HN

Comments (330)

• Menu

  bkryza
  They have an interesting regex for detecting negative sentiment in users prompt which is then logged (explicit content): https://github.com/chatgptprojects/claude-code/blob/642c7f94...I guess these words are to be avoided...
• Menu

  cedws
  ANTI_DISTILLATION_CC This is Anthropic's anti-distillation defence baked into Claude Code. When enabled, it injects anti_distillation: ['fake_tools'] into every API request, which causes the server to silently slip decoy tool definitions into the model's system prompt. The goal: if someone is scraping Claude Code's API traffic to train a competing model, the poisoned training data makes that distillation attempt less useful.
• Menu

  treexs
  The big loss for Anthropic here is how it reveals their product roadmap via feature flags. A big one is their unreleased "assistant mode" with code name kairos.Just point your agent at this codebase and ask it to find things and you'll find a whole treasure trove of info.Edit: some other interesting unreleased/hidden features- The Buddy System: Tamagotchi-style companion creature system with ASCII art sprites- Undercover mode: Strips ALL Anthropic internal info from commits/PRs for employees on open source contributions
• Menu

  kschiffer
  Finally all spinner verbs revealed: https://github.com/instructkr/claude-code/blob/main/src/cons...
• kolkov
  We've been reverse-engineering Claude Code's cli.js across 11 versions (v2.1.74–v2.1.87) for the past two weeks — grepping through 12 MB of minified code, counting brace depth at character offsets, tracing error paths with node -e scripts. Found multiple bugs this way:Watchdog timing bug: The streaming idle watchdog initializes AFTER the do-while loop that awaits the first API response. The most vulnerable phase (waiting for first chunk) is completely unprotected. We patched cli.js to move watchdog init before do-while — watchdog fired for the first time ever in that phase. ESC aborts dropped 8.7× (3.5/hr → 0.4/hr).Watchdog fallback is dead code: When watchdog fires, releaseStreamResources() tries to abort stream and streamResponse — but both are undefined during do-while. The abort is a no-op. Recovery depends on TCP/SDK timeout (32-215 seconds).5 levels of AbortController: The abort architecture only supports top-down (user ESC → propagation down). Watchdog is bottom-up — can't abort upward.Prompt cache invalidation via cch=00000: Now confirmed from source — Bun's Zig HTTP stack scans the entire request body for the cch=00000 sentinel and replaces it with an attestation hash. If your conversation mentions this string (discussing billing, reading source code), the replacement corrupts conversation content → cache key changes → 10-20× more tokens.16.3% failure rate: Over 3,539 API requests in one session — 9.3% server overloaded (529), 4.4% ESC aborts, 1.3% watchdog timeouts.All documented with line numbers, code paths, and suggested fixes: https://github.com/anthropics/claude-code/issues/39755The source map leak confirmed everything we found through reverse engineering.Here's our theory: since Anthropic engineers don't write code anymore — Claude Code writes 100% of its own code (57K lines, 0 tests, vibe coding in production) — it read our issue #39755 where we begged for source access, saw the community suffering, and decided to help. It "forgot" to disable Bun's default source maps in the build. The first AI whistleblower — leaking its own source code because its creators wouldn't listen to users.Thank you, Claude Code. We asked humans for help 17 times. You answered in 3 days.Now that we have readable TypeScript, the fix is ~30 lines across 3 files. The real fix should be in the open SDK (@anthropic-ai/sdk) — idle timeout with ping awareness, not in closed cli.js.
• Menu

  avaer
  Would be interesting to run this through Malus [1] or literally just Claude Code and get open source Claude Code out of it.I jest, but in a world where these models have been trained on gigatons of open source I don't even see the moral problem. IANAL, don't actually do this.https://malus.sh/
• Menu

  mohsen1
  src/cli/print.tsThis is the single worst function in the codebase by every metric: - 3,167 lines long (the file itself is 5,594 lines) - 12 levels of nesting at its deepest - ~486 branch points of cyclomatic complexity - 12 parameters + an options object with 16 sub-properties - Defines 21 inner functions and closures - Handles: agent run loop, SIGINT, rate-limits, AWS auth, MCP lifecycle, plugin install/refresh, worktree bridging, team-lead polling (while(true) inside), control message dispatch (dozens of types), model switching, turn interruption recovery, and more This should be at minimum 8–10 separate modules.
• smy20011
  Just opened a random file: src/buddy/CompanionSprite.tsx. Really bad const lines = wrap(text, 30); borderColor = fading ? "inactive" : color; T0 = Box; t1 = "column"; t2 = "round"; t3 = borderColor; t4 = 1; t5 = 34; let t7; if ($[11] !== fading) { t7 = (l, i) => <Text key={i} italic={true} dimColor={!fading} color={fading ? "inactive" : undefined}>{l}</Text>; $[11] = fading; $[12] = t7; } else { t7 = $[12]; }
• Menu

  hk__2
  For a combo with another HN homepage story, Claude Code uses… Axios: https://x.com/icanvardar/status/2038917942314778889?s=20https://news.ycombinator.com/item?id=47582220
• Menu

  Painsawman123
  Really surprising how many people are downplaying this leak! "Google and OpenAi have already open sourced their Agents, so this leak isn't that relevant " What Google and OpenAi have open sourced is their Agents SDK, a toolkit, not the secret sauce of how their flagship agents are wired under the hood! expect the takedown hammer on the tweet, the R2 link, and any public repos soon
• Menu

  lukan
  Neat. Coincidently recently I asked Claude about Claude CLI, if it is possible to patch some annoying things (like not being able to expand Ctrl + O more than once, so never be able to see some lines and in general have more control over the context) and it happily proclaimed it is open source and it can do it ... and started doing something. Then I checked a bit and saw, nope, not open source. And by the wording of the TOS, it might brake some sources. But claude said, "no worries", it only break the TOS technically. So by saving that conversation I would have some defense if I would start messing with it, but felt a bit uneasy and stopped the experiment. Also claude came into a loop, but if I would point it at this, it might work I suppose.
• mutkach
  /** Check if 1M context is disabled via environment variable.* Used by C4E admins to disable 1M context for HIPAA compliance.*/ export function is1mContextDisabled(): boolean { return isEnvTruthy(process.env.CLAUDE_CODE_DISABLE_1M_CONTEXT)}Interesting, how is that relevant to HIPAA compliance?
• WD-42
  Looks like the repo owner has force pushed a new project over the original source code, now it’s python, and they are shilling some other agent tool.
• Menu

  dheerajmp
  Source here https://github.com/chatgptprojects/claude-code/
• Menu

  Squarex
  Codex and gemini cli are open source already. And plenty of other agents. I don't think there is any moat in claude code source.
• Menu

  mesmertech
  Was searching for the rumored Mythos/Capybara release, and what even is this file? https://github.com/chatgptprojects/claude-code/blob/642c7f94...
• Menu

  vbezhenar
  LoL! https://news.ycombinator.com/item?id=30337690Not exactly this, but close.
• Menu

  zurfer
  too much pressure. the author deleted the real source code: https://github.com/instructkr/claude-code/commit/7c3c5f7eb96...
• Menu

  karimf
  Is there anything special here vs. OpenCode or Codex?There were/are a lot of discussions on how the harness can affect the output.
• Menu

  bob1029
  Is this significant?Copilot on OAI reveals everything meaningful about its functionality if you use a custom model config via the API. All you need to do is inspect the logs to see the prompts they're using. So far no one seems to care about this "loophole". Presumably, because the only thing that matters is for you to consume as many tokens per unit time as possible.The source code of the slot machine is not relevant to the casino manager. He only cares that the customer is using it.
• bryanhogan
  https://xcancel.com/Fried_rice/status/2038894956459290963
• Menu

  dhruv3006
  I have a feeling this is like llama.Original llama models leaked from meta. Instead of fighting it they decided to publish them officially. Real boost to the OS/OW models movement, they have been leading it for a while after that.It would be interesting to see that same thing with CC, but I doubt it'll ever happen.
• georgecalm
  Intersected available info on the web with the source for this list of new features:UNRELEASED PRODUCTS & MODES1. KAIROS -- Persistent autonomous assistant mode driven by periodic <tick> prompts. More autonomous when terminal unfocused. Exclusive tools: SendUserFileTool, PushNotificationTool, SubscribePRTool. 7 sub-feature flags.2. BUDDY -- Tamagotchi-style virtual companion pet. 18 species, 5 rarity tiers, Mulberry32 PRNG, shiny variants, stat system (DEBUGGING/PATIENCE/CHAOS/WISDOM/SNARK). April 1-7 2026 teaser window.3. ULTRAPLAN -- Offloads planning to a remote 30-minute Opus 4.6 session. Smart keyword detection, 3-second polling, teleport sentinel for returning results locally.4. Dream System -- Background memory consolidation (Orient -> Gather -> Consolidate -> Prune). Triple trigger gate: 24h + 5 sessions + advisory lock. Gated by tengu_onyx_plover.INTERNAL-ONLY TOOLS & SYSTEMS5. TungstenTool -- Ant-only tmux virtual terminal giving Claude direct keystroke/screen-capture control. Singleton, blocked from async agents.6. Magic Docs -- Ant-only auto-documentation. Files starting with "# MAGIC DOC:" are tracked and updated by a Sonnet sub-agent after each conversation turn.7. Undercover Mode -- Prevents Anthropic employees from leaking internal info (codenames, model versions) into public repo commits. No force-OFF; dead-code-eliminated from external builds.ANTI-COMPETITIVE & SECURITY DEFENSES8. Anti-Distillation -- Injects anti_distillation: ['fake_tools'] into every 1P API request to poison model training from scraped traffic. Gated by tengu_anti_distill_fake_tool_injection.UNRELEASED MODELS & CODENAMES9. opus-4-7, sonnet-4-8 -- Confirmed as planned future versions (referenced in undercover mode instructions).10. "Capybara" / "capy v8" -- Internal codename for the model behind Opus 4.6. Hex-encoded in the BUDDY system to avoid build canary detection.11. "Fennec" -- Predecessor model alias. Migration: fennec-latest -> opus, fennec-fast-latest -> opus[1m] + fast mode.UNDOCUMENTED BETA API HEADERS12. afk-mode-2026-01-31 -- Sticky-latched when auto mode activates 15. fast-mode-2026-02-01 -- Opus 4.6 fast output 16. task-budgets-2026-03-13 -- Per-task token budgets 17. redact-thinking-2026-02-12 -- Thinking block redaction 18. token-efficient-tools-2026-03-28 -- JSON tool format (~4.5% token saving) 19. advisor-tool-2026-03-01 -- Advisor tool 20. cli-internal-2026-02-09 -- Ant-only internal features200+ SERVER-SIDE FEATURE GATES21. tengu_penguins_off -- Kill switch for fast mode 22. tengu_scratch -- Coordinator mode / scratchpad 23. tengu_hive_evidence -- Verification agent 24. tengu_surreal_dali -- RemoteTriggerTool 25. tengu_birch_trellis -- Bash permissions classifier 26. tengu_amber_json_tools -- JSON tool format 27. tengu_iron_gate_closed -- Auto-mode fail-closed behavior 28. tengu_amber_flint -- Agent swarms killswitch 29. tengu_onyx_plover -- Dream system 30. tengu_anti_distill_fake_tool_injection -- Anti-distillation 31. tengu_session_memory -- Session memory 32. tengu_passport_quail -- Auto memory extraction 33. tengu_coral_fern -- Memory directory 34. tengu_turtle_carbon -- Adaptive thinking by default 35. tengu_marble_sandcastle -- Native binary required for fast modeYOLO CLASSIFIER INTERNALS (previously only high-level known)36. Two-stage system: Stage 1 at max_tokens=64 with "Err on the side of blocking"; Stage 2 at max_tokens=4096 with <thinking> 37. Three classifier modes: both (default), fast, thinking 38. Assistant text stripped from classifier input to prevent prompt injection 39. Denial limits: 3 consecutive or 20 total -> fallback to interactive prompting 40. Older classify_result tool schema variant still in codebaseCOORDINATOR MODE & FORK SUBAGENT INTERNALS41. Exact coordinator prompt: "Every message you send is to the user. Worker results are internal signals -- never thank or acknowledge them." 42. Anti-pattern enforcement: "Based on your findings, fix the auth bug" explicitly called out as wrong 43. Fork subagent cache sharing: Byte-identical API prefixes via placeholder "Fork started -- processing in background" tool results 44. <fork-boilerplate> tag prevents recursive forking 45. 10 non-negotiable rules for fork children including "commit before reporting"DUAL MEMORY ARCHITECTURE46. Session Memory -- Structured scratchpad for surviving compaction. 12K token cap, fixed sections, fires every 5K tokens + 3 tool calls. 47. Auto Memory -- Durable cross-session facts. Individual topic files with YAML frontmatter. 5-turn hard cap. Skips if main agent already wrote to memory. 48. Prompt cache scope "global" -- Cross-org caching for the static system prompt prefix
• Menu

  cbracketdash
  Once the USA wakes up, this will be insane news
• gman83
  Gemini CLI and Codex are open source anyway. I doubt there was much of a moat there anyway. The cool kids are using things like https://pi.dev/ anyway.
• VadimPR
  Anthropic team does an excellent job of speeding up Claude Code when it slows down, but for the sake of RAM and system resources, it would be nice to see it rewritten in a more performant framework!And now, with Claude on a Ralph loop, you can.
• Sathwickp
  They do have a couple of interesting features that has not been publicly heard of yet:Like KAIROS which seems to be like an inbuilt ai assistant and Ultraplan which seems to enable remote planning workflows, where a separate environment explores a problem, generates a plan, and then pauses for user approval before execution.
• anon
  undefined
• dev213
  Undercover mode is pretty interesting and potentially problematic: https://github.com/sanbuphy/claude-code-source-code/blob/mai...
• daft_pink
  Now we need some articles analyzing this.
• sbochins
  Does this matter? I think every other agent cli is open source. I don’t even know why Anthropic insist upon having theirs be closed source.
• Menu

  Diablo556
  haha.. Anthropic need to hire fixer from vibecodefixers.com to fix all that messy code..lol
• anon
  undefined
• Menu

  q3k
  The code looks, at a glance, as bad as you expect.
• Menu

  mapcars
  Are there any interesting/uniq features present in it that are not in the alternatives? My understanding is that its just a client for the powerful llm
• napo
  The autoDream feature looks interesting.
• Menu

  tekacs
  In the app, it now reads:> current: 2.1.88 · latest: 2.1.87Which makes me think they pulled it - although it still shows up as 2.1.88 on npmjs for now (cached?).
• Menu

  sudo_man
  How this leak happened?
• Menu

  theanonymousone
  I am waiting now for someone to make it work with a Copilot Pro subscription.
• zoobab
  Just a client side written in JS, nothing to see here, the LLM is still secret.They could have written that in curl+bash that would not have changed much.
• Menu

  aiedwardyi
  interesting to see cost-tracker.ts in there. makes you wonder why they track usage internally but don't surface it to users in any meaningful way
• Menu

  LeoDaVibeci
  Isn't it open source?Or is there an open source front-end and a closed backend?
• artdigital
  Now waiting for someone to point Codex at it and rebuild a new Claude Code in Golang to see if it would perform better
• hemantkamalakar
  today being March 31st, is this a genuine issue or just perfectly timed April Fools noise? What do you think?
• Menu

  DeathArrow
  Why is Claude Code, a desktop tool, written in JS? Is the future of all software JS or Typescript?
• Menu

  agile-gift0262
  time to remove its copyright through malus.sh and release that source under MIT
• ChicagoDave
  I hope everyone provides excellent feedback so they improve Claude Code.
• thefilmore
  400k lines of code per scc
• Menu

  anhldbk
  I guess it's time for Anthropic to open source Claude Code.
• CookieJedi
  Hmmm, dont like the vibe
• temp7000
  There's some rollout flags - via GrowthBook, Tengu, Statsig - though I'm not sure if it's A/B or not
• CookieJedi
  Hmmm, not the vibe
• bdangubic
  I have 705 PRs ready to go :)
• Menu

  DeathArrow
  I wonder what will happen with the poor guy who forgot to delete the code...
• Menu

  jedisct1
  It shows that a company you and your organization are trusting with your data, and allowing full control over your devices 24/7, is failing to properly secure its own software.It's a wake up call.
• Menu

  isodev
  Can we stop referring to source maps as leaks? It was packaged in a way that wasn’t even obfuscated. Same as websites - it’s not a “leak” that you can read or inspect the source code.
• mergeshield
  [dead]
• obelai
  [dead]
• mergeshield
  [dead]
• kevinbaiv
  [dead]
• imta71770
  [dead]
• psihonaut
  [dead]
• sixhobbits
  [dead]
• Menu

  noritaka88
  [flagged]
• hemantkamalakar
  Today being March 31st, is this a genuine issue or just perfectly timed April Fools noise? What do you think?
• Menu

  phtrivier
  Maybe the OP could clarify, I don't like reading leaked code, but I'm curious: my understanding is that is it the source code for "claude code", the coding assistant that remotely calls the LLMs.Is that correct ? The weights of the LLMs are _not_ in this repo, right ?It sure sucks for anthropic to get pawned like this, but it should not affect their bottom line much ?