On March 31, 2026, Claude Code’s entire source code was exposed via npm source map. This analyzes what the codebase reveals about production AI architecture patterns.
Technical Root Cause
Single .map file in production npm package → R2 bucket URL → complete TypeScript source download. Textbook supply chain security failure.
What Was Exposed
Scale: 1,900 files, 512,000+ lines, TypeScript + Bun + React/Ink
Core files:
-
QueryEngine.ts(46K lines): LLM API engine, streaming, tool loops -
Tool.ts(29K lines): Agent tools, permission schemas -
commands.ts(25K lines): Slash commands
~40 tools, ~85 commands, feature flags, unreleased BUDDY digital pet system
4 Production AI Architecture Patterns
1. System Prompt Engineering
-
Tool constraints, risk controls, output specs
-
Makes AI predictable, controllable, production-ready
2. Multi-Agent Orchestration
-
Coordinator-worker architecture
-
Permission mailbox pattern
-
Atomic claim mechanism
-
Team memory
3. Three-Layer Context Compression
-
MicroCompact: Local cleanup
-
AutoCompact: Near-limit summarization (13K buffer, 20K summary, circuit breaker)
-
Full Compact: Emergency compression + selective re-injection (50K budget)
4. AutoDream Memory Consolidation
Background process with 4 phases: Orient → Gather → Consolidate → Prune
Trigger conditions: ≥24h, ≥5 sessions, no other consolidation, ≥10min since scan
For AI researchers/engineers, this is a free case study in production AI architecture. Anthropic’s patterns, refined at scale, are now available for analysis.
Links: