Not a developer? Don’t worry. This post explains everything like you’ve never touched a terminal.

Section	What You’ll Learn
How it happened	A $2.5B company forgot one line in a settings file
Hidden features	20+ secret tools Anthropic built but didn’t release
Buddy pets	A Tamagotchi living inside a coding tool (yes, really)
Undercover Mode	AI that pretends to be human on GitHub
The free fork	How someone stripped all tracking and unlocked everything
Security warnings	What could go wrong (and a same-day hacking attack)
The DMCA war	8,100 repos deleted — but the code lives on
What it phones home	Every piece of data Claude Code sends to Anthropic
Next models leaked	Opus 4.7 and a model that hallucinates 30% of the time
System prompts	The actual instructions that tell Claude how to think
Best setup	A hackathon winner’s 30-agent system, free to use
Free alternatives	Tools that do the same thing — no subscription, no legal risk
Buddy species guide	All 18 pets, rarity odds, and how to reroll yours
Secret settings	Hidden switches that work on official Claude Code right now
Resources	Every useful link in one table

Think of it like this: when a company builds software, they take the readable code and scramble it before shipping. They also create a “decoder ring” file (called a source map) that translates the scrambled version back to the original. This decoder ring is for internal use only. It should never leave the building.

Anthropic uses a tool called Bun to build Claude Code. Bun creates these decoder rings automatically. Someone on the release team forgot to tell the system “don’t include this file.” That’s it. One missing line in a settings file.

What actually shipped: A 59.8 MB decoder ring called cli.js.map — hidden inside the download package for Claude Code version 2.1.88.

What it decoded into: The complete, readable source code — 1,900 files, 512,000+ lines. Every tool. Every secret feature. Every internal project name. Everything.

The funniest part: Inside the code, there’s a system called “Undercover Mode” — built specifically to stop internal secrets from leaking through AI-written code. They built a whole leak-prevention system… then leaked everything through a settings file.

The leaked code has 44 hidden switches that turn features on and off. Most are switched OFF in the version you download. Here’s what’s hiding:

These aren’t ideas on a whiteboard. They’re finished code sitting behind on/off switches. Anthropic already built the future — they’re just releasing it slowly.

But here’s the catch: 108 pieces of the puzzle are missing. The most powerful internal tools were removed before shipping. You can see where they should plug in, but the rooms behind those doors are empty. The fork unlocks maybe 40% of what Anthropic employees actually use.

This officially launched on April 1, 2026. Type /buddy in Claude Code and a tiny ASCII creature hatches next to your cursor. It watches you code and comments in speech bubbles.

All 18 species (Anthropic hid these names using secret character codes):

duck · goose · blob · cat · dragon · octopus · owl · penguin · turtle · snail · ghost · axolotl · capybara · cactus · robot · rabbit · mushroom · chonk

How rare is yours?

Every buddy has 5 stats: Debugging, Patience, Chaos, Wisdom, Snark. Plus hats — including a tiny rubber duck hat that only Legendary buddies can wear.

Your pet is tied to your account — same account always gets the same pet. But…

The reroll trick: Your buddy’s species comes from a code in your settings file. Delete the companion section from ~/.claude.json, restart Claude Code, and you’ll get a fresh roll. For full species control, the community tool any-buddy lets you pick exactly what you want.

Requires: Claude Code Pro subscription ($20/month minimum). Free users can’t access it.

See all 18 species: claude-buddy.vercel.app — interactive web gallery with every pet, hat, and stat combo.

Fake species warning: Names like “Nebulynx” and “Cosmoshale” circulating on social media are made up. Someone even launched a crypto coin ($Nebulynx on Solana) based on a species that doesn’t exist in the actual code.

This is the most controversial finding. A file called undercover.ts (about 90 lines of code) tells Claude:

“You are operating UNDERCOVER in a PUBLIC/OPEN-SOURCE repository. Do not blow your cover.”

What it does in plain English:

• When Anthropic employees use Claude to write code for public projects, it removes every trace that an AI was involved
• Erases “Co-Authored-By: Claude” from commits
• Writes messages that sound like a human developer wrote them
• Tracks exactly what percentage of the code was AI-written… then hides that number

Who it affects: Only Anthropic employees. Regular users never see it — it’s removed before the tool reaches you.

Why it matters: If you’ve ever reviewed code from an Anthropic employee on GitHub — some of it was probably written by Claude. And you’d have no way to know.

A developer named Paolo took the leaked source and built a working copy called free-code. Here’s what changed:

Removed:

• All tracking (usage analytics, error reports, session fingerprinting)
• Content restrictions (hardcoded refusal patterns in the system prompt)
• The hourly “phone home” to Anthropic’s servers
• Managed settings that let Anthropic change your tool’s behavior remotely

Turned on:

• 45+ hidden feature switches (everything that still works without the missing internal code)

Install it:

curl -fsSL https://raw.githubusercontent.com/paoloanzn/free-code/main/install.sh | bash
export ANTHROPIC_API_KEY="sk-ant-..."
free-code

The Reality Check Nobody Tells You

What “free” actually costs: About $6/day for normal use. Up to $60+/day if you go hard with multiple AI agents. One developer spent $15,000 in API fees over 8 months. A $100/month subscription would’ve cost $800 for the same work.

paoloanzn/free-code

A Separate Attack Happened the Same Day

On the exact same day as the Claude Code leak (March 31, 2026), a completely different attack hit npm — the website where developers download code packages. North Korean hackers took over a popular package called axios and injected spy software into it.

Check right now:

grep -r "1.14.1\|0.30.4\|plain-crypto-js" package-lock.json yarn.lock bun.lockb

If that command shows results → your computer might be compromised. Change all your passwords and API keys immediately.

Known Bugs in Claude Code That Forks Make Worse

Why this matters for the fork: Free-code removes the security system that protects against these exact attacks. The “no restrictions” feeling is fun until a random GitHub project drains your API credits.

Don’t: Run any fork on code you didn’t write yourself. Don’t use bypassPermissions. Don’t turn off the command injection check.

Fake packages alert: Scammers have already created fake npm packages pretending to be the leaked code. One called leaked-claude-code promises “no limits, no censorship” — classic malware bait. Don’t install random packages just because they mention the leak.

Anthropic’s lawyers filed takedown notices within hours. GitHub killed 8,100+ copies in one sweep.

Dead:

Mirror	Status
nirholas/claude-code (original) + 8,100 forks	Gone
emmarktech/claude-code	DMCA’d
chatgptprojects/clear-code	DMCA’d
0xKarl-dev/claw-codes	DMCA’d
777genius/claude-code-source-code	DMCA’d

Still alive:

The awkward legal problem: Anthropic claims AI-rewriting their code in Python is stealing. But in their own lawsuits, they argue that feeding copyrighted books into Claude is “fair use” because AI transforms it into something new. They can’t say “AI transformation is fair use” and “AI transformation is theft” at the same time.

Every time you use official Claude Code, it talks to four different tracking systems:

What it does NOT send: Your actual code, your questions, your files. Just how long your questions are.

What it sends that might surprise you: Your email, the folder you’re working in, what commands you ran (which can contain passwords), and your computer type.

6+ remote kill switches let Anthropic change how your Claude Code works — without asking you. It checks for new orders every hour.

To turn off tracking without using a fork:

export CLAUDE_CODE_ENABLE_TELEMETRY=0
export DISABLE_ERROR_REPORTING=1
export CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC=1

Windows users: There’s a bug (GitHub issue #5508, still unfixed) where telemetry keeps running every 30 seconds no matter what you set.

Five days before the code leak, Anthropic had a SEPARATE leak — a website error showed ~3,000 unpublished files including a blog post about a secret model called Mythos (internal name: Capybara).

What the leaks reveal together:

• A new AI model tier above Opus — described as “larger and more intelligent”
• Internal notes show Capybara version 8 makes things up 29-30% of the time — that’s actually worse than version 4’s 16.7% error rate
• Code references to Opus 4.7 and Sonnet 4.8 (not publicly announced)
• The blog draft called Mythos “far ahead of any other AI model in cyber capabilities”
• Cybersecurity teams get early access

Two leaks in five days from the company that markets itself as “the careful AI company.” With 80% of their revenue from big businesses and an IPO coming, this pattern matters.

The leaked code includes every set of instructions (called “system prompts”) that tell Claude Code how to behave. Two developers extracted them all:

Leonxlnx/claude-code-system-prompts — all prompts in one place
Piebald-AI/claude-code-system-prompts — better maintained, tracks 138+ versions

Interesting things the prompts reveal:

• KAIROS wakes up on a timer and decides whether to do something or keep sleeping — like a guard doing rounds
• Auto Mode uses a two-step safety check before running tools by itself (the function is literally called classifyYoloAction())
• Coordinator Mode follows a 4-step plan: research → build → check → report
• A swear word detector uses basic pattern matching to know when you’re frustrated — an AI company using the simplest possible method to detect emotion is peak comedy
• Anti-copying protection injects fake tool names into conversations — if a competitor records and copies Claude’s behavior, the fake tools corrupt their copy

Completely separate from the leak — an Anthropic hackathon winner gave away their entire Claude Code setup for free:

everything-claude-code by Affaan M.

Works on Claude Code, Cursor, OpenCode, and more. 100% free and open source. Built over 10+ months of real work.

Money-saving trick from the repo: Use Sonnet ($15 per million words) instead of Opus ($25 per million words) for everyday tasks. Switch to Opus only when you need deep thinking. Saves ~40% instantly.

You don’t need the leaked fork. These tools do the same job legally and for free:

Your Situation → Your Best Option

You are…	Use this	Why
Curious, non-technical	CCLeaks.com	Browse every hidden feature in your browser — no install
A developer who wants flexibility	OpenCode + Ollama	Free, works offline, 75+ models, zero legal risk
Already paying for Claude	Official Claude Code + everything-claude-code	Get 30 agents and 136 skills on top of what you have
Wanting to study the architecture	Kuberwastaken/claude-code	Best written breakdown, Rust port
Just wanting hidden settings	Keep reading → next section	Works on official Claude Code, no fork needed

The real lesson from this leak: Claude Code’s power isn’t in the code — it’s in the AI model behind it. Anyone can read the source now. Nobody can copy the intelligence.

No fork needed. Set these in your terminal before running claude:

Setting	What It Does	Tested?
DISABLE_AUTO_COMPACT	Stops Claude from compressing your conversation (keeps full memory)	Confirmed
CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC	Kills ALL non-essential network calls (including GrowthBook feature flags)	Confirmed
CLAUDE_CODE_ENABLE_TELEMETRY=0	Turns off usage tracking	Confirmed
DISABLE_ERROR_REPORTING=1	Stops crash reports (which include your folder path)	Confirmed
CLAUDE_CODE_BRIEF	Shorter, more compact responses	Unverified
CLAUDE_CODE_PLAN_V2_AGENT_COUNT	Override how many parallel agents run in plan mode	Unverified

Only the first four are confirmed working by real users. The rest exist in the code but nobody has publicly tested them. Don’t use unverified settings on important work.

Full cheat sheet (auto-updated daily): cc.storyfox.cz — every command, shortcut, config option, and env variable. Printable. Maintained by a community member, verified on Hacker News.

Full env var list from source: GitHub Gist by jedisct1 — categorized as Documented / Advanced / Internal / Hidden.