What did we learn from the March 31st Claude Code Source Leak?

This technical analysis, presented by Daniel Motles of Qumulo in April 2026, dissects the architecture and leaked details of Claude Code. Claude Code is a Bun-native TypeScript application with a React and Ink terminal UI, functioning as a productized agent operating system. The system is composed of 1,902 source files totaling 512,685 lines of code. Its technical stack includes the Anthropic SDK, MCP integrations, and native tools for Git, Shell, and LSP. A major finding is the discovery of KAIROS, an always-on autonomous daemon that runs heartbeat prompts every 30 seconds to identify tasks, fix errors, and manage memory consolidation. Other unreleased features include Ultraplan for deep thinking via remote Opus variants, Coordinator Mode for spawning sub-agent forks, and an internal Undercover Mode that strips AI signals from public commit histories. The system utilizes a heavyweight persona driven by a massive system prompt and a four-tier MD memory system covering users, feedback, projects, and references. To preserve context window space, Claude Code uses deferred tooling and a local LRU cache to prevent redundant token consumption. Local search is handled by a parallelized Rust-based engine called RipGrep (rg). The analysis concludes that the engineering “plumbing”—the tools, memory, and safeguards—constitutes the product’s primary competitive moat. While the leak has spurred open-source clones, it has also raised enterprise concerns regarding release hygiene and intellectual property safety.