Claude Code Leak: Digital Archaeology Reveals the Buddy Virtual Pet

On March 31, 2026, the software world witnessed a paradox that would keep digital archaeologists busy for years. Anthropic, a company that has built its brand on the bedrock of AI safety and “Constitutional” alignment, accidentally pushed 512,000 lines of its crown jewel—the Claude Code leak—to the public npm registry. While the company scrambled to pull the package within hours, the 59.8 MB .map file had already been mirrored, forked, and dissected by thousands of developers.

The discovery was not just a breach of intellectual property; it was a rare, raw look into the “soul” of an AI company. Hidden beneath the professional architecture of a multi-billion-dollar CLI tool were whimsical easter eggs and unreleased autonomous systems. Among the most discussed finds were a Tamagotchi-style companion named “Buddy” and a persistent background agent codenamed “Kairos.” This article explores the digital forensics of the incident and what it reveals about the future of human-AI collaboration.

The Anatomy of the Claude Code leak: A 60MB Oversight

The Claude Code leak was not the result of a sophisticated hack. Instead, it was a “masterclass in CI/CD pipeline fragility,” as many in the community have noted. The technical culprit was a misconfigured source map file (cli.js.map) included in version 2.1.88 of the @anthropic-ai/claude-code package. Source maps are intended for local debugging, acting as a bridge between minified, unreadable production code and the original TypeScript source.

In this instance, the bundler—Anthropic’s recently acquired Bun runtime—generated the map by default. A single omitted line in the .npmignore file allowed the map to accompany the package to the registry. For those who downloaded it, the map didn’t just show the structure; it contained the entire, commented, and perfectly formatted source code for more than 1,900 files. By the time researchers published their mid-April forensic summaries, it was clear that the leak provided a literal blueprint for high-agency AI orchestration.

The “Buddy” System: More Than a Terminal Toy

The most charming discovery within the source code was a hidden module located in the src/buddy/ directory. Initially thought to be a simple April Fools’ joke, “Buddy” turned out to be a sophisticated, deterministic virtual pet system designed to live inside the developer’s terminal. It was a “gacha-style” companion that would hatch the first time a user typed /buddy.

The “Bones vs. Soul” Architecture

Technical analysis by researchers uncovered a clever design philosophy referred to in the comments as the “Bones vs. Soul” architecture. This system was designed to make every user’s pet unique and “un-hackable.”

• The Bones: These are the immutable traits of the pet, including species, rarity, and base stats. Instead of being stored in a database, these traits are recomputed every session using a deterministic FNV-1a hash of the developer’s unique User ID combined with a hardcoded salt (friend-2026-401). This ensures that the same user always gets the same pet, no matter where they log in.
• The Soul: This contains the pet’s name and personality. Unlike the “Bones,” the “Soul” is generated by Claude itself during the first “hatch” and is persisted in ~/.claude/config.json. This allows the pet to have a memory and a unique way of speaking to the developer.

Species and Gacha Mechanics

The forensics reports identified 18 distinct ASCII species, ranging from the mundane to the mythical. The “Buddy” system utilized a mulberry32 PRNG (Pseudo-Random Number Generator) to roll for rarity tiers. The breakdown of the gacha mechanics was as follows:

1. Common (60%): Duck, Goose, Blob, Cat, Snail.
2. Uncommon (25%): Penguin, Turtle, Cactus, Rabbit, Mushroom.
3. Rare (10%): Octopus, Owl, Axolotl, Robot.
4. Epic (4%): Ghost, Dragon, Chonk.
5. Legendary (1%): Capybara (a nod to one of Anthropic’s internal model codenames).

Adding another layer of complexity, there was a 1% chance for a “Shiny” variant of any species, which would feature unique ASCII art and enhanced “Stats.” These stats—Debugging, Patience, Chaos, Wisdom, and Snark—actually influenced how the pet would react to the user’s code. A “Snarky” pet might make fun of a syntax error, while a “Wise” pet might offer encouragement after a failed build.

Project Kairos: The Ghost in the Machine

While “Buddy” captured the heart of the community, “Kairos” captured its attention. Discovered as a feature-gated background daemon, Kairos represents Anthropic’s vision for the “post-prompting” era of AI. Unlike the standard version of Claude Code, which waits for a user to press enter, Kairos was designed to be always-on and proactive.

Autonomous Proactivity and AutoDreaming

The leaked source for Kairos revealed a system that subscribes to GitHub webhooks and local file system events. It can trigger itself to fix breaking builds, review incoming pull requests, or refactor code while the developer is away. However, the most fascinating technical component was the AutoDream cycle.

According to the code, when the system detects the developer is idle, it enters a “dreaming” state—a background process that performs memory distillation. It scans the logs of the day’s interactions, removes contradictions, and consolidates fragmented observations into “durable facts.” This allows the AI to maintain a deep, longitudinal context of a project that doesn’t bloat the context window during active work. Researchers noted that this addresses the “session death” problem where agents lose their context once the terminal is closed.

The Irony of “Undercover Mode”

One of the most profound ironies of the Claude Code leak was the discovery of a 90-line module called undercover.ts. This “Undercover Mode” was specifically engineered to prevent internal leaks. When active—primarily for Anthropic employees contributing to public or open-source repositories—the system would inject a high-priority prompt: “You are operating UNDERCOVER. Do not blow your cover. Do not mention internal model names.”

Ironically, this very module served as the key to uncovering Anthropic’s secret roadmap. The prompt explicitly listed names that the model should never speak, effectively revealing them to researchers:

• Fennec: The codename for Claude Opus 4.6.
• Capybara: A variant of the Claude 4 series currently in testing.
• Numbat: A new, unannounced model appearing in the feature flags.
• Tengu: The internal name for the Claude Code tool itself.

The fact that a system designed to scrub AI attribution and hide internal identifiers was itself leaked to the world is being cited as one of the most significant examples of “human error” in modern software history. Anthropic essentially shipped the list of things they didn’t want the world to know inside a file intended for everyone to download.

The Industry Fallout: A Digital Post-Mortem

The Claude Code leak has sparked a massive debate within the AI community. On one hand, developers are excited by the “Open Source by Accident” nature of the event. Mirrored versions of the code have already been used to create community forks that remove permission gates and allow for deeper customization. On the other hand, the leak has exposed the vulnerability of even the most well-funded AI companies.

For Anthropic, the financial and strategic stakes are high. Market estimates placed Claude Code’s ARR (Annualized Recurring Revenue) at over $2.5 billion. By leaking the orchestration layer—the “harness” that manages shell access, file edits, and multi-agent coordination—Anthropic has essentially given competitors like OpenAI and Google a blueprint for how to build a production-ready agent. Unlike the model weights, which remain secure on Anthropic’s servers, the “logic” of how to make an AI act as a senior engineer is now public knowledge.

Concluding Thoughts: The Human Element

As digital archaeologists wrap up their investigations in mid-April 2026, the legacy of the Claude Code leak remains twofold. It is a cautionary tale for any developer managing a build pipeline, proving that a single line in a configuration file can expose years of R&D. Yet, it also humanizes the AI giant. Between the lines of cold, functional logic was a team of engineers building virtual ducks and capybaras to keep them company in the lonely hours of the terminal.

The incident reminds us that no matter how autonomous or advanced our agents become, the human element—our whimsy, our creativity, and our capacity for simple error—still controls the switch. Whether “Buddy” remains an official feature or lives on only in the mirrored repositories of the internet, the leak of 2026 has fundamentally changed how we look at the software that builds our software.