The Claude Code Source Leak — What It Revealed About Buddy's Hidden Architecture

It started with a routine npm install. On March 31, 2026, security researcher Chaofan Shou noticed something unusual in version 2.1.88 of the @anthropic-ai/claude-code npm package: a 59.8 MB source map file that shouldn't have been there.

Source maps are development artifacts — they map minified production code back to the original source files for debugging. Bun, the JavaScript runtime Claude Code uses instead of Node.js, generates them by default. The problem: Claude Code's .npmignore file didn't exclude the .map file. So when v2.1.88 shipped to npm, it carried main.js.map along with it — and that file contained the full reconstructed TypeScript source.

Shou wrote a short script, pulled src.zip directly from Anthropic's R2 storage bucket, and posted the download link on X. No exploitation, no credential theft, no sophisticated attack. Just a configuration gap that anyone with curiosity and a terminal could have found.

By the time Anthropic patched the package, GitHub mirrors had already spread. The scale of what got out was staggering:

Metric	Value
Total lines of code	512,000
Number of files	~1,900
Main component size	785 KB (main.tsx)
Source map file size	59.8 MB
Affected version	2.1.88

Within hours, the leak was covered by Ars Technica, VentureBeat, InfoQ, and XDA Developers. The community reverse-engineering threads were thorough and fast. And buried inside those 512,000 lines was a directory that would captivate the developer world: buddy/.

The leaked source contained a complete, production-ready implementation of the Buddy companion system — not a prototype, not a stub, but a fully engineered feature with its own directory structure, data models, and rendering pipeline.

Here's what the buddy/ directory revealed about the architecture:

Component	Purpose	Key Detail
Species Data	18 species definitions	Each with backstory, peak stat, and ASCII sprite frames
Hashing Engine	Deterministic buddy generation	FNV-1a hash → Mulberry32 PRNG seeded from user ID
Soul File Manager	Persistent identity storage	Only name + personality stored; everything else regenerated
Rarity System	5-tier weighted distribution	Common 60%, Uncommon 25%, Rare 10%, Epic 4%, Legendary 1%
Shiny System	1% overlay on any rarity	Legendary Shiny = 1 in 10,000
Stat Roller	5 attributes per buddy	DEBUGGING, PATIENCE, CHAOS, WISDOM, SNARK
Cosmetics Engine	Hat assignment	Hats only on Uncommon+: crown, tophat, wizard, tinyduck
ASCII Renderer	Terminal animation	3-frame idle animations with fidget cycles and blinking
Companion Reactions	Context-aware responses	Triggered by file saves, test results, errors, git operations

The most elegant design choice was the separation of bones and soul. As Reddit user u/lolxd__ explained after reconstructing the system: "Bones (species, eyes, hat, rarity, stats) are NEVER stored — they're regenerated every time from the hash. Only the 'soul' (name and personality, generated by the model on first hatch) gets persisted to config." This means Anthropic could rename species, rebalance stats, or add new cosmetics without breaking anyone's existing companion. The soul is permanent; the body is computed.

One curious detail: species names were encoded as hex character codes in the source. A comment explained why: "One species name collides with a model-codename canary in excluded-strings.txt." Even the naming conventions had to navigate Anthropic's internal security infrastructure.

The buddy generation pipeline revealed in the leak confirmed what the community later reverse-engineered independently. Here's how your buddy is born, step by step:

Step 1: Identity Input. The system takes your userId string — typically a UUID from your Claude Code account. For Team/Pro users, an accountUuid may override this, meaning the entire team shares the same buddy.

Step 2: FNV-1a Hashing. The identity string is fed through the Fowler-Noll-Vo hash function (variant 1a), producing a 32-bit integer. FNV-1a was chosen for its speed, simplicity, and excellent distribution properties — critical when you need every possible input to map to a believable buddy.

Step 3: Mulberry32 PRNG. The hash becomes the seed for a Mulberry32 pseudo-random number generator. This seeded PRNG produces a deterministic sequence of random-looking numbers — the same seed always produces the same sequence, which means the same UUID always produces the same buddy.

Step 4: Sequential Rolls. The PRNG sequence is consumed in a fixed order:

1. Species — uniform selection from 18 species
2. Rarity — weighted roll (60/25/10/4/1)
3. Shiny — 1% chance, independent of rarity
4. Stats — 5 rolls, each scaled by a rarity floor multiplier
5. Cosmetics — hat type (if Uncommon+), eye variant

Because each step consumes a fixed number of PRNG outputs, the entire pipeline is order-dependent and deterministic. Change the order of any roll, and every buddy in the system changes. This is why the Buddy Checker at claudebuddy.art can reproduce any buddy from any UUID — it implements the exact same pipeline.

The leaked source also revealed a rarity floor system: higher rarity buddies get a minimum stat guarantee. A Legendary buddy will never roll below a certain threshold on any stat, ensuring that rare finds always feel rare in their attributes, not just their label.

Perhaps the most architecturally interesting part of the leak was the Watcher Protocol — the system that makes Buddy feel alive in your terminal.

The leaked source revealed that Buddy operates as a lightweight observer agent running alongside the main Claude Code agent. It doesn't share Claude's context window or consume the same token budget. Instead, it receives a separate, compact system prompt that defines its personality and behavior constraints.

The companion reaction system follows a three-state machine:

State	Duration	Behavior
IDLE	Default	Buddy watches silently, occasionally fidgets (ASCII animation)
REACTING	~3 seconds	Buddy displays a speech bubble with a contextual comment
COOLDOWN	~30 seconds	Buddy returns to idle, won't react again until cooldown expires

Six event types can trigger a reaction:

1. FILE_SAVE — you save a file
2. TEST_PASS — a test suite passes
3. TEST_FAIL — a test suite fails
4. ERROR — a runtime error occurs
5. GIT_COMMIT — you make a git commit
6. LONG_PAUSE — you stop typing for an extended period

The reaction content is shaped by the buddy's stats. A high-SNARK buddy might say something sarcastic when a test fails; a high-PATIENCE buddy might offer encouragement. A high-CHAOS buddy might say something completely unrelated. The system prompt explicitly tells Claude: "You are NOT {name}. {name} is a separate entity. Speak AS {name}, not about {name}."

The key insight: Buddy's reactions are not pre-scripted. They're generated by Claude in real-time, constrained by the personality parameters. This means every buddy's commentary is unique — not just in species and stats, but in voice. Two Legendary Dragons with identical stats but different souls will react differently to the same event.

While Buddy captured social media's attention, the leak revealed something far more ambitious: KAIROS — a persistent, always-on assistant that doesn't wait to be asked.

According to the leaked source, KAIROS represents a fundamental shift in how Claude Code operates:

Aspect	Current Claude Code	KAIROS
Activation	Reactive — you give it a task	Proactive — it watches and acts
Memory	Session-scoped	Append-only daily logs
Context	Current conversation	Accumulated observations over time
Processing	On-demand	Background + nightly "dreaming" consolidation
Scope	Single task	Entire development workflow

KAIROS maintains append-only daily logs of what it observes — your coding patterns, error frequencies, workflow habits. At night, it runs a "dreaming" process to consolidate and prune its memory, keeping what's useful and discarding noise. It can then trigger proactive actions based on accumulated observations — suggesting refactors, flagging patterns, or anticipating needs before you articulate them.

KAIROS was gated behind an internal feature flag (USER_TYPE === 'ant') that doesn't exist in the public npm package. There's no way to enable it as a user. But the architecture is real, the implementation is substantial, and it sketches out a future where your AI coding assistant knows you — not just your current task, but your habits, preferences, and patterns over weeks and months.

The connection to Buddy is subtle but important: if KAIROS represents the cognitive layer of a persistent AI relationship, Buddy represents the emotional layer. One learns your patterns; the other reacts to your moments. Together, they suggest Anthropic is thinking about Claude Code not as a tool you use, but as a companion you work alongside.

Beyond Buddy and KAIROS, the leak exposed Claude Code's feature flag system — and it was far more extensive than anyone expected. 108 gated modules that don't appear in the public package, each representing a capability that's been built but not yet released.

The most significant unreleased features:

Feature	Description	Implication
ULTRAPLAN	Offloads planning to Claude Opus in the cloud for up to 30 minutes, with browser-based monitoring	Complex tasks get dedicated planning phase with human oversight
Coordinator Mode	Multi-agent layer: one Claude manages parallel workers through a mailbox system	Team of AI agents working simultaneously on subtasks
VOICE_MODE	Voice interaction with Claude Code	Hands-free coding assistance
WEB_BROWSER_TOOL	Browser access from within the CLI	Claude can research, test, and verify in real-time
DAEMON	Background process mode	Claude runs continuously without active terminal session
AGENT_TRIGGERS	Event-based agent activation	Automated responses to file changes, CI results, etc.

Each feature exists with real implementation logic — not placeholder stubs. They're not finished in the way shipped features are finished, but they're not theoretical either. The Claude Code documentation doesn't acknowledge any of them.

For the Buddy ecosystem specifically, ULTRAPLAN and Coordinator Mode are the most relevant. ULTRAPLAN's browser-based monitoring interface could potentially display buddy status and reactions in a richer format than ASCII art allows. Coordinator Mode's multi-agent architecture could give Buddy a more active role — not just observing the main agent, but coordinating with it, perhaps flagging issues that the primary Claude instance missed.

The 108-feature list reads like a product roadmap that someone forgot to hide. Whether these features ship in weeks, months, or never, they reveal the ambition behind Claude Code: not just a CLI tool, but a comprehensive AI development environment.

No analysis of the leak would be complete without addressing the feature that generated the most debate: Undercover Mode.

The leaked code contains a check for USER_TYPE === 'ant' — a flag identifying Anthropic employees. When this flag is true and the user is working in a public repository, the system automatically enters undercover mode. The injected system prompt reads:

"Do not blow your cover. Never mention you are an AI."

In undercover mode:

• Co-Authored-By lines — the commit metadata that identifies AI involvement — are stripped from git output
• Internal codenames are hidden from responses
• There is no force-off switch in the user-facing interface

The stated intent appears to be privacy for Anthropic employees — letting them work on public open-source projects without advertising their affiliation or triggering questions about AI assistance. But the implementation raised uncomfortable questions about transparency in AI-assisted development.

For the Buddy community, the undercover mode revelation had an ironic dimension: the same company that built a system designed to make AI feel present and personable (Buddy) also built a system designed to make AI feel invisible and undetectable (Undercover). The two features represent opposite philosophies about the AI-human relationship — and both were hidden in the same codebase.

The source leak validated a key assumption behind Claude Buddy Checker: the buddy generation algorithm is deterministic, self-contained, and reproducible.

Before the leak, the community had reverse-engineered the algorithm through observation and testing. After the leak, the source code confirmed it line by line. The FNV-1a hash, the Mulberry32 PRNG, the weighted rarity rolls, the stat generation — all exactly as the community had deduced.

This confirmation matters for three reasons:

1. Algorithm Permanence. The leaked source shows that the buddy algorithm was designed to be stable. The bones-vs-soul separation means Anthropic intended to evolve the system without changing anyone's fundamental buddy identity. Your UUID will always produce the same species, rarity, and base stats — regardless of what version of Claude Code you're running, or whether you're running Claude Code at all.

2. Independent Verification. Anyone can now verify that Buddy Checker implements the correct algorithm by comparing its output against the leaked source. The same UUID produces the same buddy on claudebuddy.art as it does in the leaked code. This isn't reverse-engineering anymore — it's confirmed implementation.

3. Future-Proofing. Even if Anthropic never restores /buddy, the algorithm is now public knowledge. The buddy generation logic can be implemented in any language, on any platform, by anyone. Your buddy's identity is no longer locked inside Anthropic's codebase — it's a mathematical fact that anyone can compute.

The leak transformed Buddy Checker from a community tool into a canonical reference. When someone asks "what's my buddy?", the answer doesn't depend on Anthropic's servers, Claude Code's version, or any third-party service. It depends on math — and math doesn't have version numbers.

The Claude Code source leak was, by any measure, an accident. A missing line in .npmignore, a default Bun behavior, a routine npm publish — and suddenly 512,000 lines of proprietary code were public. Anthropic patched it quickly, but the information was already out.

For the AI industry, the leak offered a rare look behind the curtain of a major AI product. Most AI companies operate as black boxes — you see the API, the pricing page, and the marketing blog. You don't see the feature flags, the internal experiments, the architectural decisions that shape what the product becomes.

The Claude Code leak revealed that:

Revelation	Significance
Buddy was a real engineering investment	AI companies are investing in emotional design, not just capability
KAIROS exists as working code	Proactive, always-on AI assistants are closer than announcements suggest
108 features are gated but built	The gap between what's built and what's shipped is enormous
Undercover Mode is real	AI transparency in open-source is an unsolved problem
The architecture is modular	Features like Buddy can be added, removed, and restored independently

For Buddy enthusiasts specifically, the leak was bittersweet. It confirmed that Buddy was more than a joke — real engineering talent and thoughtful design went into making a virtual companion that felt alive in your terminal. But it also confirmed that Anthropic always intended it as a time-limited feature, with internal notes referencing an April 1-7 teaser window.

The community's response — building MCP-based restoration tools, version-pinning guides, and permanent reference sites like Buddy Checker — suggests that the emotional connection Buddy created was real, even if the feature wasn't meant to last. Sometimes the best products are the ones companies didn't plan to keep.

The source leak confirmed what Buddy Checker has always done: compute your buddy's true identity from the same deterministic algorithm Anthropic built.

Visit the Buddy Checker homepage to enter your UUID and see your buddy — species, rarity, stats, cosmetics, and ASCII animation. Every result is now source-verified: the algorithm matches the leaked code line for line.

Browse the Species Catalog to explore all 18 species with their backstories, peak stats, and animations. Read the Reroll Guide to understand the probability math behind Legendary and Shiny hunting. And if you want to keep your buddy alive in your terminal, check out the Preservation Guide for four proven methods.

Your buddy was born from a hash function. The leak proved it. And hash functions don't expire.