📖 Read Online: https://anneheartrecord.github.io/claude-code-docs/
In March 2026, someone discovered that Anthropic's Claude Code client package published on npm included sourcemap files.
Sourcemaps are debug-aid files generated by frontend build tools that record the mapping between compiled code and original source. They should be excluded during publishing, but Anthropic's build pipeline missed this step.
The complete TypeScript source was reverse-engineered. 515,000 lines of code, 2,766 files.
To be clear: only the client-side code was leaked. Claude Code uses a standard client-server architecture. The client runs in your terminal, handling user interaction, tool execution, permission management, and context assembly. The server is Anthropic's API, handling model inference. The model itself and server-side logic were not leaked.
But the client-side code is valuable enough. The core competitive advantage of an Agent product lies not in model invocation itself, but in how to safely, efficiently, and reliably unleash model capabilities. This is the domain of Harness Engineering, and the client code is the complete Harness implementation.
Ironically, based on git history, this code was most likely written by AI itself. All 20 commits are from a single user claude-code-best, three commits include Co-Authored-By: Claude Opus 4.6. 515,000 lines compiled with zero errors on the first try. AI wrote the functionality flawlessly, but tripped on a basic publishing configuration detail.
I used Claude Code to systematically analyze this source, module by module, producing 13 technical documents in both Chinese and English.
From architecture design to the six-phase Agent loop implementation, from the three-tier message compaction system to the 6,300-line permission system, from five-layer memory loading to the 40+ tool execution pipeline. I also extracted Anthropic's unreleased feature roadmap from 82 feature flags: Kairos autonomous mode, Context Collapse, Voice Mode.
The final documents include my own analysis: whether this code is truly valuable, how engineers should do Code Review in the AI Coding era, and what clues the source reveals about Claude's account ban mechanism.
Target Audience: Engineers building Agent products, developers interested in AI Agent architecture, anyone wanting to understand how a top-tier Agent system is engineered for production. Non-technical readers can also gain insights into how Agent products work and industry trends.
| Document | Content |
|---|---|
| 01-Architecture Overview | Overall architecture, tech stack, core files, complete request journey |
| 02-Value Debate | Artifact vs Harness capability, two perspectives, code is snapshot capability is dynamic |
| Document | Content |
|---|---|
| 03-Agent Loop | Six-phase ReAct loop, AsyncGenerator design, state management, thinking chain preservation |
| 04-Context Engineering | System prompt construction, CLAUDE.md loading, layered priorities, prefetch caching, prompt cache optimization |
| 05-Compaction System | Three-tier compaction: microcompact, session memory, full compact, circuit breaker, recursion guard |
| 06-Permission System | Three-mode permissions, YOLO classifier, 42 interception rules, filesystem sandbox, dangerous rule stripping |
| 07-Memory System | Five-layer memory loading, @include directives, MEMORY.md management, session memory |
| 08-Tools & Skills | 40+ tool registry, execution pipeline, pre/post hooks, skill fork mechanism |
| 09-MCP Integration | Six transport protocols, OAuth, seven config scopes |
| Document | Content |
|---|---|
| 10-Future Features | 82 feature flags decoded, Kairos autonomous mode, Context Collapse, voice mode |
| 11-AI Code Review | Individual/team/CICD three-layer review paradigm, Review Agent concept |
| 12-Agent Security Design | Three-layer defense system, L0-L4 security maturity model, practical guide |
| 13-Source Code Findings | AI engineering blind spots, production incidents, Claude ban mechanism analysis |
The source repo can be cloned and run directly:
git clone https://github.com/anthropics/claude-code.git
cd claude-code
bun install
bun run build
# ✓ Bundled 5344 modules in 554ms
# cli.js 25.89 MB
bun run dev --version
# 2.1.888 (Claude Code)| Metric | Data |
|---|---|
| Codebase | 515,498 lines TypeScript/TSX |
| Files | 2,766 |
| Build Output | 25.89 MB, 5,344 modules |
| Built-in Tools | 40+ |
| Feature Flags | 82 |
| Permission Rules | 42 hardcoded dangerous patterns |
| Compaction Threshold | Context window - 13,000 tokens |
| Dependencies | 583 packages |
This repository contains technical analysis documentation only, not Claude Code source code itself. Analysis is based on publicly accessible sourcemap-reconstructed code.
MIT