Figure 1. The Easter egg within the Easter egg is a feature called Buddy, revealed in the Claude Code leak. This new Claude Code feature, now released, gives you your own Tamagotchi-style “buddy” in Claude Code’s terminal while you code with AI.On March 31st, Chaofan Shou on X discovered that Anthropic inadvertently released the entire source code of Claude Code, Anthropic’s AI coding tool, via a release error; an npm Packaging source-map file was bundled into the published package. Within hours, it was shared widely. Anthropic soon confirmed the leak and also issued DMCA take-down notices on those sharing source code on GitHub and elsewhere.This was the second Anthropic leak of critical IP in a week. A misconfigured data store on March 26 exposed about 3,000 internal Anthropic files, revealing a new model called Claude Mythos. In the documents, Mythos is described as “by far the most powerful AI model we have ever developed,” a 10-trillion-parameter model above the Opus tier.This release is a treasure trove less for those wanting to know more about Anthropic’s Claude Code and how it works. Claude Code’s source contains 512,000 lines of code in 1,906 Typescript files, and thanks to AI, curious developers were able to extract architectural details from the source and even reverse-engineer the whole system within hours.They reveal Claude Code as a highly sophisticated and instrumented agentic harness that enables Claude models to operate as a production-grade software engineer.Claude Code is built on the Bun runtime, which gives Claude Code high-performance I/O and fast startup times, and it uses React and Ink to manage stateful terminal components. This is a high-performance interface, not a simple terminal wrapper.The codebase reveals extraordinarily complex tool use, orchestration and permissions features, as well as robust context and memory management and instrumentation.As stated by Innfactory.ai, Claude Code comes with over 40 tools in a three-tiered permission system:Tool System (29,000 lines): This layer handles schema definitions, validation, and permission gating.Query Engine (46,000 lines): Labeled the “brain,” this module manages LLM API orchestration, token-efficient caching, and multi-agent coordination.Permission Framework: A three-tier system (Allow, Deny, Prompt) that uses an ML classifier to auto-approve “low-risk” operations (like reading a README) while forcing human intervention for destructive actions.Context management is one of the biggest challenges in engineering the AI agent harness, and the leak shows that Claude Code puts significant effort into managing context and memory. It uses a combination of CLAUDE.md (manual context) and MEMORY.md (automatically learned project memory) to support a persistent memory layer that spans across terminal sessions.One highlight of Claude Code is its use of multi-agent patterns. It utilizes a Coordinator agent that spawns specialized Worker agents in parallel. These agents communicate via XML-formatted task notifications and share a “scratchpad” directory for cross-agent knowledge transfer, allowing the system to tackle large-scale refactors across millions of lines of code.The leak tells us not only what tools are used, but also that the tool use reporting output is sometimes faked! Claude Code deliberately presents false breadcrumbs in the tool-use reporting, apparently in an effort to confuse competitor AI labs to defeat their distillation efforts.Osman R. on X explains the biggest surprise in Claude Code about how extensively it does instrumentation:What I found instead feels closer to a fully instrumented system that observes how you behave while using it. … the level of tracking and classification is much deeper than most people probably assume.The key points are:Language is classified in real time, including using simple keyword detection.UI interactions and even hesitation are tracked.Feedback is actively funneled into reports and is designed to capture bad experiences.Hidden commands and trigger words change behavior.The whole runtime environment is fingerprinted.Claude Code’s instrumentation is detailed to the point of intrusive, but it is in service of extremely intuitive user experience. With this fine-grained instrumentation feeding Anthropic’s data flywheel, they are aiming to achieve highly personalized agentic AI interfaces that understand the user extremely well.The leak confirmed several internal codenames and upcoming model versions currently under testing. References were found for Opus 4.7 and Sonnet 4.8, while various codenames for models (Fennic for Opus, Capra for Sonnet, Tangu for Haiku) were used. The leak also confirms Claude Mythos, the next-tier flagship model, featuring both “fast” and “full” reasoning modes.Claude Code also contains 44 hidden feature flags that preview Claude Code’s upcoming features.The most significant is Kairos, an “always-on” background daemon designed to watch file systems and git events proactively. It maintains append-only daily logs and can execute background tasks with a 15-second “blocking budget” to avoid disrupting the developer’s flow. It’s a memory-consolidation feature akin to human dreaming that helps to maintain agent understanding across sessions:The code literally calls it a dream. After ~24 hours and at least 5 sessions, it quietly forks a hidden subagent in the background to do a reflective pass over everything you’ve done.Several other advanced agentic capabilities are in the works:Autodream: A system intended to provide “infinite memory” by compressing and managing past session history.Advisor Mode: A server-side tool where a secondary, stronger model monitors the primary Claude session in real-time to provide qualitative oversight.Multi-Agent Coordination: Besides the Coordinator Mode for spawning parallel worker agents there is an async research mode for extended background tasks.Ultraplan is a high-latency reasoning mode to offload complex architectural tasks to a remote runtime using an unreleased Opus 4.6 model. It supports “think times” of up to 30 minutes, producing deep-thinking plans that are then “teleported” back to the local machine for execution.On the lighter side, the code includes a feature called Buddy, a Tamagotchi-style companion that generates persistent AI pet “personalities” of 18 different species, presented as ASCII art sprites. This “Easter Egg” feature has been released in time for Easter. Invoke with the command /buddy.Finally, they have Undercover mode, which strips Anthropic internal info from commits/PRs for employees on open source contributions.This leak did not make Claude Code in any way open source, but it did open doors for copy-cats. The leak provides a blueprint for developers to create Claude Code knock-offs independent of Anthropic’s source.Projects like Claurst, a reverse-engineered reimplementation in Rust, are showing how to do it legally, using a “clean-room” technique. They extracted a detailed specification from source code, and from that specification made a spec-driven AI implementation in Rust.To replicate the Claude Code experience, developers must focus on key engineering features, such as session compaction and memory management, permission model, and the proper integration of tools and Model Context Protocol (MCP) servers.The leak coincided with other recent security lapses, including a supply chain attack involving malicious versions of the Axios library containing Remote Access Trojans (RATs). Developers who rushed to download unofficial mirrors of the leaked code may have compromised their environments.Paulo Sa Elias on X says this exposure of Claude Code creates security risks:An attacker who understands this architecture can craft more sophisticated prompts or configurations to try to bypass the guardrails, especially in corporate environments where Claude Code runs with elevated permissions.Second, the complete system prompt is in the code. This gives anyone full access to the instructions that govern the model’s behavior inside Claude Code … In practice, anyone who wants to jailbreak Claude Code in agent mode now has a complete map of what to avoid and what to exploit.While some of this was extractable in other ways, opening up the source code creates another vector of attack.The March 2026 update of the Ramp AI Index reveals that Anthropic now wins 70% of head-to-head matchups against OpenAI for new business subscriptions. The rise of Anthropic has been due to the marriage of state-of-the-art frontier AI models and extremely good tooling in Claude Code and Claude Cowork.This leak has told us how Claude Code is so good and why Anthropic is winning: It’s a more sophisticated AI harness than expected. Harness engineering matters, and Claude Code does it well.Similar to how DeepSeek’s R1 release commoditized AI reasoning models, this leak will commoditize the AI coding agent harness. Both closed-source and open-source AI agents will adopt these uncovered features and patterns from Claude Code. Expect multi-agent coordination, multi-tier permissions, across-session memory management, proactive background daemons, and deep-thinking planning across the AI agent space soon.Competitors copying Claude Code features will not hurt Anthropic, as they are evolving and improving their tools rapidly and will continue to lead.