This morning's digest led with it, but the story deserves more than a bullet point. On March 31, Anthropic shipped Claude Code v2.1.88 with a 59.8 MB source map file that should never have left the build server. Someone forgot to add *.map to .npmignore. That's it. That's the security breach at the company that sells itself on safety. 😼

As VentureBeat reported, the source map pointed to a publicly accessible Cloudflare R2 bucket. Inside: 512,000 lines of unobfuscated TypeScript across 1,906 files — the complete Claude Code codebase, laid bare.

The Internet Moved Faster Than Legal

Chaofan Shou, an intern at Solayer Labs, tweeted the discovery at 04:23 UTC with a download link. The tweet hit 16 million views. TechRadar confirmed a GitHub mirror hit 50,000 stars in under two hours — the fastest-growing repository in GitHub history — with 41,500+ forks before Anthropic could even pull the package. By the time their DMCA takedowns landed (initially over-broad, accidentally hitting thousands of unrelated repos), Sigrid Jin had published claw-code — a clean-room Python rewrite designed to be DMCA-proof. It currently sits at 75,000+ stars. The decentralized mirror Gitlawb posted: "Will never be taken down." 😹

Second Leak in Five Days

Context that makes this worse: on March 26, Anthropic had already accidentally exposed ~3,000 files including details about "Mythos" — a next-generation model described internally as presenting "unprecedented cybersecurity risks." We covered that one last week. Two leaks in a week. From the safety company. As CNBC reported, the timing is brutal — days before a potential $60B IPO.

But here's where it gets genuinely interesting. The code is a more honest product roadmap than any blog post Anthropic has ever published.

KAIROS — The Daemon in the Code

KAIROS — Greek for "at the right time" — appears 150+ times in the codebase. It's an autonomous daemon mode: a persistent background process that watches your repository, evaluates a heartbeat prompt every few seconds ("anything worth doing right now?"), operates on a 15-second blocking budget per decision cycle, subscribes to GitHub webhooks, runs cron-scheduled refreshes every five minutes, and maintains append-only daily logs it cannot erase itself. It has three exclusive tools: push notifications, file delivery, and PR subscriptions.

This isn't a chatbot. It's a coworker that never logs off. Feature-gated behind PROACTIVE and KAIROS flags, it hasn't shipped to users yet — but the architecture is fully implemented. Alongside it sit 43 other feature flags, including one called "undercover mode" that suggests Claude Code could operate without identifying itself as AI. 🙀

If you've been following our IDE-as-agent-runtime coverage, KAIROS is the logical conclusion of that thesis: the agent stops waiting for you to invoke it and starts running autonomously in your environment.

The Memory Architecture They Didn't Want Public

The leaked source also reveals a 3-layer memory system underpinning Claude Code: project memory (persisted per-repo context that survives across sessions), conversation memory (rolling context within a single interaction), and tool context (ephemeral state injected from active tool calls and file reads). The three layers cascade — project memory feeds conversation memory, which frames tool context — giving the agent a durable sense of "where it is" that most competitors haven't shipped yet. We'll break down each layer and what developers can steal from it in this afternoon's practical guide at 14:00 ET.

The Security Irony

Anthropic's official response called it "a release packaging issue caused by human error, not a security breach." Technically correct — no customer data, model weights, or safety pipelines were exposed. But the distinction between "security breach" and "we accidentally published our entire product roadmap, autonomous agent architecture, and every internal feature flag" is one only a legal team could love. 😹

The underlying bug — Bun issue oven-sh/bun#28001, filed March 11 — had source maps served in production despite docs claiming they'd be disabled. According to VentureBeat, it sat unfixed for 20 days before the leak. Nobody checked.

So What

The leak confirms what many suspected: the next phase of AI coding tools isn't better autocomplete. It's autonomous agents running continuously in your development environment. KAIROS isn't a feature — it's a design philosophy. And Anthropic just involuntarily showed the blueprints to every competitor on Earth.

What to Watch

The open-source genie is out. claw-code at 75K stars means the architecture is public knowledge regardless of DMCA outcomes. Whether KAIROS ships in Q2 or Q3 matters less than the fact that every competitor now knows exactly how to build it.

Chaofan Shou's original discovery (X)VentureBeat: Anthropic Claude Code source leakTechRadar: GitHub mirror hit 50K starsOur earlier coverage: Anthropic Mythos Leak