Chinese AI companies, how to "copy Claude Code's homework"?

Source: Geek Park

Written by: Huailin Wuyang

If someone had told me a few days ago that Anthropic—who claims to put the “highest priority on AI safety”—would, within a week, leak two rounds of core secrets back-to-back, I’d probably have thought it was an April Fools’ Day prank.

But it just happened the day before April Fools’ Day.

On March 31, security researcher Chaofan Shou found that in version 2.1.88 of Claude Code published by Anthropic on npm, a 59.8MB source map file was included. This file, which should have been used for internal debugging, pointed to a zip archive inside Anthropic’s own Cloudflare R2 storage bucket—containing the complete TypeScript source code for Claude Code, about 1,900 files and 512,000 lines of code.

Within hours, multiple mirrored repositories appeared on GitHub. One project called “claw-code” took 50,000 stars within two hours, becoming the fastest repository to gain stars in GitHub history. The number of forks exceeded 41,500.

And just five days earlier, Anthropic had leaked the existence of its next-generation model “Mythos” due to an unprotected public data cache—described internally as a new model with “capability leaps” and that would be “far beyond all existing AI models” in terms of network security capabilities.

Two leaks in a week. A security-focused company getting slapped in the face by its own security problems. Developer community reactions were remarkably consistent—“It’s satire, but it doesn’t feel real.”

But satire aside, what was leaked is genuinely substantial. A more important question, though, is: how should an AI company use this “leak” to copy homework?

01 What’s inside Claude Code’s “shell”?

Many people’s first reaction is: Claude Code is just a command-line tool that wraps a model API, right? Even if the source code leaked, without model weights these are just a “shell.”

That judgment is half right. Claude Code really is a shell, but it’s a precision-made shell—so precise it’s surprising.

First, look at the tool system. Claude Code uses an architecture similar to plugins. Each capability—file read/write, shell execution, web scraping, LSP integration—is an independent tool module with permission controls. Just the tool definition layer has 29,000 lines of TypeScript.

The description of each tool isn’t just a simple one-liner. It’s detailed enough to tell the model when it should use the tool, how to use it, and what result it should expect after using it. These descriptions themselves are a kind of carefully tuned prompt engineering.

Next, there’s the memory system. The leaked code reveals a three-layer “self-healing memory” architecture. At the bottom is MEMORY.md, a lightweight index file, with about 150 characters per line, always loaded into the context. Specific project knowledge is distributed in “topic files,” loaded on demand. The original conversation records are never fully read back into the context; instead, when needed, specific identifiers are retrieved via grep.

In other words, the core problem that Anthropic engineers spent a lot of time solving wasn’t “how to call the API,” but “how to make the model work as intelligently as possible within a limited context window.”

Then there’s that KAIROS that excites everyone.

Named after the Ancient Greek phrase “the right time,” this feature is mentioned more than 150 times in the source code. It’s an autonomous guard-demon process model that keeps Claude Code running continuously as an always-on background proxy. Even more interesting is its “autoDream” logic: when the user is idle, the proxy performs “memory consolidation,” combining scattered observations, eliminating logical contradictions, and turning vague insights into deterministic facts.

Put another way, Anthropic is evolving an AI programming assistant from a “you ask, I answer” tool into a collaborator that continuously understands your project and proactively discovers problems.

In addition, the leaked code also includes 44 not-yet-released feature flags, covering multi-agent coordination modes (COORDINATOR MODE), voice interaction (VOICE_MODE), 30-minute remote planning sessions (ULTRAPLAN), and even a terminal pet in the style of a catamite demon (BUDDY) with 18 species and rarity tiers.

There are also two details worth mentioning. One is “frustration regex”—a regular expression used to detect whether a user is cursing Claude. Determining a user’s emotions with a regex is far faster and cheaper than using model reasoning.

The other is “undercover mode.” Anthropic uses Claude Code to make “invisible contributions” to public open-source projects. The system prompt explicitly states: “You are running in UNDERCOVER mode… Your commit messages cannot include any internal Anthropic information. Do not reveal your identity.”

02 What can Chinese AI companies learn?

Now let’s return to the truly important question.

Over the past year, China’s AI programming tool sector has clearly accelerated. ByteDance’s Trae has evolved from the original MarsCode into an AI-native IDE, integrating an Agent mode that supports end-to-end automation from requirement understanding to coding and testing. Zhipu’s CodeGeeX is open-sourced and supports local deployment, with deep optimizations for understanding Chinese code. Tongyi Lingma and Doubao MarsCode are also iterating quickly.

But if you compare these products with the architecture leaked from Claude Code, the gap isn’t whether they can be used—it’s in engineering finesse.

Lesson one: Tool descriptions are product power.

This may be the easiest thing to overlook, and also the most worth learning.

Claude Code’s prompt descriptions for each tool have been tuned with extremely fine detail—when to use it, when not to use it, how to handle the results after using it, and how to retry if an error occurs. Fundamentally, these descriptions are teaching the model how to “be a good programmer.”

Many domestic tools’ tool-use implementations still stop at the stage of “give the model a function signature and let it guess how to use it.” Simply writing tool descriptions to the level of Claude Code can elevate the performance of the same model by a whole tier.

Lesson two: The memory architecture affects user experience more than model parameters.

Claude Code’s three-layer memory system solves a very real problem: the model’s context window is limited, and you can’t stuff all historical conversations into it.

Anthropic’s approach is to layer memory—hot data stays online, warm data loads on demand, and cold data is only indexed. This idea isn’t new, but in AI programming tools’ engineering implementations, most domestic teams still haven’t reached this level of precision.

Lesson three: Emotion sensing isn’t magic—it’s an engineering problem.

Use a regular expression to detect whether the user is getting angry, and then adjust the reply strategy.

This solution is so simple it’s blunt—but it’s also highly practical. It tells you a lesson: a good AI product doesn’t need to use the model to solve every problem; sometimes a regex is enough.

Teams building AI tools in China often get stuck in the habitual thinking of “send every problem to a big model.” That’s a waste.

Lesson four: The direction pointed to by KAIROS matters more than KAIROS itself.

An always-on background proxy that automatically organizes memory and discovers problems when the user isn’t using it.

This product direction means the next step for an AI programming assistant isn’t “answering questions faster,” but “working already when you haven’t asked.”

At present, nearly all domestic AI programming tools are reactive—users issue commands, and the tools execute them.

Whoever is first to build the guard-demon process pattern may end up defining the next generation of product form.

03 Where’s the boundary of “copying”?

Of course, there’s a line between learning and plagiarism.

On the legal side, this isn’t open-source code—it’s a leaked commercial software. Building a product directly based on the leaked code carries clear copyright risk. On GitHub, “claw-code” claims it will rewrite everything in Rust, but if the core logic is copied, the legal boundary remains murky.

For Chinese companies, amid growing pressures to expand overseas, these risks need to be seriously assessed.

On the technical side, many of Claude Code’s design decisions are deeply customized for Claude model capabilities. For example, its tool descriptions are so long and detailed because Claude’s long-context handling capability is strong enough that it won’t “drift off” just because the system prompt is too long. If you copy the same prompt strategy to models with shorter context windows and weaker instruction following, it could backfire.

The truly smart approach isn’t forking 512,000 lines of code, but understanding the tradeoffs behind every design decision, then re-implementing it tailored to your own model’s characteristics.

You can learn the architecture approach, you can learn the tool orchestration pattern, you can learn the memory-layering strategy—but the implementation must be your own.

There’s also an easily overlooked reality: Anthropic leaked a snapshot, while their engineering team iterates every day. Forty-four feature flags imply that at least a dozen major features are queued for release.

The code you fork today will be the old version next month. If you chase copying, you’ll never catch up. Only by understanding the underlying principles can you run your own route.

The biggest significance of this leak may not be the technical details, but the way it tears away a layer of mystique—turns out that Anthropic’s most core AI programming tool, at the bottom, is nothing more than carefully designed prompt orchestration plus engineeringized tool dispatch.

No black magic—just a lot of detail refinement.

For Chinese AI companies, this is actually good news. It means the gap is bridgeable. The prerequisite is that you have the patience to polish those details—rather than thinking about taking someone else’s code, changing the name, and calling it yours.