Claude Code's Accidental Leak Reveals What Power Users Know

Anthropic accidentally published Claude Code's entire source code to the internet last week. Not a small slice—2,000 files, over half a million lines of production TypeScript. An NPM package included a source map file that pointed to readable code on their servers. A security researcher found it, followed the breadcrumbs, and within hours the full codebase was mirrored on GitHub.

Nate Herk, an AI automation specialist, spent time combing through what the leak revealed. His analysis surfaces something more interesting than the leak itself: most people are using Claude Code wrong. Not "slightly suboptimal" wrong—more like "using 10% of what they're paying for" wrong.

Not a Chatbot With File Access

The first misconception the source code demolishes: Claude Code isn't Claude in your terminal. It's not a chatbot that can read your files.

"What the source code shows is that Claude Code is a full agent runtime," Herk explains. "It's a proper application built with bun TypeScript and React. It has a tool system, a command system, a memory system, a permission engine, a task manager, a multi-agent coordinator, and an MCP client and server all wired together under one execution pipeline."

The architecture runs like this: your input hits a CLI parser, goes to a query engine, calls the LLM API, runs a tool execution loop, then renders results. If you're typing questions and hoping for answers, you're using maybe 10% of the system. The value is in the infrastructure around the model.

This matters because it explains why Claude Code behaves differently than ChatGPT or Claude web. Different tool, different capabilities, different mental model required.

The 85 Commands Nobody Uses

The source reveals roughly 85 slash commands built into Claude Code. Most users know maybe five. Power users treat commands like keyboard shortcuts—they change the entire workflow.

The high-value ones: /init sets up project context by generating a claude.md file that acts as the tool's operating manual for your repository. /plan puts Claude into planning mode—it maps the full approach before touching any files, saving tokens and preventing unwanted changes. /compact compresses conversation history when context gets expensive, keeping important information while dropping noise.

Then there's /review and /security-review—built-in code review workflows. The fact these exist as dedicated commands, not features you ask for, tells you something about Anthropic's priorities. Review isn't an afterthought; it's a first-class workflow.

/context manages which files Claude is actually paying attention to. Every file in context costs tokens. /cost shows what you've spent. /resume and /summary let you pick up where you left off between sessions without re-explaining everything.

"Better prompts are one lever," Herk notes, "but knowing these commands is a completely separate lever that most people aren't even touching."

The Memory System Everyone Ignores

At the center of Claude Code's memory system sits claude.md. Most people either ignore this file or dump random notes into it. The source code reveals why that's a mistake: claude.md isn't documentation. It's operating context.

Think of it as an onboarding document. If Claude Code is an employee, claude.md tells them how you do things, what matters, what you never do, how the project is structured. The best users keep it short, opinionated, and operational.

Good claude.md content looks like: "We use TypeScript strict mode. Always. Tests go in test folders next to source files. Never modify database schema without running migrations. Use PNPM, not npm." Decision rules, constraints, conventions—not a novel about your project's history.

The source reveals multiple memory layers: user-level memory, extracted memories, team memory synchronization. Claude Code has persistent memory mechanisms across project, user, and session contexts. And claude.md is the highest-leverage input shaping how it behaves in every future session.

This file gets injected before every single chat. Update it today—global level or project level—and every subsequent interaction improves.

Why It Keeps Asking Permission

If you've used Claude Code, you've hit the permission wall. It asks about everything: "Allow me to do this? Can I run this? Can I edit this?" Most people think better prompting fixes this. It doesn't. Permissions fix this.

The source shows a deep permission system with multiple modes: default (asks about everything), plan mode, bypass permissions, auto modes where it just executes. The real gem: wildcard permissions.

You can set rules like "allow all git commands" or "allow all file edits in my src folder." Instead of Claude asking 15 times per session, you set the rule once. For recurring workflows—daily tasks, standard operations—this is one of the highest-ROI changes you can make.

In settings.local.json or settings.json, you can configure global, user-level, or project-level permissions for things you always want to allow, deny, or be asked about. This shifts you from babysitting every action to actually letting it operate like an agent.

The Multi-Agent Architecture You're Not Using

The source code reveals a full coordinator subsystem: agent tools, team tools, a task system designed for background and parallel work. The architecture is built to support decomposition—splitting work across multiple agents running in parallel.

One agent explores your codebase. Another implements changes. A third validates tests. There are even concepts in the source for background tasks that continue while you're focused on something else.

How much of this is fully user-facing today versus still rolling out? Hard to say from source alone. But the architecture makes the intent clear: Claude Code is designed to handle complex multi-step work by breaking it apart, not cramming it all into one thread.

The practical takeaway changes how you structure requests. Instead of one massive prompt—"refactor this entire module, update the tests, and fix the documentation"—break that up. Let Claude Code decompose the work. Better results come from clear sequential or parallel steps rather than hoping one giant instruction to one giant agent gets everything right.

The Extension Layer and Feature Flags

Model Context Protocol (MCP) isn't just supported by Claude Code—it's baked into the architecture. Claude Code is both an MCP client and an MCP server. It can connect to external tools through MCP, and other systems can connect to it.

Beyond MCP, the source reveals a skills and plugin layer. Power users can build repeatable workflows, custom capabilities, and domain-specific extensions that compound over time. You can connect it to databases, APIs, internal tools, documentation systems—anything with an MCP server. Then layer skills and plugins on top for recurring tasks.

The more systems you connect, the more valuable it becomes. The tool itself isn't the product. The ecosystem you build around it is.

The codebase also includes checks for "user type," with one value being "ant"—meaning Anthropic. Certain capabilities are gated behind internal feature flags. The source references voice mode, a system called Chyros, daemon mode, coordinator mode—all behind flags suggesting they're internal, experimental, or rolling out gradually.

We can't say for sure how different the internal experience is. But the source confirms Claude Code is heavily feature-flagged. Different users may already be getting meaningfully different experiences depending on their environment or rollout group.

What Separates the Top 1%

The single biggest insight from this leak: top users don't just write better prompts. They design a better operating environment.

That means treating claude.md like a force multiplier—short, opinionated, regularly updated. Learning the command service—not all 85, but the dozen that change daily workflow. Configuring permissions for recurring workflows to stop babysitting every action. Thinking in terms of decomposition rather than monolithic prompts.

It means managing context like money, because it literally is. Use /compact when conversations get long. Use /context to control what's loaded. Use /summary and /resume to carry work across sessions. Every unnecessary file in context is tokens you're paying for.

Connect things to it—MCP servers, CLIs, plugins, skills. And treat it like infrastructure, not an app. The source reveals a massive configuration surface: model routing, sub-agent model overrides, shell behavior, privacy controls, even the ability to route through different cloud backends like AWS Bedrock or Google Vertex.

Most people never touch these settings. But if you're using Claude Code seriously, there's real leverage in tuning the environment to fit your workflow.

The leak revealed the architecture. What you do with that knowledge is what separates using a tool from actually understanding it.

Mike Sullivan is Buzzrag's technology correspondent. He's been covering tech long enough to remember when "the cloud" was just someone else's computer.