This is a re-uploaded link of the Claude Code 2.1.88 leak from 3/31/2026. Download below.
Anthropic accidentally shipped a JavaScript source map file (`.map`) inside a routine npm update of Claude Code (version 2.1.88), which pointed to a zip archive on their own Cloudflare R2 storage containing the full source code — roughly 500,000 lines across ~1,900 files. Before Anthropic could pull it down, the archive was discovered, downloaded, and widely mirrored on GitHub. Inside, developers found 44 internal feature flags for unshipped capabilities like KAIROS (an autonomous background agent mode), session memory that transfers learnings across conversations, anti-distillation defenses that inject fake tools to poison competitors' training data, and even a Tamagotchi-style terminal pet called "Buddy." Anthropic confirmed it was a packaging error caused by human error, not a security breach, and said no customer data or credentials were exposed — but the strategic damage is done, since competitors now have a detailed look at both the architecture and the product roadmap.
4/1/2026: Buddy is actually an April Fools feature, update your Claude Code and try it today with /buddy.