Claude Code was just leaked... (WOAH)
TL;DR
Claude Code’s source leak exposed roughly 2,300 files and nearly half a million lines of agent harness code — Matthew Berman frames it as a rare look inside one of the best coding agents, with the leak alone hitting 22 million views on X in under 24 hours.
The big takeaway isn’t just the code — it’s the playbook for building better coding agents around Claude — he says competitors and open-source projects can now study exact prompts, permission systems, sub-agent orchestration, and compaction strategies that made Claude Code feel unusually strong.
Claude.md turns out to be far more important than most users realized — it gets loaded on every single turn, gives you about 40,000 characters for coding standards, architecture, patterns, and team preferences, and Berman admits he barely used it before seeing the leak.
Claude Code is designed for parallelism, not single-agent hero mode — the leaked code shows multiple sub-agent execution models, shared prompt caches, tmux/iTerm teammate setups, and git worktrees, echoing Boris Cherny’s advice to keep many agents running at once.
Anthropic’s permission prompts are supposed to be mostly configured away, not constantly clicked through — the code reveals smarter modes like Auto, which runs an LLM classifier per action, making the old ‘dangerously skip permissions’ approach effectively obsolete.
Compaction is one of the most valuable leaked ideas because memory quality depends on what the system forgets — Berman highlights five compaction methods, a 200,000-token default window with optional 1 million tokens, disk-backed tool outputs with only 8 KB previews, and the habit of using /compact proactively like ‘saving your game.’
The Breakdown
The leak that cracked open Claude Code
Berman opens with the bombshell: Claude Code was accidentally exposed through a map file on Anthropic’s npm registry, and the source quickly spread across X. He calls it a huge deal because Claude Code is “an amazing harness,” not just a model wrapper, and says the leak pulled in 22 million views in less than a day. He also points out the weird twist that someone already rewrote it in Python, which he says makes local experimentation much harder to stop.
Why this matters more than a normal code leak
Using Alfred Versa’s thread as a guide, Berman says the leak includes 2,300 original files and almost 500,000 lines of code — enough to reveal many of the implementation tricks, but not the full magic of Claude without Claude models. His point is that the value here is strategic: rivals can inspect prompts, agent setup, permissions, sub-agent chaining, and failure modes, then fold those ideas into open-source alternatives like Open Code. He notes Anthropic still avoided the worst-case scenario: no API keys, no customer data, no catastrophic internal secrets.
The sponsor break: Zapier as an MCP power-up
Berman briefly pivots to Zapier, saying it pairs well with Claude Code or even a local version of the leaked harness. His pitch is simple: Zapier’s MCP server exposes thousands of tools to agents, and setup is just choosing apps, getting a URL, and plugging it in.
Claude.md: the hidden control panel loaded every turn
Back in the analysis, he highlights Mal Shake’s breakdown of what really makes Claude Code tick, starting with Claude.md. This file is injected into every single prompt turn, making it the place to encode coding standards, file priorities, architecture, and team preferences. Berman’s reaction is personal and immediate: he says he barely touched it before, and now plans to update it the same day.
Parallelism, sub-agents, and why one agent is the wrong mental model
One of the biggest reveals is that Claude Code is built around lots of agents working simultaneously, with shared prompt caches making that parallelism surprisingly cheap. Berman cites Boris Cherny saying he always has multiple agents running, and the leaked code shows distinct execution models like forked agents, tmux/iTerm teammates using file mailboxes, and isolated git worktrees. His takeaway is blunt: doing everything with one agent is just not what the system is optimized for.
Permissions are a configuration problem, not a prompt spam problem
Berman tackles the familiar annoyance of Claude Code constantly asking for approval and says the leak explains why: ideally, you should almost never see those prompts if permissions are configured correctly in settings.json. He walks through the three modes — Bypass, Allow Edits, and Auto — and says Auto is the sweet spot because it uses an LLM classifier to decide what’s safe enough to allow. In his telling, Anthropic saw users blindly smashing “allow all” and built something smarter to replace that habit.
Compaction, hooks, and the small details that make the harness feel smart
He spends the longest on compaction, arguing this is the kind of harness-level insight the whole ecosystem will copy. Claude Code uses five forms of memory reduction — micro compact, context collapse, session memory, full compact, and PTL truncation — and he repeats the memorable line that what matters most is not what the model remembers, but what it forgets. He also calls hooks a “power user feature” he’s been neglecting, then gets excited about automating things like documentation updates after commits instead of nagging the model manually every time.
Persistent sessions, 66 built-in tools, and the open-source aftershock
Near the end, Berman highlights practical patterns: sessions are stored as JSONL and resumable, large tool outputs are written to disk with only an 8 KB preview sent to the model, and interrupting a bad generation early is cheap because of the streaming architecture. He closes by tying the leak to his earlier “meta harness” video, imagining Claude Code recursively improving itself once plugged into a self-improving harness. That’s the emotional core of the video: Anthropic may hate the leak, but Berman sees it as pure open-source fuel for faster innovation.