Claw Code is an open-source AI coding agent framework — a clean-room rewrite of the Claude Code agent harness architecture, built from scratch in Python and Rust. No proprietary code. No model weights. Just architecture, reimagined.
On March 31, 2026, security researcher Chaofan Shou (@shoucccc) discovered that Anthropic's flagship AI coding CLI tool, Claude Code, had its complete source code accidentally published to the npm public registry via a 59.8 MB JavaScript source map file (.map) bundled inside the @anthropic-ai/claude-code v2.1.88 package. The file contained approximately 512,000 lines of TypeScript across 1,906 source files, revealing the full internal architecture of the agent harness.
Within hours of the disclosure, developer Sigrid Jin (@sigridjineth) — previously profiled by the Wall Street Journal as one of the world's most active Claude Code power users, having consumed over 25 billion Claude Code tokens in the past year — began a clean-room rewrite of the core agent harness architecture. The project, built entirely from scratch using Python, was orchestrated through oh-my-codex (OmX) with parallel code review and continuous verification. No proprietary source code was copied. The result is Claw Code.
The Claw Code repository became one of the fastest projects in GitHub history to reach 30,000 stars, achieving this milestone within hours of its initial publication. As of the latest available data, the project has accumulated over 48,000 stars and 56,000 forks, with 335 active watchers and over 2,100 open community issues.
Claw Code reimplements the core architectural patterns observed in the Claude Code agent harness. The codebase is organized into a clear modular structure, with Rust comprising 72.9% of the code (for high-performance runtime execution) and Python at 27.1% (for agent orchestration and LLM integration). An active Rust migration branch (dev/rust) targets a fully memory-safe, high-performance harness runtime.
claw-code/ ├── src/ # Python workspace │ ├── commands.py # CLI command registry & dispatch │ ├── tools.py # Plugin-based tool system (~40 tools) │ ├── models.py # LLM provider abstraction layer │ ├── query_engine.py # Core query engine (LLM calls, streaming, caching) │ ├── task.py # Task management & agent lifecycle │ └── main.py # Entry point ├── rust/ # Rust core (performance-critical paths) │ └── ... # In-progress high-performance runtime └── tests/ # Verification & integration tests
The architecture revealed by the Claude Code source leak — and independently reimplemented by Claw Code — includes several significant subsystems that define the state of the art in AI coding agents:
A plugin-based architecture with 19 built-in, permission-gated tools. Each capability — file reading, Bash execution, web scraping, LSP integration, Git operations — is implemented as a self-contained tool with granular permission controls. The Rust layer provides full JSON schema definitions for every tool. Read the complete tool reference →
The query engine serves as the central intelligence of the system, managing all LLM API calls, response streaming, caching strategies, and multi-step orchestration. Claw Code reimplements this engine with a focus on provider-agnostic design, configurable turn limits, and budget controls. Explore the query engine →
The framework supports spawning sub-agents — internally referred to as "swarms" — to parallelize complex tasks. This enables the system to decompose large engineering challenges into independently executable subtasks, each running in isolated contexts with shared memory access. The Agent tool provides full control over subagent lifecycle.
Full Model Context Protocol (MCP) support with 6 transport types — Stdio, SSE, HTTP, WebSocket, SDK, and ClaudeAiProxy. Connect the Claw Code agent to external tool servers with automatic name normalization, config hashing, and OAuth authentication. Learn about MCP integration →
Claw Code brings the architecture of production-grade AI coding agents to an open-source foundation.
19 permission-gated tools — file I/O, shell execution, Git operations, web scraping, notebook editing — each independently sandboxed with configurable access controls.
Terminal-native agent that reads your entire codebase, edits files, executes commands, runs tests, handles Git, and iterates autonomously until the task is complete.
Full interactive command system — /compact, /model, /permissions, /cost, /session — with resume support, command graph categorization, and REPL integration.
Multi-layer memory system with session persistence, transcript compaction, and context discovery. Persistent knowledge across conversations with automatic cleanup.
6-crate Rust workspace with 16 runtime modules. Performance-critical paths, zero-dependency JSON parser, OAuth PKCE flow, and syntax-highlighted terminal rendering.
Provider-agnostic API client with automatic retry, SSE streaming, OAuth authentication, and token usage tracking with cost estimation.
The Claude Code source code leak revealed several previously undocumented internal subsystems. While Claw Code does not replicate proprietary implementations, these patterns inform the project's architectural roadmap and represent significant innovations in the AI coding agent space:
A continuously-running proactive assistant mode. Rather than waiting for user input, KAIROS actively observes the development environment and takes autonomous action. It is backed by an independent append-only log system, entirely hidden from external builds in the original implementation.
An architectural pattern that offloads complex planning tasks to a remote cloud container running a more capable model (Opus-class). The system allocates up to 30 minutes of dedicated reasoning time, with browser-based approval workflows for human oversight.
A background memory consolidation engine that runs as a forked sub-agent process. Often described as the system's "dreaming" mechanism, autoDream performs idle-time analysis — reorganizing learned patterns, pruning stale context, and strengthening relevant memory associations without user interaction.
The leak revealed 44 compiled feature flags, of which 20 remain disabled for external users. These represent fully built capabilities held in reserve — indicating that Anthropic's internal feature pipeline is substantially ahead of public releases.
The Claude Code source leak spawned an ecosystem of related projects. Below is a factual comparison of the major repositories and their characteristics, based on publicly available data:
| Project | Language | Type | Contains Source? | Stars | Forks |
|---|---|---|---|---|---|
| anthropics/claude-code | TypeScript | Official Anthropic CLI agent | Official release | 89.4k | 10.5k |
| instructkr/claw-code | Python, Rust | Clean-room rewrite | No — independent implementation | 48k+ | 56k+ |
| 0xKarl-dev/claw-codes | Python, Rust | Independent agent framework | No — independent implementation | 128 | 159 |
| ghuntley/deobfuscation | TypeScript | Cleanroom reverse-engineering | Derived from NPM package | 916 | 509 |
| injekt/claude-code-reverse | Docs (MD/HTML) | Architecture analysis | No — documentation only | 36 | 3 |
| ThreeFish-AI/analysis | Docs | Reverse-engineering research | No — documentation only | 269 | 104 |
| Aspect | Claude Code (Anthropic) | Claw Code (Open Source) |
|---|---|---|
| Type | Official proprietary CLI agent | Open-source clean-room rewrite |
| Language | TypeScript | Python + Rust |
| Access | Terminal, VS Code, Web (requires Claude subscription) | Terminal (supports multiple LLM providers) |
| Cost | Requires Claude Pro/Max or Enterprise | Free and open source |
| Architecture | Monolithic TS bundle with source maps | Modular Python + Rust core |
| Tool System | ~40 built-in tools, 29k lines | Plugin-based, extensible architecture |
| LLM Support | Claude models only | Provider-agnostic (Claude, OpenAI, local models) |
Claw Code is available on GitHub. Clone the repository and follow the setup instructions to begin using the framework:
For the latest installation instructions, build configurations, and contribution guidelines, refer to the official repository README.
The Claude Code source leak catalyzed a broader ecosystem of projects and tools:
The earliest GitHub mirror of the leaked source code, combined with an independent Rust rewrite effort.
A snapshot archive of the Claude Code v2.1.88 source for historical reference and academic study.
A mobile remote-control interface for Claude Code sessions, built on tmux for persistent terminal access.
A native macOS desktop GUI client for Claude Code, providing a graphical alternative to the terminal interface.
A multi-agent virtual company simulator that uses Claude Code-style agents for organizational task orchestration.
An experimental framework for building AI agents, implementing a Python/Rust hybrid agent runtime.
The community should be aware of a supply-chain attack that occurred in conjunction with the Claude Code source leak event:
During the window of 00:21–03:29 UTC on March 31, 2026, users who installed or updated Claude Code via npm may have received a malicious version of the axios package (versions 1.14.1 or 0.30.4) containing a remote access trojan (RAT). Affected installs included an unauthorized dependency on plain-crypto-js. If your package-lock.json, yarn.lock, or bun.lockb references these versions, treat the host as fully compromised: rotate all credentials, audit access logs, and perform a clean system reinstall. Anthropic has since migrated the recommended installation method to a native installer (curl -fsSL https://claude.ai/install.sh | bash), deprecating the npm distribution channel.
Dive deeper into every aspect of the Claw Code framework — from architecture and tools to security and deployment.
Claw Code is an open-source AI coding agent framework built in Rust and Python. It is a clean-room rewrite of the Claude Code agent harness architecture, created by Sigrid Jin after the March 2026 source code leak. The project reimplements core architectural patterns — including the tool system, query engine, multi-agent orchestration, and memory management — without copying any proprietary source code.
No. Claw Code is a clean-room implementation written entirely from scratch. Independent code audits confirm that the project contains no Anthropic proprietary source code, no model weights, no API keys, and no user data. The implementation is architecturally informed but legally independent.
Claude Code is Anthropic's official proprietary CLI agent written in TypeScript, requiring a Claude subscription. Claw Code is an open-source alternative written in Python and Rust, supporting multiple LLM providers (Claude, OpenAI, local models). Claw Code offers a modular, extensible architecture that developers can customize and self-host. See the full comparison.
The codebase is composed of Rust (72.9%) and Python (27.1%). Python handles the agent orchestration layer, command parsing, and LLM integration. Rust implements performance-critical runtime paths, with an active migration branch targeting a fully native runtime for maximum performance and memory safety.
Claw Code was created by Sigrid Jin (@sigridjineth), a developer profiled by the Wall Street Journal as one of the world's most active Claude Code users, having processed over 25 billion tokens. The project is maintained under the instructkr organization on GitHub and welcomes community contributions.
Claw Code itself is open source and auditable. However, users should exercise caution with the broader ecosystem: a supply-chain attack on March 31, 2026 affected npm-based Claude Code installations. Always install from official sources, verify dependency integrity, and review lockfiles for unauthorized packages.
Claw Code is open source and actively developed. Review the architecture, contribute improvements, or fork for your own agent framework.