Claude Code源码泄露7小时：8大新功能/26个隐藏指令/6级安全架构，全被扒光了

Core Viewpoint - The article discusses the significant leak of the Claude Code source code due to an accidental inclusion of a source map file in the npm package, leading to the exposure of 1,906 source files and 510,000 lines of code, which has been rapidly analyzed and backed up by the community [3][4][16]. Group 1: Incident Overview - The leak occurred when a 60MB source map file was mistakenly included in the npm release package of Claude Code version v2.1.88 [3]. - The source map allowed anyone to access the complete source code, enabling potential replication of the tool [12][13]. - The community quickly reacted, backing up the leaked code to multiple GitHub repositories and analyzing it extensively within hours [16]. Group 2: Features and Discoveries - The analysis revealed eight new features, over 26 new commands, and a six-level security architecture, along with hidden modules that were not publicly disclosed [17]. - Notable new features include an electronic pet system called "Buddy," which has 18 species and unique characteristics for each user [21][24][27]. - Another significant feature is "Kairos," a persistent assistant mode that allows Claude to remember information across sessions and organize it into structured notes [29][30]. Group 3: Security and Code Quality - The security design of Claude Code is highlighted, featuring a six-level permission verification system for every tool invocation, ensuring robust security measures [42]. - Despite the strong security architecture, the code quality is noted to be inconsistent, with some functions exhibiting excessive complexity [40][50]. - The method for detecting user negative emotions relies on basic regular expressions rather than advanced AI models, raising questions about the overall quality of the code [56]. Group 4: Implications of the Leak - The leak is not an isolated incident, as the company recently faced another significant data exposure due to a CMS configuration error, revealing internal assets [59]. - The exposure of the product architecture and unpublished features provides competitors with a free technical blueprint, potentially undermining the company's competitive edge [67]. - The repeated security lapses signal a concerning trend for a company that emphasizes "AI safety" in its mission, suggesting systemic issues in operational security [68].