What Actually Leaked

On March 31, 2026, a debug file (a .map source map) was accidentally bundled into version 2.1.88 of the @anthropic-ai/claude-code npm package. The file pointed to a zip archive on Anthropic's own cloud storage. One researcher downloaded it. Within hours, the full TypeScript codebase was everywhere.

Anthropic confirmed it and called it human error. No model weights. No customer data. Just the full architecture of their most commercially successful product — the agent harness that makes Claude Code work.

That harness is generating $2.5 billion in annualised revenue.

What the Architecture Actually Shows

Claude Code is not a wrapper around an LLM. The leaked source revealed a layered system with four distinct components working together.

A tools layer. Every capability — file read, bash execution, web search, git operations — is a self-contained module with its own input schema, permission model, and execution logic. The tools are atomic. The LLM decides which tool to call. The harness just executes it.

A memory system. This is the most instructive part. Claude Code uses a three-layer memory architecture:

• MEMORY.md — a lightweight index of pointers, roughly 150 characters per entry. Always in context. Points to locations, not data.

• Topic files — the actual knowledge, fetched on demand when the pointer says to get it.

• Session transcripts — never fully re-read. Grep'd for specific identifiers only.

• 
  

The system has "strict write discipline": the agent can only update its memory index after a successful file write. This prevents polluting context with failed attempts.

The engineering insight here is sharp: the problem with most AI agents isn't that they forget things. It's that they try to remember everything and overwhelm their own context window. Claude Code's solution is a pointer system that keeps context clean regardless of session length.

A multi-agent orchestration layer. For complex tasks, Claude Code spawns subagents with isolated context. Each subagent gets the system prompt, the task, and specific context — but not the parent's full conversation history. This prevents "context contamination" where a long thread corrupts the subagent's reasoning.

A query engine. Handles all LLM API calls, manages retries, token budgets, and model routing. One internal comment revealed that 1,279 sessions had 50+ consecutive compaction failures in a single day — burning 250,000 API calls globally. The fix was three lines: stop retrying after 3 consecutive failures. Good engineering is knowing when to quit.

Why This Matters for Data Teams

Most data teams building AI on their stack are making a specific mistake: they're treating the LLM as the product. They connect an LLM to Snowflake, run a query, get an answer, call it done.

What Claude Code reveals is that the LLM is not the product. The harness is.

The harness is what decides which tools the agent has access to. What it remembers across sessions. How it handles failure. When it spawns a subagent versus staying in one thread. How it manages the context window when a dbt project has 200 models and the conversation is two hours old.

We've seen this pattern across 50+ data engineering engagements. The clients who get the most from AI on their stack aren't the ones who connected the best model. They're the ones who built the cleanest data foundation for the agent to work with — and the best tooling for it to act on.

A dbt project with well-documented models, clean staging layers, and consistent naming conventions is not just good data engineering. It's the harness that makes an AI agent effective in your environment.

An LLM pointed at raw tables with no documentation, inconsistent joins, and three different definitions of "revenue" will hallucinate confidently and give you wrong answers at speed.

What the Leak Tells Us About What's Coming

The leaked source contained 44 feature flags — 20 of them fully built but not yet released. A few worth knowing about:

KAIROS — an always-on background agent mode. It watches your session, logs observations, and performs memory consolidation while you're idle. It merges observations, removes contradictions, and converts vague insights into facts. When you return, the context is clean and relevant.

ULTRAPLAN — offloads complex planning to a remote cloud session running Opus, gives it up to 30 minutes, and lets you approve the result from your browser. The agent does the thinking. You approve before execution.

Capybara — the internal codename for Anthropic's next model family. Referenced extensively in the source. Likely a fast and slow variant with a significantly larger context window than current models.

The pattern is clear: agents are moving from reactive to proactive. From single-session to persistent. From responding to prompts to watching, planning, and acting.

For data teams, this is the direction: an agent that knows your dbt project, watches your pipeline health, flags anomalies before your Monday morning Slack message does, and proposes the fix before you ask.

That's not science fiction. The architecture for it is now public.

What to Actually Do With This

Three things worth doing now, in order of effort:

1. Audit your context management. If you're using Claude Code or any AI coding agent on a data project, look at how it handles long sessions. Does it degrade after an hour? Start forgetting schema details or reverting to old patterns? That's context entropy. The MEMORY.md pointer pattern from the leaked architecture is a direct fix — it's implementable without any proprietary code.

2. Document your dbt project like the agent will read it. YAML descriptions on every model. Consistent naming. A CLAUDE.md at the root of your project that explains your conventions, your tier structure, your testing philosophy. An agent working from a well-documented project produces dramatically better results than one guessing from raw SQL.

3. Think about what your "harness" looks like. If you're building any kind of AI capability into your data stack — whether that's a Cortex Analyst chatbot, an automated reporting agent, or a pipeline monitoring system — the bottleneck is not the model. It's the quality of the tooling, documentation, and data foundation you're giving it to work with.

We've helped 32+ teams build data stacks they can actually trust. The ones who are furthest along with AI aren't the ones who got the best model. They're the ones who did the foundational work first.

The Claude Code leak was an accident. What it exposed ,that production-grade AI agents run on disciplined architecture, not clever prompting , was not an accident. That's just how this works.

If your data stack isn't ready for an agent harness, the model doesn't matter.

We offer a free 30-minute architecture review for teams evaluating AI on their data stack. warehows.ai