InvestMarketplaceEquityNews
Claude Code's leaked source code revealed some features Anthropic wasn't ready to share yet
Company Updates

Claude Code's leaked source code revealed some features Anthropic wasn't ready to share yet

XDA-Developers12d ago

Claude Code's been what everyone's talking about lately. Anthropic is relentlessly updating it with new features, to the point where it's genuinely difficult to keep up with! Of course, this also means they're working behind the scenes on plenty of features that haven't seen the light of day yet. Well, thanks to an accident that ended up with Claude Code's entire source code online, we now know exactly what some of those are.

Claude Code's source code was recently leaked

Wait, what even happened?

On March 31st, a researcher happened to notice that Anthropic had accidentally shipped a source map file inside Claude Code's npm package. If you aren't familiar with what a source map file or npm package is, let's quickly break it down. An npm registry is basically where all of JavaScript lives and where developers publish and download packages. When you publish a package to npm, a source map file is generated. This is a file that essentially acts as a bridge between internal unreadable code that gets shipped to users and the clean, original source code that developers actually write.

Want to stay in the loop with the latest in AI? The XDA AI Insider newsletter drops weekly with deep dives, tool recommendations, and hands-on coverage you won't find anywhere else on the site. Subscribe by modifying your newsletter preferences!

This file allows the original code to be reconstructed from the minified version, which is incredibly useful for debugging. However, it is strictly meant to stay internal. In this case, it accidentally shipped publicly during a routine Claude Code update. The 60MB source map file contained almost two thousand files and around 512,000 lines of TypeScript! A security researcher spotted this and immediately shared it via his X account. It didn't take long for the post to go absolutely viral (and has 35.2M views at the time of writing). What followed after isn't really surprising.

Thousands of developers downloaded the code, decompiled it, began analyzing it, and documented detailed breakdowns of what they found within. Boris Cherny, the creator of Claude Code, also acknowledged the leak and clarified that it was due to developer error. He shared that there was a manual deploy step that should have been better automated, and that mistakes happen.

An always-on, proactive AI agent called Kairos

An AI agent that works while you sleep

The most interesting unreleased feature that was spotted in the Claude Code source code was an always-on agent called Kairos. Rather than a typical AI agent that waits for your input to tell it what to do, Kairos is designed to observe and log actions in the background, and then proactively step in when it decides something needs to be done without you ever having to ask. The agent runs in the background 24/7, and receives a recurring check-in asking if Kairos has anything worth doing right now. If it does, it decides if it should go ahead and do the task or not.

The way it comes to this decision is also pretty interesting. It checks whether the action would block your workflow for more than fifteen seconds. If it would, the task gets deferred to later so it never gets in your way while you're actively working. Now, the tasks that this agent is capable of doing don't seem to be any different from what regular Claude Code can already do like fixing errors, updating files, running commands, and so on.

The difference is that Kairos does them on its own. However, it does get a few exclusive tools that regular Claude Code doesn't have: push notifications so it can reach you on your phone or desktop, file delivery so it can send you things it created unprompted, and pull request subscriptions so it can watch your GitHub and react to code changes autonomously. It also keeps daily logs of everything it notices, decides, and actually does.

Cherny responded to a post where someone was breaking down Kairos and said that they're still on the fence about the feature. All that said, while I can already think of endless ways Kairos could be useful, I'd be lying if I said the idea of an AI agent silently doing things in the background doesn't make me uneasy. For example, someone at Meta had an OpenClaw agent go rogue and delete her entire inbox (even after she explicitly told it to stop). That was something that happened even with someone actively watching! Kairos, by design, is meant to run while you're not!

Auto Dream

Turns out AI tools can dream too

A feature that's closely linked to Kairos is Auto Dream. Now, I do need to note here that the feature seems to be in a weird in-between phase. Claude Code users have been talking about the feature for a while now on different community forums, and some users have also noted that the toggle for it actually shows up in the tool's /memory menu. However, the /dream command itself doesn't work for most users and returns "Unknown skill" when executed. That said, the leaked source code did share a pretty clear picture of what the feature is meant to do.

Before we talk about the Auto Dream feature, let's quickly look at its existing Auto Memory feature that lets the tool take its own notes during sessions. Auto Dream is seemingly a layer on top of Auto Memory and is a background subagent designed to periodically clean all the accumulated notes up in the background. It works in four stages: Orient, Gather, Consolidate, and Prune. First, it surveys the existing memory structure to understand what's there. Then, it does a targeted search for high-value signals. Next comes the actual consolidation: resolving contradictions, merging duplicate entries, pruning references to deleted files, and converting relative dates like "yesterday" into absolute timestamps so they stay meaningful weeks later.

Finally, it rebuilds the memory index and ensures the context is stored in an efficient manner. Based on the code, the feature seems to be gated behind a flag called tengu_onyx_plover and triggers automatically when two conditions are met: at least 24 hours have passed since the last consolidation cycle, and at least 5 sessions have occurred since then. It also can't write, redirect, or modify anything outside of memory files. There's also a lock file mechanism to prevent multiple consolidation processes from running at the same time if anything goes wrong mid-cycle.

The leak also revealed two features that are now live...sort of

One of them lasted just eight days

Anthropic moves extremely fast, and has been dropping multiple features weekly. So, it's no surprise at all that two features that the Claude Code source code leaked have already officially shipped since then: Ultraplan and Buddy. Ultraplan was found in the leaked code as a mode that offloads complex planning tasks to a remote cloud session running Opus 4.6 for up to 30 minutes. The shipped version is the same core idea and lets you kick off a planning session from your command line interface, and it then drafts in the cloud while your terminal stays free.

You then review and approve the plan in your browser before deciding where to execute it. The feature I was more excited about, though, was slightly silly! It was spotted in the leak and was meant to be an April Fools' easter egg. The source code ended up ruining Anthropic's surprise, and it went live on the 1st of April. Unfortunately, it was also quietly removed just eight days later with no announcement. Buddy was a full Tamagotchi-style virtual pet system where your species was automatically assigned based on your user ID.

Subscribe to the newsletter for inside AI feature intel

Stay informed by subscribing to the newsletter for clear, expert breakdowns of AI feature reveals, source-code leaks, and what they mean for developers. Subscribe to get focused coverage and thoughtful analysis on these AI developments.

Get Updates

By subscribing, you agree to receive newsletter and marketing emails, and accept our Terms of Use and Privacy Policy. You can unsubscribe anytime.

There were eighteen different species, and every buddy had different stats like Debugging, Chaos, and Snark. Claude generated a custom name and personality on first hatch, and the little companion would sit beside your input box and occasionally comment in a speech bubble. I've always been a fan of VS Code's Pets extension, so seeing something similar built directly into a coding tool was genuinely a delight. You could pull up the feature using the /buddy slash command. I absolutely loved the feature, and I'm bummed it went away so quickly. Here's to hoping Anthropic decides to bring it back permanently.

What we're using today is just the beginning

Claude Code's source code leaking is certainly interesting. For a company that positions itself as the safety-first AI lab, accidentally shipping your entire codebase in just over a year isn't a great look. Either way, what the leak revealed is far more interesting than the leak itself.

Originally published by XDA-Developers

Read original source →
AnthropicCHAOS