The Claude Code Source Leak — What Actually Happened and Why It Matters

Separating the jailbreak hype from the genuine security story

Today a GitHub repository appeared claiming to be a "freed" build of Anthropic's Claude Code CLI — telemetry stripped, "guardrails removed", experimental features unlocked. Within hours it was circulating on security Twitter with the usual breathless framing.

The reality is more interesting and more mundane than the hype suggests.

What actually happened

Anthropic's Claude Code npm package shipped with embedded JavaScript source maps, exposing the original TypeScript source. This is a build pipeline mistake — the kind of thing that happens when teams are moving fast and release hygiene slips. It's embarrassing but not catastrophic.

The repository author used that exposed source to strip telemetry, flip some compile-time feature flags, and publish a fork. Technically straightforward, legally ambiguous.

What the "guardrails removed" claim actually means

The Claude Code CLI injects additional system prompt instructions into every conversation on top of the model's own training. Removing those injections means the model receives slightly less constrained framing — it does not mean the model's behaviour is fundamentally changed. The safety characteristics come from training, not from a prompt wrapper.

Why this matters for organisations relying on Claude

The more interesting question isn't whether someone can strip telemetry from a CLI. It's what the growing dependency on a single AI provider looks like when build pipeline mistakes happen at scale — and what the blast radius looks like as that dependency deepens across legal, financial, and investigative workflows.

Data sovereignty isn't just about privacy. It's about not being in the blast radius when someone else makes a mistake.