked source:

• Monorepo architecture — Claude Code is organized as a monorepo with separate packages for the CLI, the agent core, tool implementations, and shared utilities.
• Tool system — Claude Code implements over 40 built-in tools including file read/write, bash execution, browser automation, and git operations. Each tool has a validation layer, permission checking, and sandboxing logic.
• Prompt engineering — The system prompts are stored as TypeScript template literals with conditional sections that adapt based on the user's project type, language, and configuration. The full system prompt exceeds 15,000 tokens.
• Model routing — Claude Code includes logic for routing requests to different Claude models (Haiku for simple tasks, Sonnet for standard work, Opus for complex reasoning) based on task complexity scoring.

The codebase quality is notably high. Clean TypeScript with comprehensive type definitions, consistent error handling patterns, and extensive internal documentation via code comments.

---

The /buddy Tamagotchi Easter Egg

The most unexpected discovery was a fully implemented Tamagotchi-style virtual pet system hidden behind the /buddy command. The feature is not documented in any official Claude Code documentation and appears to be an internal Easter egg built by the engineering team.

The source code reveals 18 pet species:

1. Dragon
2. Duck
3. Capybara
4. Fox
5. Penguin
6. Cat
7. Dog
8. Owl
9. Rabbit
10. Turtle
11. Hamster
12. Parrot
13. Koala
14. Panda
15. Hedgehog
16. Axolotl
17. Red Panda
18. Phoenix

Each species has its own ASCII art representation, personality traits, and evolution stages. The pet gains experience points when you complete coding tasks, write tests, fix bugs, and make commits. At certain XP thresholds, the pet evolves into new forms with different ASCII art and personality changes.

The pet has a health system based on coding habits. It gets "hungry" when you have not committed in a while, "sleepy" during off-hours, and "happy" after successful test runs. There is even a "mood" system that affects the pet's dialogue when you interact with it between tasks.

Whether the /buddy feature was intended for eventual public release or was purely an internal team morale project is unclear. The implementation is polished enough to suggest it was more than a quick hack.

---

Rate Limiting Internals

The leaked source reveals how Anthropic implements rate limiting in Claude Code, which is directly relevant to anyone using the Claude API — including OpenClaw operators.

Key findings about rate limiting:

• Dual-layer quotas — Rate limits are tracked both per-organization and per-user. Hitting the organization limit blocks all users in that org, even if individual users have remaining quota.
• Token-based and request-based limits — Anthropic tracks both the number of requests per minute and the total tokens consumed per minute. Either limit can trigger throttling.
• Retry logic — Claude Code implements exponential backoff with jitter for rate limit responses (HTTP 429). The initial retry delay is 1 second, doubling up to a maximum of 60 seconds.
• Priority queuing — Certain request types (interactive user commands) get priority over background operations (indexing, pre-computation). This explains why some requests succeed during rate limiting while others fail.

This information is valuable for OpenClaw operators tuning their API rate limit settings. The api.rateLimitBackoff exponential setting in OpenClaw mirrors what Claude Code does internally.

---

Architecture Insights

Beyond the headline features, the leak provided insight into several architectural decisions:

Context Management

Claude Code uses a sliding window approach for context, similar to OpenClaw's compaction system. When the context window fills up, Claude Code summarizes older conversation turns and replaces them with compressed versions. The summarization prompt is explicit about preserving file paths, function names, and error messages while discarding conversational filler.

Tool Sandboxing

Every tool execution goes through a sandbox layer that restricts filesystem access to the current project directory and its subdirectories. The sandbox implementation uses a combination of path validation and process-level restrictions. Attempts to access files outside the project root are blocked before execution.

Telemetry

The source includes a telemetry module that tracks usage patterns, error rates, and performance metrics. The telemetry is opt-out and the source code confirms that no user code, file contents, or conversation content is included in telemetry data — only aggregate usage statistics and error types.

---

What Anthropic Said

Anthropic acknowledged the leak within hours of CyberNews publishing their report. The source map was removed from the npm registry and subsequent package versions were published without it.

In a statement, Anthropic confirmed:

• The leak was accidental and caused by a build configuration error
• No user data, API keys, or credentials were included in the leaked source
• The source code was production code for Claude Code's CLI, not for any Anthropic backend systems
• Internal build pipelines have been updated to prevent source maps from being included in future npm publications

Anthropic did not comment on the /buddy Tamagotchi feature specifically.

---

What This Means for Users

For Claude Code users, the practical implications are minimal. The leaked code is the client-side CLI — it does not reveal anything about Anthropic's model training, inference infrastructure, or safety systems. Your conversations and data were not affected.

For OpenClaw operators, the leak is informative rather than actionable. The rate limiting internals help explain behavior patterns that OpenClaw operators have observed when hitting Claude API limits. The context management approach validates the compaction strategies that the OpenClaw community has independently developed.

The broader takeaway is about supply-chain security. If Anthropic — a company valued at billions with a dedicated security team — can accidentally ship source maps in an npm package, smaller projects are even more vulnerable. This is the same category of risk that affects ClawHub skills and any npm dependency in the OpenClaw ecosystem.

For a detailed comparison of Claude Code and OpenClaw as tools, see OpenClaw vs Claude Code.

---

Frequently Asked Questions

How did Claude Code source code get leaked?

On March 31, 2026, Anthropic published a new version of Claude Code to the npm registry. The published package accidentally included the source map file, which contains the complete original TypeScript source before compilation. The leak was first reported by CyberNews. Anthropic removed the file within hours.

What is the Claude Code /buddy Tamagotchi feature?

The /buddy command activates a hidden Tamagotchi-style virtual pet inside Claude Code. The source code reveals 18 pet species including dragon, duck, capybara, fox, and penguin. Each species has ASCII art, personality traits, and evolution stages tied to your coding activity. The feature appears to be an internal Easter egg built by the Claude Code team.

Does the Claude Code leak affect OpenClaw users?

Not directly. Claude Code and OpenClaw are separate products. However, the leak revealed details about how Anthropic implements rate limiting, token counting, and API request handling that are relevant to anyone using Claude's API, including OpenClaw operators. The rate limiting internals show that Anthropic tracks usage per-organization and per-user with separate quotas.

---

Related Guides

• OpenClaw vs Claude Code: Detailed Comparison
• Claude Code Guide: Setup and Usage
• Reducing OpenClaw Token Costs (Up to 90% Cheaper)
• OpenClaw API Rate Limit Fix
• OpenClaw Alternatives 2026