Someone reverse-engineered Anthropic's proprietary Claude Code CLI from its compiled npm bundle. They used Claude itself to do it. Published April 1st. 3.6k stars. 4.7k forks. In 15 hours.
The author left a note in the README: "I don't know how long this project will exist. Fork doesn't work well — git clone is more stable." Translation: DMCA imminent.
I cloned it immediately. Spent several hours auditing 3,817 files across 62 source directories. Here's what's actually inside — and why this is different from any source leak you've seen before.
This Isn't a Sourcemap Leak — It's Stranger
When developers hear "source leak," they assume accidentally shipped .map files alongside minified JS. The standard accidental disclosure. I checked the official @anthropic-ai/claude-code npm package for exactly that — nothing. Anthropic shipped clean.
What actually happened here is more interesting:
- Decompile the 25MB official npm bundle using standard reverse tools
- Feed the decompiled output into 4 rounds × 7 parallel Claude agents to reconstruct TypeScript types, interfaces, and file structure
- The result had 1,341 type errors — not unusual for AI-reconstructed code
- Run another round of Claude agents specifically to fix type errors → zero remaining
- Auto-generate 1,206 stubs for Anthropic's private internal packages (the ones not in the npm bundle)
- Run
bun run dev— it boots, connects to the real Anthropic API, and prints version2.1.87
They used Claude to rebuild Claude from Claude's own compiled output. The recursion is real.
The repository includes a RECORD.md file documenting the entire process, including the developer's machine path: /Users/konghayao/code/ai/claude-code. The original author is konghayao, and they documented every step of the methodology with enough detail that the reconstruction is reproducible.
30 Hidden Feature Flags Nobody Knew About
This is the finding that stops you cold. Inside the entry point, a single polyfill replaces the entire feature-flagging system:
const feature = (_name: string) => false;
Every feature check in the codebase calls feature("FLAG_NAME"). That one function controls all of them. And there are 30 named flags gating production-ready code that ships with every install — just silently disabled.
These aren't placeholder stubs. They're connected to real UI flows, real API calls, real session management. The code is finished. The flag just says no.
Here's what's waiting:
KAIROS — The always-running autonomous agent. Designed to operate indefinitely in the background. Sends push notifications when it needs a human decision, drops completed files when done, and resumes automatically. This is the "AI that works while you sleep."
DAEMON + BRIDGE_MODE — Claude Code restructured as a persistent background service with a remote command interface. Clients connect to the daemon and issue commands. Multiple Claude instances on the same machine, all orchestrated through a single process.
BG_SESSIONS — Background session management with a full lifecycle API: ps (list active sessions), logs (stream output), attach (drop in), kill (terminate). tmux for AI agents.
SSH_REMOTE — claude ssh <host>. Issue Claude commands directly to a remote machine. Not a terminal emulator. Claude Code itself, running headless on the remote server, controlled from your local terminal.
FORK_SUBAGENT — Mid-task state cloning. While Claude is doing something complex, you fork the current agent. The fork starts in the exact same state. Both continue independently. You can compare results or parallelize subtasks.
COORDINATOR_MODE — One Claude orchestrating a fleet of Claude workers. The coordinator breaks down work, assigns it, aggregates results. Multi-agent inside a single project, without you managing anything.
VOICE_MODE — Push-to-talk integration. Already wired up. Just needs the flag flipped and a microphone to be useful. The UI code is there.
KAIROS_GITHUB_WEBHOOKS — Claude subscribes to your repository's PR events. Commit pushed? Review requested? Claude wakes up, processes the event, and takes configured actions in real time — without you opening a terminal.
ULTRAPLAN — An extended planning mode distinct from the current plan mode. The source suggests it enables significantly longer-horizon task decomposition, likely for multi-session project work.
WEB_BROWSER_TOOL — A browsing capability directly inside Claude Code. Not scraping. A real browser tool, integrated into the agent's tool loop.
PROACTIVE — Claude monitors context and responds to things without being asked. Detects patterns, flags issues, suggests actions before you request them.
BUDDY — Multi-instance collaborative mode. Two Claude instances working on the same codebase simultaneously, with session awareness of each other.
DIRECT_CONNECT — Peer-to-peer tunnel between Claude Code instances. Skip the daemon; connect two agents directly.
TORCH and LODESTONE — Undocumented. Based on the code context, these appear to be infrastructure flags for internal Anthropic deployment tooling. The names suggest something directional — LODESTONE typically means a navigational reference point.
None of this was on any roadmap. None of it was announced. All of it shipped with @anthropic-ai/claude-code@2.1.87.
The Architecture Explains Why the Gap Is Unbridgeable
The permission system alone is 6,300 lines of TypeScript.
It includes a YOLO classifier — a component that evaluates whether a given shell command is safe to auto-execute without asking. It factors in command type, path context, recent session history, and risk heuristics. Then decides: ask the user, execute automatically, or block.
The three operating modes (plan, auto, manual) aren't UI toggles. They're deeply wired into the execution loop with different code paths for each. Switching modes mid-session is a state transition, not a preference change.
The streaming query loop is 1,700 lines. It simultaneously manages:
- Token budget tracking and soft/hard limit behavior
- Session auto-compaction when context fills (preserves working set, discards old context)
- Multi-tool call attribution (knows which tool call produced which output)
- Partial response streaming with backpressure
- Interrupt handling at the right mid-execution points
Every session is serialized to disk as a JSONL artifact. This single design decision enables everything else:
-
/resumebrings back any session from any device - Sessions survive machine reboots and crashes
- FORK_SUBAGENT works because the state is just a file — you copy it
- The QR code teleport feature (found in the source) works by sharing the session artifact path
There are no open-source coding agents with this infrastructure. The closest alternatives have single-session architectures. Claude Code treats sessions as first-class long-lived objects.
What the Decompiled Comments Exposed
Minification strips variable names and whitespace. It doesn't touch code comments. The 25MB bundle shipped with every comment that was present at compile time.
6 internal Anthropic Slack channel links — full https://anthropic.slack.com/archives/CHANNEL_ID/p... permalinks preserved in comments. These are engineering discussion threads that the comment author left as references. The channel IDs are: C07VBSHV7EV, C06FE2FP0Q2, C0AHK9P0129, C093BJBD1CP, C08428WSLKV, C093UA0KLD7.
Production OAuth CLIENT_ID: 9d1c250a-e61b-44d9-88ed-5944d1962f5e
Staging CLIENT_ID: 22422756-60c9-4084-8eb7-27705fd5cf9a
Staging infrastructure domains:
-
platform.staging.ant.dev(Anthropic's internal shorthand domain for staging) api-staging.anthropic.comclaude-ai.staging.ant.dev
US Federal Government instance: claude.fedstart.com — a separate Claude deployment for FedRAMP-compliant government customers. There's also claude-staging.fedstart.com for the staging layer of that deployment.
Private GitHub issues up to #30,912 — comments referencing internal GitHub issues confirm the private anthropics/claude-code repository is enormous, with tens of thousands of internal issues the public never sees.
Everything came from comment strings the minifier preserved verbatim.
The Strategic Moat Is a Boolean
if (process.env.USER_TYPE === 'ant') {
// full feature access
}
Anthropic engineers run the exact same binary as every Pro or Max subscriber. Same npm package. Same version number. But with USER_TYPE=ant set in the environment, every feature flag in that polyfill becomes true.
They've been using KAIROS, DAEMON, and COORDINATOR_MODE internally for months — possibly longer. The code is mature. It has edge case handling, error recovery, retry logic. This isn't prototype code. It's been running in production for Anthropic's own engineers.
When these features ship publicly, there's zero migration cost. The install artifact is identical. The flag just flips.
GrowthBook — not Statsig, not LaunchDarkly — manages the rollout. Found GrowthBook integration in the source confirms the rollout mechanism: percentage-based progressive rollout, starting with 1% of Pro users, expanding to 10%, then everyone. Silent A/B testing against power users before broad launch.
When KAIROS ships broadly:
- Your Claude instance runs in the background indefinitely
- It sends you a push notification when it needs a human decision
- You approve or redirect
- It continues
- You come back an hour later and the feature branch is done, the tests pass, the PR is open
That's not science fiction. That's the code that ships today, gated behind a single function returning false.
What Comes Next
The DMCA will arrive. The repo link in this article may already be dead when you read it.
But the knowledge doesn't go away. The 30 feature flags now have names. The architecture is documented. The staging infrastructure is mapped. The rollout mechanism is understood.
When Anthropic announces KAIROS or DAEMON publicly, you'll know exactly what you're getting — because you've already read the code.
git clone https://github.com/claude-code-best/claude-code
# 32MB. 3,817 files. 62 directories.
# The DMCA will come. Fork before it does.
The repo may not survive the week. The insights from the source will outlast it.
Top comments (0)