claude-code
Health Warn
- No license — Repository has no license file
- Description — Repository has a description
- Active repo — Last push 1 days ago
- Community trust — 522 GitHub stars
Code Warn
- process.env — Environment variable access in src/QueryEngine.ts
- network request — Outbound network request in src/assistant/sessionHistory.ts
- process.env — Environment variable access in src/bootstrap/state.ts
- network request — Outbound network request in src/bridge/bridgeApi.ts
- process.env — Environment variable access in src/bridge/bridgeConfig.ts
- network request — Outbound network request in src/bridge/bridgeDebug.ts
- process.env — Environment variable access in src/bridge/bridgeEnabled.ts
Permissions Pass
- Permissions — No dangerous permissions requested
This repository contains the leaked, uncompiled source code of Anthropic's official "Claude Code" CLI. It is an agentic coding tool that allows users to interact with the Claude AI directly in their terminal to edit files, run commands, and manage git workflows.
Security Assessment
Overall Risk: High. As an agentic terminal tool, it is designed to execute shell commands and modify local files. The code makes outbound network requests to external APIs and reads sensitive environment variables. While the automated scan found no hardcoded secrets or explicitly dangerous permissions, the codebase itself is unsanctioned and unvetted. Because this is leaked proprietary code uploaded by a third party, it carries a high risk of being altered to include supply chain attacks, backdoors, or data-stealing payloads. Furthermore, Anthropic can and likely will take legal action to shut down the R2 storage bucket and associated repositories, making this highly unstable.
Quality Assessment
While the underlying official tool is high quality, this specific repository fails basic quality and trust checks. It lacks a software license, making it legally toxic for any developer to use, modify, or integrate. The repository is highly active and has gained significant community attention (522 stars) simply due to the novelty of the leak. However, because it relies on stolen intellectual property, it lacks genuine community trust and will receive no official vendor support or security patches.
Verdict
Not recommended. Do not trust or use this tool.
Claude Code is an agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster by executing routine tasks, explaining complex code, and handling git workflows - all through natural language commands. All original source code is the property of Anthropic.
Claude Code — Leaked Source (2026-03-31)
On March 31, 2026, the full source code of Anthropic's Claude Code CLI was leaked via a
.mapfile exposed in their npm registry.
How It Leaked
Chaofan Shou (@Fried_rice) discovered the leak and posted it publicly:
"Claude code source code has been leaked via a map file in their npm registry!"
The source map file in the published npm package contained a reference to the full, unobfuscated TypeScript source, which was downloadable as a zip archive from Anthropic's R2 storage bucket.
Overview
Claude Code is Anthropic's official CLI tool that lets you interact with Claude directly from the terminal to perform software engineering tasks — editing files, running commands, searching codebases, managing git workflows, and more.
This repository contains the leaked src/ directory.
- Leaked on: 2026-03-31
- Language: TypeScript
- Runtime: Bun
- Terminal UI: React + Ink (React for CLI)
- Scale: ~1,900 files, 512,000+ lines of code
Directory Structure
src/
├── main.tsx # Entrypoint (Commander.js-based CLI parser)
├── commands.ts # Command registry
├── tools.ts # Tool registry
├── Tool.ts # Tool type definitions
├── QueryEngine.ts # LLM query engine (core Anthropic API caller)
├── context.ts # System/user context collection
├── cost-tracker.ts # Token cost tracking
│
├── commands/ # Slash command implementations (~50)
├── tools/ # Agent tool implementations (~40)
├── components/ # Ink UI components (~140)
├── hooks/ # React hooks
├── services/ # External service integrations
├── screens/ # Full-screen UIs (Doctor, REPL, Resume)
├── types/ # TypeScript type definitions
├── utils/ # Utility functions
│
├── bridge/ # IDE integration bridge (VS Code, JetBrains)
├── coordinator/ # Multi-agent coordinator
├── plugins/ # Plugin system
├── skills/ # Skill system
├── keybindings/ # Keybinding configuration
├── vim/ # Vim mode
├── voice/ # Voice input
├── remote/ # Remote sessions
├── server/ # Server mode
├── memdir/ # Memory directory (persistent memory)
├── tasks/ # Task management
├── state/ # State management
├── migrations/ # Config migrations
├── schemas/ # Config schemas (Zod)
├── entrypoints/ # Initialization logic
├── ink/ # Ink renderer wrapper
├── buddy/ # Companion sprite (Easter egg)
├── native-ts/ # Native TypeScript utils
├── outputStyles/ # Output styling
├── query/ # Query pipeline
└── upstreamproxy/ # Proxy configuration
Core Architecture
1. Tool System (src/tools/)
Every tool Claude Code can invoke is implemented as a self-contained module. Each tool defines its input schema, permission model, and execution logic.
| Tool | Description |
|---|---|
BashTool |
Shell command execution |
FileReadTool |
File reading (images, PDFs, notebooks) |
FileWriteTool |
File creation / overwrite |
FileEditTool |
Partial file modification (string replacement) |
GlobTool |
File pattern matching search |
GrepTool |
ripgrep-based content search |
WebFetchTool |
Fetch URL content |
WebSearchTool |
Web search |
AgentTool |
Sub-agent spawning |
SkillTool |
Skill execution |
MCPTool |
MCP server tool invocation |
LSPTool |
Language Server Protocol integration |
NotebookEditTool |
Jupyter notebook editing |
TaskCreateTool / TaskUpdateTool |
Task creation and management |
SendMessageTool |
Inter-agent messaging |
TeamCreateTool / TeamDeleteTool |
Team agent management |
EnterPlanModeTool / ExitPlanModeTool |
Plan mode toggle |
EnterWorktreeTool / ExitWorktreeTool |
Git worktree isolation |
ToolSearchTool |
Deferred tool discovery |
CronCreateTool |
Scheduled trigger creation |
RemoteTriggerTool |
Remote trigger |
SleepTool |
Proactive mode wait |
SyntheticOutputTool |
Structured output generation |
2. Command System (src/commands/)
User-facing slash commands invoked with / prefix.
| Command | Description |
|---|---|
/commit |
Create a git commit |
/review |
Code review |
/compact |
Context compression |
/mcp |
MCP server management |
/config |
Settings management |
/doctor |
Environment diagnostics |
/login / /logout |
Authentication |
/memory |
Persistent memory management |
/skills |
Skill management |
/tasks |
Task management |
/vim |
Vim mode toggle |
/diff |
View changes |
/cost |
Check usage cost |
/theme |
Change theme |
/context |
Context visualization |
/pr_comments |
View PR comments |
/resume |
Restore previous session |
/share |
Share session |
/desktop |
Desktop app handoff |
/mobile |
Mobile app handoff |
3. Service Layer (src/services/)
| Service | Description |
|---|---|
api/ |
Anthropic API client, file API, bootstrap |
mcp/ |
Model Context Protocol server connection and management |
oauth/ |
OAuth 2.0 authentication flow |
lsp/ |
Language Server Protocol manager |
analytics/ |
GrowthBook-based feature flags and analytics |
plugins/ |
Plugin loader |
compact/ |
Conversation context compression |
policyLimits/ |
Organization policy limits |
remoteManagedSettings/ |
Remote managed settings |
extractMemories/ |
Automatic memory extraction |
tokenEstimation.ts |
Token count estimation |
teamMemorySync/ |
Team memory synchronization |
4. Bridge System (src/bridge/)
A bidirectional communication layer connecting IDE extensions (VS Code, JetBrains) with the Claude Code CLI.
bridgeMain.ts— Bridge main loopbridgeMessaging.ts— Message protocolbridgePermissionCallbacks.ts— Permission callbacksreplBridge.ts— REPL session bridgejwtUtils.ts— JWT-based authenticationsessionRunner.ts— Session execution management
5. Permission System (src/hooks/toolPermission/)
Checks permissions on every tool invocation. Either prompts the user for approval/denial or automatically resolves based on the configured permission mode (default, plan, bypassPermissions, auto, etc.).
6. Feature Flags
Dead code elimination via Bun's bun:bundle feature flags:
import { feature } from 'bun:bundle'
// Inactive code is completely stripped at build time
const voiceCommand = feature('VOICE_MODE')
? require('./commands/voice/index.js').default
: null
Notable flags: PROACTIVE, KAIROS, BRIDGE_MODE, DAEMON, VOICE_MODE, AGENT_TRIGGERS, MONITOR_TOOL
Key Files in Detail
QueryEngine.ts (~46K lines)
The core engine for LLM API calls. Handles streaming responses, tool-call loops, thinking mode, retry logic, and token counting.
Tool.ts (~29K lines)
Defines base types and interfaces for all tools — input schemas, permission models, and progress state types.
commands.ts (~25K lines)
Manages registration and execution of all slash commands. Uses conditional imports to load different command sets per environment.
main.tsx
Commander.js-based CLI parser + React/Ink renderer initialization. At startup, parallelizes MDM settings, keychain prefetch, and GrowthBook initialization for faster boot.
Tech Stack
| Category | Technology |
|---|---|
| Runtime | Bun |
| Language | TypeScript (strict) |
| Terminal UI | React + Ink |
| CLI Parsing | Commander.js (extra-typings) |
| Schema Validation | Zod v4 |
| Code Search | ripgrep (via GrepTool) |
| Protocols | MCP SDK, LSP |
| API | Anthropic SDK |
| Telemetry | OpenTelemetry + gRPC |
| Feature Flags | GrowthBook |
| Auth | OAuth 2.0, JWT, macOS Keychain |
Notable Design Patterns
Parallel Prefetch
Startup time is optimized by prefetching MDM settings, keychain reads, and API preconnect in parallel — before heavy module evaluation begins.
// main.tsx — fired as side-effects before other imports
startMdmRawRead()
startKeychainPrefetch()
Lazy Loading
Heavy modules (OpenTelemetry ~400KB, gRPC ~700KB) are deferred via dynamic import() until actually needed.
Agent Swarms
Sub-agents are spawned via AgentTool, with coordinator/ handling multi-agent orchestration. TeamCreateTool enables team-level parallel work.
Skill System
Reusable workflows defined in skills/ and executed through SkillTool. Users can add custom skills.
Plugin Architecture
Built-in and third-party plugins are loaded through the plugins/ subsystem.
Disclaimer
This repository archives source code that was leaked from Anthropic's npm registry on 2026-03-31. All original source code is the property of Anthropic.
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found