Claw Code Deep Dive: How One Developer Reverse-Engineered Claude Code in a Single Night
The Night Everything Leaked
At 4 AM on March 31, 2026, a developer named Sigrid Jin (@instructkr) woke up to his phone exploding with notifications. Anthropic had accidentally published the entire source code of Claude Code — over 500,000 lines of TypeScript — inside a public npm release (v2.1.88) via debug source maps.
Security researcher Chaofan Shou was the first to spot it. Within minutes, the code was being downloaded, analyzed, and mirrored across GitHub. The dev community went into a frenzy.
Anthropic quickly acknowledged the incident:
"This was a release packaging issue caused by human error, not a security breach. No customer data or credentials were exposed."
But the damage to their IP was already done. And from that chaos, claw-code was born.
What Is claw-code?
claw-code is a clean-room Python rewrite of Claude Code's agent harness architecture. It became the fastest GitHub repo in history to reach 50,000 stars — hitting that milestone in just 2 hours after publication.
Crucially, it is not a copy of the leaked code. Sigrid Jin studied the leaked source to understand the architecture, then wrote an entirely new implementation from scratch in Python — capturing the patterns without copying proprietary code.
"I sat down, ported the core features to Python from scratch, and pushed it before the sun came up."
The Architecture Behind Claude Code (and claw-code)
So what did the leak actually reveal? Here is a breakdown of the key architectural patterns that claw-code now reimplements.
1. The Agent Harness Pattern
Claude Code (and by extension, claw-code) is built around a concept called a harness — a runtime wrapper that sits between the AI model and the operating system.
Think of it like this:
User Prompt
↓
[Agent Harness]
↓ ↓ ↓
Bash Read/Write API Calls
↓
Model sees results → decides next actionThe harness manages:
- Tool execution — running bash commands, reading/writing files
- Permission management — what the agent is allowed to do
- Session persistence — remembering context across turns
- Agentic loop — the cycle of think → act → observe → repeat
2. The Six Core Tools
claw-code currently implements the same six fundamental tools that power Claude Code:
| Tool | What It Does |
|---|---|
Bash | Executes shell commands |
Read | Reads file contents |
Write | Creates or overwrites files |
Edit | Makes precise text replacements |
Glob | Finds files matching patterns |
Grep | Searches file contents |
These six tools are deceptively simple. Combined with a capable language model, they let an AI agent autonomously navigate codebases, make changes, run tests, and fix errors — without any human in the loop.
3. Hybrid Runtime Architecture
The original Claude Code is written in TypeScript. claw-code takes a different approach with a hybrid architecture:
- Python layer — high-level metadata, session state, progress tracking, orchestration
- Rust CLI (in progress) — low-level agentic loop, tool execution, API streaming, permission enforcement
Why Rust? Speed, memory safety, and direct system access. The Rust port is actively being developed on the dev/rust branch and is expected to become the definitive runtime.
4. The OmX Workflow — AI Writing AI
One of the most fascinating parts of this story: the entire claw-code rewrite was orchestrated by another AI system called oh-my-codex (OmX), built on top of OpenAI Codex.
Sigrid used two OmX modes:
$teammode — parallel AI agents doing coordinated code review and architectural feedback$ralphmode — persistent execution loops with architect-level verification
This is a glimpse into how elite developers now work: using AI to write AI tooling, at 4 AM, under legal pressure.
The Legal and Ethical Questions
Is this legal? Is it ethical?
Sigrid himself engaged with these questions seriously, publishing an essay in the repo titled:
"Is Legal the Same as Legitimate? AI Reimplementation and the Erosion of Copyleft"
The key distinction: claw-code does not include the original leaked TypeScript source. It is a clean-room rewrite — the same approach used when companies want to reimplement APIs or architectures without copying code. This is generally considered legal (think: clean-room clones of BIOS firmware, Java API reimplementations, etc.).
However, the ethical debate continues. Anthropic invested enormous resources building Claude Code. The leak gives competitors a roadmap.
Security Concerns
A security audit of claw-code conducted on the same day identified several potential vulnerabilities in the early prototype:
- 🔴 Critical: Command injection risks in Bash tool execution
- 🟠 High: Path traversal vulnerabilities in file operations
- 🟡 Medium: Prompt injection attack surface
These are common issues in early-stage agentic systems, and the project is actively addressing them. Do not run this in production without proper sandboxing.
What This Reveals About AI Agent Architecture
The most valuable thing the leak (and claw-code) teaches us is how deceptively simple the foundation of a powerful AI coding agent actually is:
- Six tools are enough to start — bash, read, write, edit, glob, grep cover 90% of coding tasks
- The loop is the product — think → act → observe → repeat, managed well, is what makes Claude Code powerful
- Context management is the hard part — deciding what the model sees at each step, and how to persist session state
- Permission model matters — without careful controls, an agentic system is dangerous
Current State of claw-code
As of April 1, 2026:
✅ Working:
- Python implementation of core harness architecture
- All six core tools (Bash, Read, Write, Edit, Glob, Grep)
- CLI entrypoint via
python3 -m src.main - Session manifest and parity audit tools
- Rust port in progress on
dev/rustbranch
🚧 Not yet implemented:
- Model Context Protocol (MCP) support
- Subagent orchestration
- Deep IDE integration
- Full runtime parity with original TypeScript system
Why It Matters
50,000 GitHub stars in 2 hours is not just a curiosity metric. It signals how hungry the developer community is for open, auditable, self-hostable AI coding agents.
Tools like Claude Code, Cursor, and Codex are powerful — but they are black boxes running on someone else's infrastructure. claw-code represents a different philosophy: understand the machine, own the stack, run it yourself.
Whether claw-code becomes a production-grade tool or remains a fascinating architectural study, the knowledge it unlocks is already out there. The genie is not going back in the bottle.
Get Started
git clone https://github.com/instructkr/claw-code
cd claw-code
python3 -m src.main summary
python3 -m src.main manifest
python3 -m unittest discover -s tests -vWatch the dev/rust branch for the upcoming Rust runtime — that will be the version worth running.
Sources: GitHub — instructkr/claw-code, The Register, Silicon Angle, Wall Street Journal (March 21, 2026)
Admin
Cal.com
Open source scheduling — self-host your booking system, replace Calendly. Free & privacy-first.
Comments (0)
Sign in to comment
No comments yet. Be the first to comment!