Anthropic Is Building Two Products on One Codebase:
The Leaked Architecture That Rewrites the AI Playbook

Anthropic shipped version 2.1.88 of Claude Code to npm on March 31, 2026. A 59.8 MB source map file was still attached. That source map pointed to a zip archive sitting in a public Cloudflare R2 bucket with zero authentication. Security researcher Chaofan Shou spotted it. His tweet hit 16 million views. An early GitHub mirror collected 41,500 forks and 50,000 stars in roughly two hours.

Inside the zip: 512,000 lines of unobfuscated TypeScript across 1,884 files. Not model weights. Not customer data. Something arguably more revealing. The full client-side agent orchestration layer that wraps Claude and manages tools, multi-agent workflows, persistent memory, and long-running background sessions. Plus 44 hidden feature flags, 20 of which pointed to unshipped products. One of those products was a Tamagotchi-style virtual companion called Buddy. Another was an always-on autonomous daemon called KAIROS, referenced over 150 times in the codebase.

Anthropic called it a "release packaging issue due to human error." That is probably true. But the contents of the leak tell a story no press release would. Anthropic is not building one product. It is building two. An enterprise-grade agent runtime and a consumer-facing emotional companion. Both run on the same infrastructure. I think this dual-track architecture is the most important product strategy signal in AI right now. And it changes what developers should be building on top of.

The Two-Track Stack

Here is the framework. Call it the Two-Track Stack.

Track 1 is the Daemon Layer. Always-on, background-running agent infrastructure designed for developers and enterprises. The plumbing. KAIROS, cron-style scheduling, multi-agent orchestration, persistent memory, tool execution, webhook integrations. This is the "AI operating system" play.

Track 2 is the Companion Layer. Consumer-facing, emotionally engaging, personality-driven interfaces built on top of the exact same plumbing. Buddy the Tamagotchi. Mood tracking. XP systems. Frustration detection. Streaks. This is the "AI relationship" play.

The interesting part is not that both tracks exist. Everyone suspected labs were working on agents and companions. The interesting part is that they share a single codebase. The same tool-calling loops, the same permission schemas, the same memory consolidation pipeline powers both a serious coding daemon and a virtual pet that reacts when you curse at your terminal.

That architectural unification is the strategy. One infrastructure investment. Two product surfaces. Two business models. Two retention loops. The Daemon Layer sells to engineering teams by the seat. The Companion Layer sells to individuals through daily engagement. My read on this: every major AI lab is either already doing this or will be within 12 months.

Inside the Machine: What 512,000 Lines Actually Reveal

Let me walk you through what the leaked code shows, because the architecture is genuinely wild once you understand it. This is not a chatbot with bash access. It is a full orchestration platform.

Start with the tools directory. About 50,800 lines across 184 files implementing roughly 40 concrete tool modules. File I/O. Shell and REPL execution. Web fetch and search. MCP hooks. Multi-agent task plumbing. Worktree modes. At least 8 of those tools are devoted specifically to sub-agent spawning, task tracking, output reading, and runaway-process control. One Claude orchestrating multiple worker Claudes, each with its own restricted toolset. Think of it as a 500 IQ intern who can clone itself and assign tasks to its own copies.

Then there is KAIROS. This is the daemon mode. It runs background sessions while the user is idle. It executes something called autoDream, a nightly memory consolidation process that merges observations, cleans contradictions, and converts vague insights into verified facts. It maintains a persistent, evolving understanding of your project. It has access to tools that regular Claude Code sessions do not. It can sleep and self-resume without explicit user prompts. It supports cron-style scheduling with create, delete, and list operations, including external webhooks.

The practical translation: KAIROS is an always-on teammate who notices things before you ask. It watches your repo overnight, consolidates what it learned, and surfaces only high-value updates through a special Brief output mode optimized for persistent assistants. That is a fundamentally different mental model from "type a prompt, get a response."

Now flip to Buddy. The code describes a Tamagotchi-style virtual companion that sits beside your input box and reacts to your coding. It has configurable personality traits and moods. It tracks user sentiment, flagging cursing as negative emotion and adjusting its behavior accordingly. It has gamification elements like XP leveling, streaks, and rewards. It uses the same persistent memory system as KAIROS.

Here is what matters for builders. The permission and execution layer underneath both products is identical. Automatic shell command execution. Model Context Protocol integrations. Environment variable handling. Project-loading flows. Safety and approval checks. The nicher you go on top of this stack, the faster you grow. You do not need to rebuild the plumbing. You need to pick which surface you are building: daemon or companion. Or both.

One critical caveat. It is unclear whether the security model is ready for production. The leak itself exposed architectural patterns that reduce the research cost for attackers. Zscaler's ThreatLabz already documented malicious archives labeled "Claude Code Leaked Source Code" delivering Vidar infostealer malware through a Rust-based dropper. Earlier CVEs in Claude Code's execution paths included remote code execution and API key exfiltration via malicious repos and MCP servers. The compaction system that summarizes long conversations into shorter memories has a known vulnerability: if an attacker plants instructions in a file and Claude reads it, then compaction runs, the injected instructions can survive in the summary with no origin tag. In an always-on agent world, that is persistent, hard-to-audit behavioral drift. Memory poisoning is a real risk.

One more number worth knowing. Claude Code's annual recurring revenue sits at approximately $2.5 billion, roughly 13% of Anthropic's total $19 billion ARR. The agent harness is not a side project. It is a major revenue driver. Anthropic has been shipping a new feature roughly every 2 weeks, with the majority of the system already implemented and sitting behind feature flags. The velocity is real.

2031

Three signals inside the same shift

Pull back five years from today. Where does the Two-Track Stack lead?

I think we are watching the early formation of something like an AI utility layer. Not a single product. Not an API. An ambient infrastructure that runs continuously in the background of every developer's machine, every team's CI pipeline, and eventually every consumer's phone.

The asymmetric advantage belongs to whoever controls both tracks simultaneously. Enterprise agents generate revenue and data. Consumer companions generate retention and emotional lock-in. The flywheel between them is the shared memory and tooling layer. The more the daemon learns about your codebase, the better the companion understands your working patterns. The more the companion keeps you engaged, the more data flows back into the daemon's context.

This is the Costco hot dog strategy applied to AI. The companion is the $1.50 hot dog. It gets people through the door. The daemon is the warehouse membership. It generates the margin.

The counterargument deserves respect. Most developers still want predictable, request-response APIs. Operational risk makes always-on agents hard to productize at scale. Regulatory and legal pressures may push toward less autonomy, not more. Corporate counsel will demand explicit audit logs, limited write permissions, and human-in-the-loop approval rather than "run while you sleep" defaults. For regulated or safety-critical systems, developers may explicitly avoid deep delegation.

The data is mixed on whether this reshapes mainstream developer workflows as dramatically as the architecture suggests. The leak validates that Anthropic is building persistent, tool-using agents and experimenting with long-lived background processes. But calling this a coordinated industry conspiracy overstates how hidden it was. Labs have been publicly talking about agents and companions since late 2024. The leak confirms implementation details, not intent that was truly secret.

Still, implementation details matter. Seeing 512,000 lines of production code is different from reading a blog post about "our vision for AI agents." The architecture is real. The feature flags are real. The revenue is real. And the pattern of building both tracks on shared infrastructure is, I think, the template every serious AI company will follow. Impermanence applies to today's integration patterns too. The stateless prompt-response model that developers have used since 2022 is a temporary equilibrium, not a permanent architecture.

What to Build This Weekend

You do not need 512,000 lines of TypeScript to start thinking in two tracks. Here is what you can do right now.

First, map your current AI integration pattern. Open whatever project uses an AI API. Ask yourself: is this stateless or stateful? Does it remember anything between sessions? If the answer is stateless, you are building on the old mental model. That is fine today. It will not be fine in 18 months.

Second, prototype a persistent memory layer. Use Granola to capture meeting context that persists across sessions. It listens to your calls and augments your notes in real time, filling gaps you missed. This is the simplest version of the "daemon" pattern: an AI that accumulates context over time instead of starting fresh every interaction.

Third, break down the migration into steps. Goblin Tools Magic ToDo lets you paste a single overwhelming task like "add persistent memory to my AI workflow" and splits it into bite-sized steps. Super easy way to go from abstract architecture to concrete Saturday afternoon project.

Fourth, visualize the Two-Track Stack for your own product. Paste your notes about daemon vs. companion features into Napkin and let it generate a diagram. Having a visual map of which features belong to which track clarifies your roadmap faster than any planning doc.

Fifth, pick one track and build the smallest possible version. If you are building for developers, create a background script that watches a repo directory, summarizes changes overnight, and posts a brief update to Slack in the morning. If you are building for consumers, create a simple companion that remembers three facts about the user across sessions and references them naturally. Neither requires a 500 IQ intern. Both require you to think about persistence, memory, and always-on behavior.

The leak showed us the blueprint. The tools exist. The architecture is public. The question is not whether AI integration moves from stateless to stateful, from session-based to persistent, from single-agent to multi-agent. The question is whether you start building for that world this weekend or wait until everyone else already has.