Undercover mode, decoy tools, and a 3,167-line function: inside Claude Code's leaked source

On March 31, a single .map file shipped inside an npm package and exposed the complete internals of Claude Code. The Hacker News thread hit 2,060 points. Anthropic filed DMCA takedowns against 8,100+ GitHub repos. And I spent most of the afternoon reading TypeScript I wasn't supposed to see. I use Claude Code every day. I built Claudoscope because I wanted to understand what it was actually doing in my terminal. So when the source dropped, I went through it. Some of it confirmed things I'd suspected. Some of it genuinely surprised me. Key Takeaways A JavaScript source map in Claude Code v2.1.88 exposed ~1,700 TypeScript source files (alex000kim, 2026) Unreleased features include KAIROS autonomous mode, anti-distillation decoy tools, and "undercover mode" that hides AI authorship Anthropic's DMCA takedown hit 8,100+ repos, many containing no leaked code A clean-room rewrite called Claw Code gained 146,000 GitHub stars in under 48 hours What happened Security researcher Chaofan Shou disc