What Exactly Are AI Agents Doing? A Complete Analysis of the 500,000-Line Claude Code Leak

This is not the first time Anthropic has made this mistake. When Claude Code was first released in February 2025, the same source map leak occurred. This time, the version was v2.1.88, and the cause was identical: the Bun build tool generates source maps by default, and this file was omitted from the .npmignore file.

Most reports focused on cataloging the Easter eggs in the leak, such as a virtual pet system and an “undercover mode” allowing Claude to anonymously submit code to open-source projects. However, the real question worth unpacking is: why does the same Claude model perform so differently in the web version versus Claude Code? What exactly are those 512,000 lines of code doing?

The Model is Just the Tip of the Iceberg

The answer lies in the code structure. According to reverse engineering analysis of the leaked source code by the GitHub community, out of the 512,000 lines of TypeScript, only about 8,000 lines are directly responsible for calling the AI model interface, accounting for just 1.6% of the total.

What does the remaining 98.4% do? The two largest modules are the Query Engine (46,000 lines) and the Инструмент System (29,000 lines). The Query Engine handles LLM API calls, streaming output, cache orchestration, and multi-turn conversation management. The Инструмент System defines approximately 40 built-in tools and 50 slash commands, forming a plugin-like architecture where each tool has independent permission controls.

Additionally, there are 25,000 lines of terminal UI rendering code (one file named print.ts is 5,594 lines long, with a single function spanning 3,167 lines), 20,000 lines of security and permission controls (including 23 numbered Bash security checks and 18 blocked Zsh built-in commands), and 18,000 lines of multi-agent orchestration systems.

After analyzing the leaked code, machine learning researcher Sebastian Raschka pointed out that the core reason Claude Code is stronger than the web version of the same model lies not in the model itself, but in the software scaffolding built around it, including repository context loading, dedicated tool scheduling, caching strategies, and sub-agent collaboration. He even suggested that applying the same engineering architecture to other models like DeepSeek or Kimi could yield similar programming performance improvements.

A straightforward comparison helps illustrate this gap. When you input a question into ChatGPT or the Claude web version, the model processes it and returns an answer, leaving nothing behind when the conversation ends. Claude Code operates entirely differently. Upon launch, it first reads your project files, understands your codebase structure, and remembers your preferences, such as “don’t mock the database in tests.” It can execute commands directly in your terminal, edit files, run tests, and for complex tasks, it breaks them down into subtasks assigned to different sub-agents for parallel processing. In other words, the web-based AI is a Q&A window, while Claude Code is a collaborator living in your computer.

Some have likened this architecture to an operating system: the 42 built-in tools are akin to system calls, the permission system to user management, the MCP protocol to device drivers, and the sub-agent orchestration to process scheduling. Each tool is factory-marked as “unsafe, writable” unless the developer explicitly declares it safe. The file editing tool forces a check to see if you’ve read the file first; if not, it won’t allow edits. This isn’t a chatbot with a few tools attached; it’s a runtime environment with a complete security mechanism, with the LLM at its core.

This implies one thing: the competitive moat for AI products may not lie at the model layer, but at the engineering layer.

Every Cache Miss, Costs Increase 10x

Among the leaked code is a file called promptCacheBreakDetection.ts, which tracks 14 vectors that could cause prompt cache invalidation. Why would Anthropic’s engineers invest so much effort in preventing cache misses?

A look at Anthropic’s official pricing makes it clear. Taking Claude Opus 4.6 as an example, the standard input price is $5 per million tokens, but if the cache is hit, the read price is only $0.5, a 90% discount. Conversely, every cache miss increases inference costs tenfold.

This explains many seemingly “over-engineered” architectural decisions in the leaked code. When Claude Code starts, it loads the current git branch, recent commit history, and CLAUDE.md files as context. This static content is globally cached, with boundary markers separating dynamic content to ensure each conversation doesn’t reprocess existing context. The code also features a mechanism called sticky latches to prevent mode switches from disrupting established caches. Sub-agents are designed to reuse the parent process’s cache rather than rebuilding their own context windows.

Here’s a detail worth expanding on. Users of AI coding tools know that the longer the conversation, the slower the AI’s responses become, because each round of dialogue must resend the previous history to the model. The conventional approach is to delete old messages to free up space. However, the problem is that deleting any message breaks cache continuity, forcing the entire conversation history to be reprocessed, causing both latency and costs to skyrocket.

The leaked code contains a mechanism called cache_edits. Instead of actually deleting messages, it marks old messages with a “skip” flag at the API layer. The model no longer sees these messages, but cache continuity remains unbroken. This means that in a long conversation lasting several hours, after clearing hundreds of old messages, the response speed for the next round is almost as fast as the first. For the average user, this is the underlying answer to “why Claude Code can support infinitely long conversations without slowing down.”

According to leaked internal monitoring data (from code comments in autoCompact.ts, dated March 10, 2026), before introducing an automatic compaction failure limit, Claude Code wasted approximately 250,000 API calls daily. There were 1,279 user sessions with over 50 consecutive compaction failures, with the worst session failing 3,272 times in a row. The fix was simply adding one line of restriction: MAX_CONSECUTIVE_AUTOCOMPACT_FAILURES = 3.

Therefore, for AI products, model inference costs might not be the most expensive layer; failed cache management is.

44 Switches, Pointing in the Same Direction

The leaked code hides 44 feature flags—already compiled functionality switches, just not publicly released. According to community analysis, these flags are divided into five categories by functional domain, with the densest being the “Autonomous Agent” category (12 flags), pointing to a system named KAIROS.

KAIROS is referenced over 150 times in the source code. It is a persistent background daemon mode. Claude Code is no longer just a tool that responds when you actively call it; it becomes an agent that constantly runs in the background, continuously observing, recording, and proactively acting at opportune moments. The premise is not to interrupt the user; any operation that might block the user for more than 15 seconds is deferred.

KAIROS also has built-in terminal focus awareness. The code contains a terminalFocus field that detects in real-time whether the user is looking at the terminal window. When you switch to a browser or other application, the agent determines you are “away” and switches to autonomous mode, proactively executing tasks, directly committing code, without waiting for your confirmation. When you switch back to the terminal, the agent immediately returns to collaborative mode: first reporting what it just did, then seeking your opinion. The degree of autonomy is not fixed but fluctuates in real-time with your attention. This solves a long-standing awkward problem with AI tools: fully autonomous AI makes people uneasy, while completely passive AI is inefficient. KAIROS’s choice is to let the AI’s proactivity dynamically adjust with user attention—it behaves when you’re watching, and works on its own when you’re away.

Another subsystem of KAIROS is called autoDream. After accumulating 5 sessions or every 24 hours, the agent initiates a “reflection” process in the background, following four steps. First, it scans existing memories to understand what it currently knows. Then, it extracts new knowledge from conversation logs. Next, it merges old and new knowledge, correcting contradictions and removing duplicates. Finally, it refines the index, deleting outdated entries. This design borrows from memory consolidation theory in cognitive science. Humans consolidate daytime memories during sleep; KAIROS consolidates project context when the user is away. For the average user, this means the longer you use Claude Code, the more precise its understanding of your project becomes, not just “remembering what you said.”

The second major category is “Anti-Distillation & Security” (8 flags). The most notable among these is the fake_tools mechanism. When four conditions are met simultaneously (compile-time flag enabled, CLI entry activated, using first-party API, GrowthBook remote switch is true), Claude Code injects fake tool definitions into API requests. The purpose is to contaminate datasets that might be recording API traffic for training competitor models. This represents a new form of defense in the AI arms race—not preventing copying, but making you copy the wrong things.

Furthermore, the code also reveals the model codename Capybara (divided into three tiers: standard, fast, and million-context window versions), widely speculated by the community to be the internal codename for the Claude 5 series.

Easter Egg: An Electronic Pet Hidden in 512,000 Lines of Code

Amidst all the serious engineering architecture and security mechanisms, Anthropic’s engineers also quietly built a complete virtual pet system, internal codename BUDDY.

According to the leaked code and community analysis, BUDDY is a skeuomorphic terminal pet that appears next to the user’s input box in the form of an ASCII speech bubble. It has 18 species (including capybara, salamander, mushroom, ghost, dragon, and a series of original creatures like Pebblecrab, Dustbunny, Mossfrog), categorized into five rarity levels: Common (60%), Uncommon (25%), Rare (10%), Epic (4%), and Legendary (1%). Each species also has “Shiny Variants,” with the rarest, Shiny Legendary Nebulynx, having an appearance probability of only one in ten thousand.

Each BUDDY has five attributes: DEBUGGING, PATIENCE, CHAOS, WISDOM, and SNARK. They can also wear hats, with options including a crown, top hat, propeller hat, halo, wizard hat, and even a mini duck. The hash of the user ID determines which pet you hatch, and Claude generates its name and personality.

According to the leaked launch plan, BUDDY was originally scheduled for internal beta testing from April 1st to 7th, with a formal launch in May, starting with Anthropic’s internal employees.

512,000 lines of code, 98.4% dedicated to hardcore engineering, but in the end, someone took the time to create an electronic salamander that wears a propeller hat. Perhaps this is the most human line of code in the entire leak.

Эта статья взята из интернета: What Exactly Are AI Agents Doing? A Complete Analysis of the 500,000-Line Claude Code Leak

Related: Don’t Just Focus on Yi Lihua, These Whales’ Moves During the Plunge Are More Worth Watching

Author｜Golem (@веб3_golem) Blockchain claims another victim. Bitcoin has been exploring lower levels for consecutive days, plummeting over 15% at one point in the past 24 hours, swiftly sliding to $60,000. This marks a drop of more than 40% from its October 2025 high, setting a new phase low and potentially recording its largest single-day decline since the FTX incident in 2022. Altcoins have suffered even more severe damage, with blood flowing in the streets. (Related reading: Bitcoin Plunges Nearly 20% in a Single Day, How Long Has It Пчелаn Since You Saw $60k Bitcoin?) Regarding the reasons behind this decline, the market largely attributes it to macro-level factors, such as the “Warsh effect” triggered by the new Federal Reserve Chair Warsh taking office, AI capital race draining liquidity from other…