TWITTER_ARTICLE

Anthropic’s npm package @anthropic-ai/claude-code version 2.1.88 reportedly…

2026-03-31 · 11:02 UTC ·elliotarledge ·4 min read

Brief

Elliot Arledge’s March 31, 2026 X post analyzes what he says was an accidentally published source map inside Anthropic’s Claude Code CLI npm package, @anthropic-ai/claude-code@2.1.88. By inspecting the 59.8 MB cli.js.map file and its embedded sourcesContent, he infers a roadmap centered on much greater agent autonomy: KAIROS as a background daemon, PROACTIVE wake-up 'tick' prompts that let Claude act between user messages, and COORDINATORMODE for managing specialized parallel workers across research, implementation, and verification. The thread also claims Anthropic is working on lower-friction permission handling through a TRANSCRIPTCLASSIFIER auto-approval system, while maintaining substantial security guardrails such as 2,500+ lines of bash validation, sandboxing, and input sanitization. Arledge highlights internal model codenames like Capybara, Fennec, and Numbat, voice interaction support, browser automation, team memory sync, token budget controls, and an 'Undercover Mode' for anonymous public-repo contributions, alongside a whimsical hidden BUDDY pet feature.

Why it matters

Anthropic’s npm package @anthropic-ai/claude-code version 2.1.88 reportedly shipped a 59.8 MB source map file, cli.js.map, whose sourcesContent field exposed the original TypeScript source; the leak was described as a build configuration mistake rather than a breach.

Key details

  • The leaked code suggests Claude Code is being developed toward autonomous operation: KAIROS appears 154 times as an always-on daemon mode with background sessions, GitHub webhook subscriptions, push notifications, and 'dream' memory consolidation; PROACTIVE appears 37 times; and COORDINATOR_MODE appears 32 times for spawning parallel worker agents.
  • A flag called TRANSCRIPT_CLASSIFIER appears 107 times and is interpreted as an AI-based permission auto-approval system, potentially reducing today’s repeated tool confirmation prompts for trusted actions.
  • The source allegedly exposes internal model codenames and versioning, including Capybara as a Claude 4.6 variant, Fennec migrated to Opus 4.6, unreleased Numbat, and internal references to opus-4-7 and sonnet-4-8; one comment compared 'Capybara v8' false-claim rates of 29-30% versus 16.7% for 'v4.'
  • Other notable features include an 'Undercover Mode' that strips AI attribution from public open-source commits, VOICE_MODE appearing 46 times for speech I/O, 2,500+ lines of bash command validation and sandboxing, and a hidden BUDDY terminal pet system with 18 species, cosmetic hats, rarity tiers, and stats like DEBUGGING, WISDOM, and SNARK.
Source evidence

title: @elliotarledge: Earlier today, @Friedrice on X discovered that Anthropic accidentally published...
author: elliotarledge
contenttype: twitterarticle
published: 2026-03-31T11:02:12+00:00
sourceurl: https://x.com/elliotarledge/status/2038934884761444838

word_count: 858

Earlier today, @Fried_rice on X discovered that Anthropic accidentally published a source map file a

Earlier today, @Fried_rice on X discovered that Anthropic accidentally published a source map file alongside their Claude Code CLI on npm. The package @anthropic -ai/claude-code version 2.1.88 includes a 59.8 MB file called cli.js.map that contains the full original TypeScript source code embedded in its sourcesContent field. This isn't a hack—it's a build configuration oversight where debug artifacts got shipped to production. But it reveals a lot about where Claude Code is heading.

I spent a few hours going through the source. Here's what caught my attention and what it might mean for users.

AUTONOMOUS AGENTS ARE COMING

The most referenced feature flag in the codebase is called KAIROS, appearing 154 times. Based on the code, this appears to be an autonomous daemon mode that turns Claude Code into an always-on agent. It includes background sessions, something called "dream" memory consolidation, GitHub webhook subscriptions, push notifications, and channel-based communication.

There's also PROACTIVE mode (37 references) which lets Claude work independently between user messages. The system sends "tick" prompts to keep the agent alive, and Claude decides what to do on each wake-up. The prompt literally says "You are running autonomously" and instructs the model to "look for useful work" and "act on your best judgment rather than asking for confirmation."

COORDINATOR_MODE (32 references) takes this further—it transforms Claude into an orchestrator that spawns and manages parallel worker agents. The coordinator handles research, implementation, and verification by delegating to specialized workers. The system prompt includes detailed instructions on how to write prompts for workers, when to continue vs spawn fresh agents, and how to handle worker failures.

PERMISSION PROMPTS MAY DISAPPEAR

One flag called TRANSCRIPT_CLASSIFIER appears 107 times. Based on context, this appears to be an "Auto Mode" that uses an AI classifier to auto-approve tool permissions. If this ships, the constant permission prompts that currently interrupt workflows could become optional or disappear entirely for trusted operations.

MODEL CODENAMES AND VERSIONING

The source reveals internal codenames for Claude models:

Capybara appears to be a Claude 4.6 variant. Comments reference "Capybara v8" with notes about specific issues being fixed: a 29-30% false claims rate compared to v4's 16.7%, a tendency to over-comment code, and something called "assertiveness counterweight."

Fennec was a codename that got migrated to Opus 4.6.

Numbat is unreleased. One comment reads "Remove this section when we launch numbat."

The code also references opus-4-7 and sonnet-4-8 as examples of version numbers that should never appear in public commits—suggesting these versions exist internally.

UNDERCOVER MODE FOR STEALTH CONTRIBUTIONS

There's a feature called "Undercover Mode" designed for when Anthropic employees use Claude Code to contribute to public repositories. When active, it strips all AI attribution from commits, hides model codenames, removes any mention of "Claude Code" or AI, and doesn't even tell the model what model it is.

The prompt includes: "You are operating UNDERCOVER in a PUBLIC/OPEN-SOURCE repository. Your commit messages, PR titles, and PR bodies MUST NOT contain ANY Anthropic-internal information. Do not blow your cover."

There's no force-OFF switch. If the system isn't confident it's in an internal Anthropic repo, undercover mode stays on by default.

VOICE MODE

VOICE_MODE appears 46 times. Speech-to-text and text-to-speech integration for voice interaction with Claude Code.

A TAMAGOTCHI PET SYSTEM

This one is just fun. There's a hidden BUDDY system that's basically a Tamagotchi for your terminal. It includes 18 species (duck, goose, blob, cat, dragon, octopus, owl, penguin, turtle, snail, ghost, axolotl, capybara, cactus, robot, rabbit, mushroom, chonk), rarity tiers where legendary is 1%, cosmetics like hats (crown, tophat, propeller, halo, wizard, beanie, tinyduck), and stats including DEBUGGING, PATIENCE, CHAOS, WISDOM, and SNARK. Shiny variants exist.

The capybara species name is obfuscated using String.fromCharCode() specifically to avoid triggering their internal leak-detection scanners—which confirms capybara is a sensitive model codename.

OTHER NOTABLE FLAGS

FORKSUBAGENT lets you fork yourself into parallel agents. VERIFICATIONAGENT provides independent adversarial verification of work. ULTRAPLAN offers advanced planning capabilities. WEBBROWSERTOOL adds browser automation. TOKEN_BUDGET allows explicit token budget targeting with commands like "+500k" or "spend 2M tokens." TEAMMEM enables team memory sync across users.

WHAT THIS MEANS

A few takeaways:

Claude Code is getting significantly more autonomous. The KAIROS, PROACTIVE, and COORDINATOR features suggest a future where Claude works more independently, potentially running as a background daemon that monitors repos and takes action.

Permission friction is being addressed. The transcript classifier for auto-approving tools suggests they're working on reducing the constant approval prompts.

Model versioning is more complex than the public API suggests. There are internal variants, fast modes, and codenames that map to specific capabilities and known issues.

Security is taken seriously. There are 2,500+ lines just for bash command validation, plus sandboxing, undercover mode, and extensive input sanitization.

They're building personality into the product. The buddy system is delightful and suggests Claude Code will feel less like a tool and more like a companion.

HOW TO SEE IT YOURSELF

The source is on npm at the time of writing. Download @anthropic -ai/claude-code@2.1.88, find cli.js.map , parse the JSON, and extract the sourcesContent field. I'm not redistributing the code, but discussing publicly-accessible artifacts is fair game.

Credit for the original discovery goes to @Fried_rice on X.

Posted: 2026-03-31T11:02:12.000Z

Engagement: 1103 likes, 88 retweets, 30 replies