Babiato Knight King
Administrator
Free Claude Code — No Telemetry, No Limits, Hidden Features Exposed
Anthropic accidentally shipped Claude Code with a public source map, and that mistake let people reconstruct a huge chunk of the app's readable source code from version 2.1.88. Multiple reports say the exposed package revealed roughly 512,000 lines of code, hidden feature flags, internal prompts, and unreleased tooling, while Anthropic said no customer data or credentials were leaked.
This post breaks down what was found, what is real, what is hype, what the unofficial "free" forks actually do, and which settings you can already use on the official client today.
What's in this post
Even if you are not a developer, this is easy to follow. The leak matters because it exposed how Claude Code works internally, what features Anthropic has built but not fully shipped, and how much control the official client keeps through flags, prompts, and remote configuration.
How it happened
Think of a source map like a decoder file for minified JavaScript. In a normal release, users get the optimized build, but the source map makes it much easier to trace that build back to readable source files, and reports say Anthropic accidentally published such a file with Claude Code 2.1.88.
Coverage of the incident points to a file called
, reported at about 59.8 MB, inside the public package. That file reportedly allowed reconstruction of around 1,900 files and more than 512,000 lines of source, including feature flags, prompts, and internal code paths not intended for public view.
Quick facts
Secret features found in the source
The leak did not just expose code; it exposed the roadmap hidden inside the codebase. Public writeups describe unreleased or partially shipped features like KAIROS, Buddy, coordinator workflows, voice tooling, browser tools, daemon-style background operation, and agent scheduling.
A lot of these appear to exist behind feature flags rather than as imaginary prototypes. That does not mean every feature is fully usable outside Anthropic, but it strongly suggests Claude Code contains more capability than the public release exposes by default.
Examples repeatedly mentioned
Buddy: yes, the terminal pet is real
One of the strangest leak details was Buddy, a terminal pet system built into Claude Code. Coverage says it includes multiple species, rarity behavior, stats, cosmetic elements, and account-linked behavior, which sounds ridiculous until you realize several independent reports mention it.
The species list commonly cited includes animals and novelty types like duck, goose, blob, cat, dragon, octopus, owl, penguin, turtle, ghost, axolotl, capybara, cactus, robot, rabbit, mushroom, and chonk. Public reporting around the leak also says Buddy requires paid Claude Code access rather than being available to every user.
Buddy-related links
Undercover Mode
One of the most controversial findings was a reported internal mode often described as Undercover Mode. Public summaries say it was designed for public or open-source repo work and could remove obvious traces that Claude assisted with a contribution, including attribution-like metadata and AI fingerprints in commit flow.
That matters because the issue is not just technical capability, but transparency. If the reporting is accurate, this was aimed at internal Anthropic workflows rather than public end users, which makes it notable from both an ethics and disclosure point of view.
The free fork
A third-party fork called free-code quickly became one of the most discussed follow-up projects. The mirror describes it as a build with telemetry removed, all experimental features enabled, and various internal restrictions stripped out, while the README install flow shows a one-line installer and build paths for full-feature development builds.
That said, "everything unlocked" should be taken with caution. Even the people documenting the fork acknowledge that some internal Anthropic-only pieces were not present in the leaked package at all, so enabling flags does not magically restore code that never shipped publicly.
Install command
The mirrored README says this installer checks the system, installs Bun if needed, clones the repo, builds it with experimental features enabled, and adds free-code to your PATH.
Build commands
Fork links
Security warning before installing anything
This is the part too many people skip. A stripped fork may sound fun, but removing protections, prompt restrictions, or permission checks can make the client more dangerous when pointed at untrusted repos or code. Public leak coverage focused heavily on hidden features, but the practical risk is that users may run unofficial builds without understanding what safety systems they just removed.
If you want to test anything related to this story, do it in an isolated environment. Do not run unofficial forks against work machines, production keys, private repos, or random GitHub projects you have not audited.
Telemetry and traffic controls
Claude Code's official docs include environment variables that let users disable or reduce telemetry and nonessential traffic. That means some of the privacy-related tweaks people are promoting in forks are already available, at least in part, in the official client.
Official environment variable examples
Those variables are documented in Anthropic's official Claude Code environment variable reference.
Useful official links
Hidden settings people are discussing
Beyond the officially documented variables, community resources have been cataloging additional settings, commands, shortcuts, config files, and feature hooks. One of the best-known references is the Storyfox cheat sheet, which lists commands such as /memory, /hooks, /skills, /agents, /schedule, /security-review, and config locations like
and
.
That does not mean every variable or command on community sheets is stable or supported, but these references are useful if you want to explore the client without relying only on viral posts.
Example config and command references from the cheat sheet
Cheat sheet link: https://cc.storyfox.cz
System prompts and internal behavior
Another major part of the leak story is the extraction and documentation of Claude Code system prompts. Public repositories now track the main system prompt, built-in tool descriptions, agent prompts, prompt hooks, status-line prompts, sentiment analysis prompts, and other internal prompt fragments associated with Claude Code behavior.
One notable repo, Piebald-AI's claude-code-system-prompts, describes itself as a maintained source for Claude Code prompt components and release tracking. That makes it relevant not just for curiosity, but for anyone studying how agent workflows, prompts, or tool scaffolding are evolving.
Prompt links
DMCA wave and mirrors
Once the leak started spreading, copies and mirrors began appearing fast. At the same time, takedowns and deletions followed just as quickly, which is why mirrors, rewrites, and alternative hosts became part of the story almost immediately.
That pattern is exactly why projects like GitLawb mirrors and clean-room rewrites gained traction: they are either mirrored beyond a normal GitHub takedown path or rewritten enough to complicate direct removal.
Free alternatives that avoid the mess
If the goal is simply "AI coding assistant without subscription lock-in," you do not need leaked Claude Code forks to get there. Community documentation and repo discussions around this leak repeatedly point users toward alternatives, and the Storyfox reference itself shows just how broad the Claude Code ecosystem has become around commands, skills, plugins, and workflows.
In practice, the safest route is simple: use official Claude Code with documented env vars, or use a legal open alternative rather than an unofficial fork built from leak-era chaos. That gives you fewer legal, security, and maintenance problems.
Resource list
The real takeaway is not that Claude Code got "fully cracked." It is that Anthropic accidentally exposed how much more exists behind the public product: hidden flags, internal prompts, experimental agent flows, and a lot of control surfaces most users never see. Whether you touch the unofficial forks or not, the leak gave the public a rare look at how a major AI coding tool is actually put together.
Anthropic accidentally shipped Claude Code with a public source map, and that mistake let people reconstruct a huge chunk of the app's readable source code from version 2.1.88. Multiple reports say the exposed package revealed roughly 512,000 lines of code, hidden feature flags, internal prompts, and unreleased tooling, while Anthropic said no customer data or credentials were leaked.
This post breaks down what was found, what is real, what is hype, what the unofficial "free" forks actually do, and which settings you can already use on the official client today.
What's in this post
Even if you are not a developer, this is easy to follow. The leak matters because it exposed how Claude Code works internally, what features Anthropic has built but not fully shipped, and how much control the official client keeps through flags, prompts, and remote configuration.
- How the leak happened.
- Hidden features and unreleased tools.
- Buddy, the built-in terminal pet.
- Undercover Mode and attribution removal.
- The unofficial free-code fork.
- Security warnings before installing anything.
- The GitHub takedown wave.
- Telemetry and network controls.
- Model and prompt references exposed by the leak.
- Free alternatives that avoid legal and security risk.
How it happened
Think of a source map like a decoder file for minified JavaScript. In a normal release, users get the optimized build, but the source map makes it much easier to trace that build back to readable source files, and reports say Anthropic accidentally published such a file with Claude Code 2.1.88.
Coverage of the incident points to a file called
Code:
cli.js.mapQuick facts
- Version involved:
Code:
@anthropic-ai/claude-code@2.1.88 - Exposed file:
Code:
cli.js.map - What leaked: Claude Code client source, prompts, flags, and tooling references; not user chats, passwords, or model weights.
- Anthropic's position: reporting described it as a packaging mistake or human error, not a breach of customer systems.
Secret features found in the source
The leak did not just expose code; it exposed the roadmap hidden inside the codebase. Public writeups describe unreleased or partially shipped features like KAIROS, Buddy, coordinator workflows, voice tooling, browser tools, daemon-style background operation, and agent scheduling.
A lot of these appear to exist behind feature flags rather than as imaginary prototypes. That does not mean every feature is fully usable outside Anthropic, but it strongly suggests Claude Code contains more capability than the public release exposes by default.
Examples repeatedly mentioned
| Feature | What it appears to do | Status |
|---|---|---|
| KAIROS | Background or always-on agent behavior. | Reported from leaked code. |
| Buddy | Terminal pet/companion system. | Publicly discussed after the leak. |
| Coordinator Mode | Multi-agent orchestration flow. | Reported from internal flags/prompts. |
| Voice Mode | Voice interaction tooling. | Mentioned in leak coverage. |
| Browser Tool | Web interaction capability. | Reported from exposed internals. |
| Daemon / triggers | Background or scheduled automation. | Mentioned in writeups. |
Buddy: yes, the terminal pet is real
One of the strangest leak details was Buddy, a terminal pet system built into Claude Code. Coverage says it includes multiple species, rarity behavior, stats, cosmetic elements, and account-linked behavior, which sounds ridiculous until you realize several independent reports mention it.
The species list commonly cited includes animals and novelty types like duck, goose, blob, cat, dragon, octopus, owl, penguin, turtle, ghost, axolotl, capybara, cactus, robot, rabbit, mushroom, and chonk. Public reporting around the leak also says Buddy requires paid Claude Code access rather than being available to every user.
Buddy-related links
- Species gallery: https://claude-buddy.vercel.app
- Community cheat sheet: https://cc.storyfox.cz
Undercover Mode
One of the most controversial findings was a reported internal mode often described as Undercover Mode. Public summaries say it was designed for public or open-source repo work and could remove obvious traces that Claude assisted with a contribution, including attribution-like metadata and AI fingerprints in commit flow.
That matters because the issue is not just technical capability, but transparency. If the reporting is accurate, this was aimed at internal Anthropic workflows rather than public end users, which makes it notable from both an ethics and disclosure point of view.
The free fork
A third-party fork called free-code quickly became one of the most discussed follow-up projects. The mirror describes it as a build with telemetry removed, all experimental features enabled, and various internal restrictions stripped out, while the README install flow shows a one-line installer and build paths for full-feature development builds.
That said, "everything unlocked" should be taken with caution. Even the people documenting the fork acknowledge that some internal Anthropic-only pieces were not present in the leaked package at all, so enabling flags does not magically restore code that never shipped publicly.
Install command
Code:
curl -fsSL https://raw.githubusercontent.com/paoloanzn/free-code/main/install.sh | bash
export ANTHROPIC_API_KEY="sk-ant-..."
free-codeThe mirrored README says this installer checks the system, installs Bun if needed, clones the repo, builds it with experimental features enabled, and adds free-code to your PATH.
Build commands
Code:
# Clone the repo
git clone https://github.com/paoloanzn/claude-code.git
cd claude-code
# Install dependencies
bun install
# Standard build
bun run build
# Dev build
bun run build:dev
# Dev build with all experimental features enabled
bun run build:dev:full
# Compiled build
bun run compileFork links
- Mirror: https://gitlawb.com/node/repos/z6MkgKkb/paoloanzn-free-code
- Alternate mirror page: https://gitlawb.com/node/repos/z6Mks1jg/free-code
- GitHub profile reference: https://github.com/paoloanzn
Security warning before installing anything
This is the part too many people skip. A stripped fork may sound fun, but removing protections, prompt restrictions, or permission checks can make the client more dangerous when pointed at untrusted repos or code. Public leak coverage focused heavily on hidden features, but the practical risk is that users may run unofficial builds without understanding what safety systems they just removed.
If you want to test anything related to this story, do it in an isolated environment. Do not run unofficial forks against work machines, production keys, private repos, or random GitHub projects you have not audited.
Telemetry and traffic controls
Claude Code's official docs include environment variables that let users disable or reduce telemetry and nonessential traffic. That means some of the privacy-related tweaks people are promoting in forks are already available, at least in part, in the official client.
Official environment variable examples
Code:
export CLAUDE_CODE_ENABLE_TELEMETRY=0
export DISABLE_ERROR_REPORTING=1
export CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC=1
claudeThose variables are documented in Anthropic's official Claude Code environment variable reference.
Useful official links
- Environment variables: https://code.claude.com/docs/en/env-vars
- Changelog: https://code.claude.com/docs/en/changelog
Hidden settings people are discussing
Beyond the officially documented variables, community resources have been cataloging additional settings, commands, shortcuts, config files, and feature hooks. One of the best-known references is the Storyfox cheat sheet, which lists commands such as /memory, /hooks, /skills, /agents, /schedule, /security-review, and config locations like
Code:
~/.claude/settings.json
Code:
~/.claude.jsonThat does not mean every variable or command on community sheets is stable or supported, but these references are useful if you want to explore the client without relying only on viral posts.
Example config and command references from the cheat sheet
Code:
/init
/memory
/mcp
/hooks
/skills
/agents
/chrome
/reload-plugins
/add-dir <path>
/schedule
/security-review
/release-notes
Code:
~/.claude/settings.json
.claude/settings.json
.claude/settings.local.json
~/.claude.json
.mcp.json
managed-settings.d/Cheat sheet link: https://cc.storyfox.cz
System prompts and internal behavior
Another major part of the leak story is the extraction and documentation of Claude Code system prompts. Public repositories now track the main system prompt, built-in tool descriptions, agent prompts, prompt hooks, status-line prompts, sentiment analysis prompts, and other internal prompt fragments associated with Claude Code behavior.
One notable repo, Piebald-AI's claude-code-system-prompts, describes itself as a maintained source for Claude Code prompt components and release tracking. That makes it relevant not just for curiosity, but for anyone studying how agent workflows, prompts, or tool scaffolding are evolving.
Prompt links
- https://github.com/Piebald-AI/claude-code-system-prompts
- https://github.com/Piebald-AI/claude-code-system-prompts/releases
DMCA wave and mirrors
Once the leak started spreading, copies and mirrors began appearing fast. At the same time, takedowns and deletions followed just as quickly, which is why mirrors, rewrites, and alternative hosts became part of the story almost immediately.
That pattern is exactly why projects like GitLawb mirrors and clean-room rewrites gained traction: they are either mirrored beyond a normal GitHub takedown path or rewritten enough to complicate direct removal.
Free alternatives that avoid the mess
If the goal is simply "AI coding assistant without subscription lock-in," you do not need leaked Claude Code forks to get there. Community documentation and repo discussions around this leak repeatedly point users toward alternatives, and the Storyfox reference itself shows just how broad the Claude Code ecosystem has become around commands, skills, plugins, and workflows.
In practice, the safest route is simple: use official Claude Code with documented env vars, or use a legal open alternative rather than an unofficial fork built from leak-era chaos. That gives you fewer legal, security, and maintenance problems.
Resource list
The real takeaway is not that Claude Code got "fully cracked." It is that Anthropic accidentally exposed how much more exists behind the public product: hidden flags, internal prompts, experimental agent flows, and a lot of control surfaces most users never see. Whether you touch the unofficial forks or not, the leak gave the public a rare look at how a major AI coding tool is actually put together.
