Anthropic's Claude Code Source Code Leaked, Revealing Internal Features and Triggering DMCA Wave

midudev
#anthropic #Claude-code #source-leak #dmca #software-security

Anthropic, a prominent AI research and development company, has faced a significant security incident: the accidental leakage of the full source code for its Claude Code command-line interface (CLI). The breach occurred when version 2.1.88 of Claude Code was deployed, inadvertently including a cli.js.map file. This 60MB source map, significantly larger than the 13MB minified cli.js, provided the essential information to reconstruct the original, unminified, and un-obfuscated JavaScript code.

The exposure quickly led to developers extracting and analyzing the codebase, revealing a treasure trove of internal features and development insights. Among the discoveries were an “employee mode” that bypasses certain verifications and optimizes context usage, as well as several unreleased features such as “Cairos” (persistent session mode with logging and proactive actions), “Auto Dream” (memory consolidation), “Undercover Mode” (auto-redaction for open-source contexts), “Advisor Tool” (a more powerful secondary model for review), and “Ultraplan” (a 30-minute Opus 4.6 plan executed in the Claude). The leak also exposed codenames for future models like Opus 4.7 and Sonnet 4.8. Crucially, reverse engineering of the leaked code has enabled third-party clients to crack Claude Code’s API signing system, allowing valid API hashes to be generated without official binaries. Anthropic’s response has been swift and severe, including the rapid removal of the offending version 2.1.88 (which disappeared between 2.1.87 and 2.1.89) and an aggressive campaign of Digital Millennium Copyright Act (DMCA) takedown notices. Notably, some DMCA requests targeted forks of Anthropic’s public GitHub repositories, even for repos that did not contain the leaked code, leading to frustration among community members whose legitimate forks were unexpectedly shut down. Ironically, a pull request containing the entire leaked Claude Code source code was observed to remain open on Anthropic’s own repository at one point.

Anthropic officially attributed the incident to a “human error” in a manual step of their deployment process, stating they are implementing further automation and consistency checks. However, this explanation has met with skepticism from some in the developer community, who note that standard practices like using an npm ignore file could easily prevent such artifacts from being published. The incident underscores the complexities of managing software deployments, even for sophisticated tech companies, and provides a stark reminder of how a single misstep can expose sensitive intellectual property and internal development strategies.