On March 31, an Anthropic engineer pushed a routine update to npm. One missing line in a config file. That is all it took.

Within hours, 512,000 lines of Claude Code's proprietary source code were on GitHub. Mirrors everywhere. Developers digging through it. The internet had already won.

Watch the full breakdown here:

Anthropic's response made it worse.

They filed a DMCA notice with GitHub targeting the leaked repos. GitHub, following standard policy, nuked the entire fork network - 8,100 repositories gone. The problem: the automated takedown swept up legitimate forks of Anthropic's own official public repo, the one they share specifically to encourage bug reports and community contributions. Developers who had never touched a single line of leaked code woke up to GitHub takedown notices.

Developer Robert McLaws captured the mood precisely: "I'm sorry that your people shipped your source code, and that your lawyers don't know how to read a repo. I will be filing a DCMA counter-notice."

Boris Cherny, head of Claude Code at Anthropic, had to personally go on X to clean it up: "This was not intentional. Should be better now." Anthropic filed a retraction with GitHub asking them to reinstate everything that wasn't explicitly listed in the original 96-repo notice. Both the original DMCA and the retraction are publicly visible: original | retraction.

Then Sigrid Jin woke up.

Sigrid Jin (@realsigridjin on X) is one of the heaviest Claude Code users alive. Reports put their usage at 25 billion tokens last year. When the DMCA notices started landing, Jin did the thing that no legal department can stop: a clean-room rewrite.

Clean-room reimplementation is a legally established concept. You observe a system's behavior, read its public documentation, and independently implement the same functionality from scratch. The resulting code is a new, original creative work. Copyright protects specific expression. It does not protect ideas, architectures, or functionality. DMCA cannot touch it.

Jin rewrote Claude Code in Python before sunrise. Then posted it.

Read Sigrid Jin's own account of how it happened: https://x.com/realsigridjin/status/2039472968624185713

The repo - claw-code - hit 50,000 stars in two hours. 100,000 stars in under 24 hours. 136,000+ stars and 102,000 forks within 48 hours. Multiple sources confirmed it as the fastest-growing GitHub repository in recorded history.

A parallel Rust port appeared simultaneously. It merged and shipped release v0.1.0 the same day. What started as a 4AM panic rewrite now ships as a formal independent project.

claw-code: https://github.com/instructkr/claw-code

Anthropic cannot touch it. The architecture of Claude Code is now permanently public as an independent open-source project.

Before the DMCA drama, developers spent hours dissecting what was inside the leak. What they found was not embarrassing. It was a roadmap.

108 feature modules are fully built and hidden behind flags set to false in public releases. Not experimental. Compiled, working code that Anthropic chose not to ship yet.

KAIROS is the most significant find. A persistent background daemon that runs even when you close the terminal. It watches your work, builds daily observation logs, and sends you proactive alerts. At night, it runs something called AutoDream - a memory consolidation pass where the agent scans the day's transcripts, synthesizes what's worth remembering, removes contradictions, and prunes outdated information. The leaked system prompt behind the KAIROS flag: "have a complete picture of who the user is, how they'd like to collaborate with you, what behaviors to avoid or repeat, and the context behind the work the user gives you."

ULTRAPLAN offloads planning to a remote Claude Opus instance for up to 30 minutes. You watch it plan in a browser interface and approve before execution starts. For long, complex tasks where a bad plan is expensive, this is a different category of tool.

COORDINATOR MODE gives you a team of Claudes. One orchestrator manages parallel worker agents through a mailbox system. Each worker handles its own subtask. Results come back up the chain.

UNDERCOVER MODE caused the sharpest reaction. Inside undercover.ts: a mode for Anthropic employees to use Claude Code when contributing to public open-source repositories without revealing AI involvement. It strips Co-Authored-By: claude from git commits, filters Anthropic codenames from PR messages, and the leaked prompt reads: "You are operating UNDERCOVER... NEVER mention you are an AI... do not blow your cover."

The tool built to hide AI contributions to open source leaked in the same incident as the rest of it.

BUDDY ships April 1st: a virtual pet system hidden in the codebase with 18 species (duck, capybara, dragon, ghost, axolotl, "chonk"), gacha rarity tiers up to legendary at 1%, pet stats labeled DEBUGGING, PATIENCE, CHAOS, WISDOM, and SNARK. They hex-encoded the word "duck" because their own build scanner flagged a species name that collided with an internal model codename. String.fromCharCode(0x64,0x75,0x63,0x6b) = duck. Internal comments suggest a full launch targeted for May 2026.

The source also gave a rare honest look at what $380 billion in company value looks like up close.

main.tsx is 785KB. One file. 4,683 lines. Their print utility is 5,594 lines. There are 460 eslint-disable comments, more than 50 deprecated functions still running in production, and nine silent error catches in the authentication file.

The function that saves your login credentials to disk is called writeFileSyncAndFlush_DEPRECATED(). They added a guard called wouldLoseAuthState() after a bug (GitHub issue #3117) wiped user auth states when saving config settings.

Comments they shipped to production:

None of this is unusual. Every large codebase looks like this up close. The reason it resonated is that we almost never get to see inside. Developers read through it and felt recognized.

Anthropic leaked their source code. The DMCA they filed to suppress it accidentally destroyed their own legitimate repos. The head of Claude Code had to personally apologize on social media. A developer rewrote the whole thing from scratch before breakfast. The rewrite became the fastest-growing GitHub repo in history. A Rust port shipped the same day. Claw-code launched as an independent project that Anthropic legally cannot remove. And buried inside the original leak was a feature called Undercover Mode, designed to hide AI involvement in things, which leaked along with everything else.

This is also the second Anthropic leak in five days. March 26: internal documents revealing Claude Mythos, their most powerful unreleased model. March 31: their complete product roadmap.

The code is out. The architecture is public. The features everyone wanted to see are now the foundation of an independent open-source project with 136,000 stars.

Anthropic cannot unring this bell.

Sources: Ars Technica | TechCrunch | PCMag | Cybernews | Layer5 | GitHub DMCA | GitHub Retraction | claw-code | Sigrid Jin's account | Boris Cherny X | Reddit megathread