What Claude Code's Leaked Source Reveals About AI Agent Governance

On March 31, 2026, security researcher Chaofan Shou discovered that Anthropic had accidentally shipped the complete source code of Claude Code in their npm package. A .map file contained a link to 1,900 TypeScript files - 512,000 lines of unobfuscated source. Within hours, the community mirrored it on GitHub (1,100+ stars, 1,900+ forks). Anthropic pushed an update to remove the maps, but the code was already public. This is their second major leak in five days. The source code itself is interesting but not groundbreaking. What's far more significant is what the unreleased feature flags reveal. Five unreleased features, each increasing agent autonomy. Combined, they require a governance model that doesn't exist yet. The Features Nobody Expected Kairos - Autonomous Daemon Mode. Not a session tool you invoke, but a persistent process that runs 24/7. References "nightly dreaming phases" for memory consolidation and "proactive behavior" where the agent acts without being prompted. Coordinat