Claude Code Source Code Leak and Latest Releases of Gemma 4, Qwen 3.6-Plus
A Solayer Labs intern discovered a source map in the npm package @anthropic-ai/claude-code v2.1.88 containing 512K lines of TypeScript code—59 MB across 1,900 files. Anthropic sent out 8,100 DMCA notices on GitHub but, after backlash, limited it to just one repository. The community dissected the architecture: boot sequence, tool system, query loop, four-layer context compression (HISTORY_SNIP, Microcompact, CONTEXT_COLLAPSE, Autocompact), 40+ tools, streaming with parallel tools.
Claude Code Architecture and Hidden Features
Analysis on ccleaks.com revealed key components: repo state in context, aggressive caching, custom Grep/Glob/LSP, file deduplication, structured session memory, subagents. Hidden features include:
- Kairos: always-on background agent.
- Buddy: virtual pet in the terminal with 18 varieties, hex-encoded names to bypass scanners.
- Ultraplan/Ultrathink: advanced reasoning.
- Dream: nighttime memory consolidation.
USER_TYPE=ant: extended telemetry for employees.- Regex for "wtf" and "frustrating" to detect user frustration.
The community launched Claw Code: a Python port of the leaked sources, plus a Rust rewrite (9 crates, 48K lines, mock parity harness). The repo racked up 171K stars. OpenClaude and open-multi-agent emerged for integration with any models.
The competitive edge of coding agents lies in their harness: model-specific conditionals, error handling, diagnostics, integrations. The leak turned this into a public benchmark.
Malicious npm packages color-diff-napi and modifiers-napi mimic compilation of the leaked code—a supply-chain attack.
Anthropic's Restrictions and Migrations
Anthropic blocked Claude subscriptions for third-party harnesses (OpenClaw). OAuth tokens only work in Claude Code and claude.ai. For OpenClaw, you need extra usage or an API key. Compensation includes a bonus monthly subscription, 30% off bundles, and refunds.
Developers are migrating to Codex (OpenAI), Kimi, GLM, MiniMax, Qwen. API costs for Opus 4.6 jumped from $200/month to $1,000+.
Key takeaways:
- The leak exposed Claude Code's harness as the key to its performance.
- Rust-based Claw Code hit 171K stars in a week.
- Anthropic restricted subscriptions for open-source harnesses.
- Supply-chain attacks hit npm.
- Local models (Gemma 4, Qwen) strengthen cloud alternatives.
Gemma 4 and Qwen 3.6-Plus Releases
Google DeepMind released Gemma 4 under Apache 2.0: 31B dense, 26B MoE (4B active), E4B/E2B for mobile. Multimodal (text+images+audio), 256K context. Benchmarks: Arena—3rd place (31B), 6th (26B A4B); GPQA Diamond 85.7%.
Performance:
| Model | Platform | tok/s | VRAM/RAM |
|-------------|----------------|-------|----------|
| 26B A4B | RTX 4090 | 162 | 19.5 GB |
| 26B A4B | Mac mini M4 16GB | 34 | - |
| Demo (llama.cpp) | - | 300 | - (speculative decoding) |
Day-0 support: llama.cpp, Ollama 0.20+, vLLM, LM Studio, Transformers.js. Tokenizer bug in llama.cpp fixed via patches.
Alibaba Qwen 3.6-Plus: SWE-bench Verified 78.8 (vs Opus 4.6 80.9), GPQA Diamond 90.4, 1M token context. Available on Openrouter (40 tok/s). Qwen3.5-27B beats Gemma 4 31B on most benchmarks except multilingual. Qwen3.5-Omni: audiovisual coding (10 hours audio, 113 languages).
Other Ecosystem Updates
Nous Research Hermes Agent v0.7.0: modular memory (Honcho, vector stores), key pools with rotation, Camofox for browsing, inline diffs in TUI. 168 PRs, migrations from OpenClaw.
Cursor v3: Agents Window (parallel agents in worktrees/cloud/SSH), Design Mode, /best-of-n for model comparisons, Await tool, fast diffs.
llama.cpp >100K stars. Flash-MoE runs Qwen3.5-397B on MacBook Pro 48GB (4.4 tok/s, 5.5GB RAM). Transformers.js v4 + WebGPU. Gemma 4 E4B on iPhone via Swift MLX.
Cross-agent composition: Codex plugin for Claude Code with reviews via ChatGPT.
— Editorial Team
No comments yet.