Anthropic: Claude Code source leak revealed complex agentic architecture

The Claude Code source code leak on March 31, 2026 turned out to be more important than the fact of the leak itself: it revealed how Anthropic builds its AI assistant from the inside. From the code, it's clear that we're no longer dealing with a simple terminal chat bot, but a heavyweight product platform with memory, agents, and multiple modes of operation.

No Longer Just CLI

The leaked archive turned out to be not a carefully organized git repository, but a large snapshot recovered from a sourcemap in an npm package. It's missing some modules, configs, and internal layers, so conclusions must be drawn carefully. But even in this form, the main thing is clear: Claude Code outgrew the image of a "chat in the terminal" long ago.

The author of the analysis describes it as a system that hides a daemon, bridge modes, background sessions, worktree isolation, self-hosted runner, and separate execution branches for different scenarios inside itself. An important detail is startup engineering. Simple commands don't drag the entire runtime along with them: heavy parts are loaded dynamically, and fast branches like version checking try to run with almost no unnecessary imports.

For a CLI of this scale, this is not cosmetics but a requirement for a live product with real loads. It's no wonder the author compares Claude Code not to a utility, but to a "small operating system for a single terminal."

"A small operating system for a single terminal."

Architecture and Constraints

By its internal structure, Claude Code is closer to a terminal application on React and Ink than to a minimalist console tool. A huge `main.tsx` assembles initialization, mode selection, system prompt, feature flags, UI launch, session recovery, and access to tools. On top of this lives a REPL screen with modals, IDE integration, MCP connections, plugins, and additional modes. The key idea here is not one "main model," but orchestration: the product coordinates subagents, contexts, permissions, and the lifecycle of tasks.

• Subagents can be launched synchronously and in the background
• Workers have separate tool pools and permission modes
• Isolation through worktree is built directly into the execution route
• Read-only and secure tool calls the system knows how to parallelize

What stands out separately is the paranoia in the Bash layer. The code was clearly written by people who have already seen how LLMs break shell through substitutions, heredocs, strange spaces, or dangerous prefixes like `sudo` and `env`. That's why the constraints here are not decorative: there's a division into concurrency-safe calls, separate logic for canceling neighboring tool calls, result buffering, and handling scenarios like `user_interrupted` or `sibling_error`. Even the Explore agent is pre-forbidden from writing and editing, leaving it only reading, search, and analysis.

Hidden Product Modes

The most interesting part of the leak is not specific files, but traces of product strategy. The code constantly surfaces flags and hidden development lines: KAIROS, PROACTIVE, ULTRAPLAN, TEAMMEM, BUDDY, BRIDGE_MODE, remote backend, and other modes. This doesn't mean each function is already available to all users, but it does well show the direction. Anthropic is building not just an interface to a model, but a bundle of a local client, remote environments, memory, internal experiments, and special UX scenarios. Three things look especially indicative.

First — `autoDream`, a mechanism for background memory consolidation through a separate subagent with a lock file and hard limits. Second — Undercover Mode, where the product is specially trained not to reveal internal model names, project names, and the very fact of its presence in public repositories. Third — Buddy, a terminal companion with ASCII sprites and speech bubbles. All together it looks strange in places, but very product-like: alongside it live security, memory, hidden modes, remote scenarios, and elements of character.

What This Means

The analysis of the leak showed a simple thing: Claude Code at Anthropic is no longer a wrapper around an API, but a large, heavy, and in some places overloaded product stack. The code cannot be called exemplarily elegant, but it looks mature where it really matters: in startup, orchestration, access restrictions, and work with long-lived scenarios. For the AI tools market, this is a signal that the next competition will go not only on the quality of the model, but on the quality of the entire surrounding platform.