The Real Showdown After the Source Leak: Claude Code vs OpenClaw, 510K Lines vs 530K Lines
In our [previous article](https://zmead.com/blog/openclaw-vs-claude-code-design-philosophy), we dissected OpenClaw's 450K lines of open-source code alongside the 183 Markdown config files in Claude Code's public repository. We knew at the time that Claude Code's core runtime was closed-source — all we could analyze was the plugin ecosystem's definition layer. On March 31, 2026, security researcher Chaofan Shou discovered a 60MB `cli.js.map` file buried inside Claude Code v2.1.88's npm package — 1,884 TypeScript source files, 512,664 lines of code, fully exposed. This time, we finally get to crack open Claude Code's real engine and do a truly apples-to-apples source code comparison.
1. Updated Numbers: Two 500K-Line TypeScript Behemoths
Last time we could only compare OpenClaw’s full source against Claude Code’s config layer. Now we can finally see the complete picture:
| Dimension | Claude Code (Leaked) | OpenClaw (Latest main) |
|---|---|---|
| Source files | 1,884 .ts/.tsx (no tests) | 3,044 .ts (no tests) |
| Lines of code | ~512,000 | ~530,000 |
| Core language | TypeScript + React (Ink) | TypeScript (ESM) |
| Build tool | Bun bundler | tsdown + pnpm workspace |
| UI framework | Ink (React terminal rendering) | TUI (custom terminal UI) |
| Built-in tools | 42 tool directories | Plugin dynamic registration |
| Slash commands | 86 command directories | Registered via commands/ |
| Multi-agent | Swarm (Tmux/iTerm/in-process) | Sub-agent registry + ACP |
| LLM support | Anthropic Claude only | 30+ providers |
| Interfaces | CLI + IDE + Web + Mobile | 40+ channels + TUI + Web |
OpenClaw hasn’t been idle either — growing from 450K to 530K lines since our last analysis, adding ACP (Agent Control Plane), a TUI terminal interface, Canvas Host, image generation, media understanding, TTS voice synthesis, device pairing, secrets management, and more. Both projects are evolving at breakneck speed.
2. Agent Loop: Single-Threaded Minimalism vs Distributed Runtime
Claude Code: The Main Loop Codenamed nO
The leaked source reveals Claude Code’s core — a single-threaded agent loop in QueryEngine.ts. The design philosophy is radical simplicity: while(tool_call) → execute tool → feed results back → repeat. The loop naturally terminates when the model returns plain text with no tool calls.
An async dual-buffer queue (h2A) lets users inject new instructions in real-time while the agent is working. A context compressor (wU2) auto-triggers summarization at ~92% context window usage. A token budget tracker controls continuation at a 90% threshold, stopping when 3 consecutive increments fall below 500 tokens (diminishing returns).
// Task.ts — 7 task types hint at ambitions far beyond a CLI tool
export type TaskType =
| 'local_bash' // Local shell
| 'local_agent' // Local sub-agent
| 'remote_agent' // Remote agent
| 'in_process_teammate' // In-process teammate
| 'local_workflow' // Local workflow
| 'monitor_mcp' // MCP monitoring
| 'dream' // Dream mode (autonomous background execution)OpenClaw: New ACP (Agent Control Plane)
OpenClaw’s latest version introduces src/acp/ — an Agent Control Plane with an approval classifier, session mapper, policy engine, and event translator. OpenClaw is evolving from an “agent runtime” into an “agent management platform.”
src/acp/
├── approval-classifier.ts # Approval classifier
├── policy.ts # Policy engine
├── session-mapper.ts # Session mapping
├── translator.ts # Event translator
├── control-plane/ # Control plane core
└── runtime/ # ACP runtimeThe divergence remains clear: Claude Code chooses single-threaded + radical simplicity, OpenClaw chooses distributed + radical flexibility. But OpenClaw’s ACP module signals a push toward enterprise-grade agent orchestration.
3. Tool System: 42 Hand-Crafted Tools vs Plugin-Based Infinite Extension
Claude Code: BashTool Is the Crown Jewel
42 tools, each with its own directory. BashTool alone spans 18 files, implementing 7 layers of security: segmented command permissions, injection detection, dangerous command identification, mode validation, sandbox isolation, classifier approval, and subprocess environment variable scrubbing.
// Tool.ts — The tool base class interface is remarkably rich
interface Tool<Input, Output> {
call(input, context): Promise<Output>
isReadOnly(input): boolean
isDestructive?(input): boolean
checkPermissions(input, context): PermissionResult
toAutoClassifierInput(input): unknown // Input for auto-classifier
renderToolUseMessage(input): ReactNode // Terminal UI rendering
// ... 20+ methods
}OpenClaw: New Image Generation, Media Understanding, TTS
OpenClaw’s latest tool ecosystem has expanded significantly:
src/image-generation/— Image generation provider registry, multi-model supportsrc/media-understanding/— Audio transcription, video understanding, image analysissrc/tts/— Text-to-speech with multiple TTS providerssrc/web-search/— Standalone web search runtimesrc/link-understanding/— Link content understanding
OpenClaw’s tools aren’t 42 hand-crafted built-ins — they’re an extensible capability framework. Each capability module has its own provider registry, supporting plugin-based extension.
4. Multi-Agent: Visual Swarm vs Structured Sub-Agent Registry
Claude Code: A Complete Swarm System
This was the biggest surprise in the leaked source. 22 files implement full multi-agent collaboration:
- Team Lead orchestrates tasks, delegates to multiple Teammates
- Three backends: Tmux split panes, iTerm2 split panes, in-process
SendMessageToolenables peer-to-peer messaging between agentscoordinator/coordinatorMode.tsimplements coordinator mode- The
dreamtask type hints at autonomous background execution
OpenClaw: Sub-Agent Registry + Orphan Recovery
OpenClaw’s sub-agent system is also evolving. The latest code has 20+ subagent-registry related files, adding:
subagent-orphan-recovery.ts— Orphaned sub-agent recoverysubagent-registry-cleanup.ts— Registry cleanupsubagent-registry-persistence.ts— Persistencesubagent-announce-queue.ts— Announcement queue
The difference: Claude Code’s Swarm is visual (you can see multiple terminal panes working simultaneously), while OpenClaw’s multi-agent is structural (code defines strict hierarchies and lifecycles).
5. Prompt Orchestration: Claude Code’s Real Moat
The leaked source confirms: all of Claude Code’s “intelligence” comes from carefully orchestrated prompts. No special APIs, no proprietary protocols — CLAUDE.md, Skills, Memories are all injected as plain text into the context window.
prompts.ts contains 20+ section generator functions that dynamically assemble the system prompt, with a caching mechanism (systemPromptSection() computes once, DANGEROUS_uncachedSystemPromptSection() recomputes every turn but requires a stated reason).
The most explosive finding is the feature() function controlling unreleased capabilities — we found 89 distinct feature flags in the source, covering a massive set of built-but-unshipped features:
- PROACTIVE / KAIROS: Proactive mode, agent initiates actions autonomously
- COORDINATOR_MODE: One Claude orchestrating multiple Claudes
- TRANSCRIPT_CLASSIFIER: AFK mode, agent continues working when user is away
- ant-only internal tools: Available only to Anthropic employees
- VOICE_MODE: Voice command mode
- WEB_BROWSER_TOOL: Real browser control via Playwright
- KAIROS_DREAM: Autonomous background execution + self-wake
- KAIROS_GITHUB_WEBHOOKS: GitHub webhooks triggering agents
- Plus BUDDY (companion sprite), ULTRAPLAN, ULTRATHINK, VERIFICATION_AGENT, and dozens more
All of this code is already written — just excluded at compile time. Anthropic’s cadence of shipping a new feature every two weeks isn’t because they develop fast — it’s because everything is already done.
6. Security Model: Classifier Approval vs Code Enforcement
Claude Code’s Auto mode uses an independent classifier to approve each operation (classifier input strips tool results to prevent injection), backed by OS-level sandboxing. Three permission tiers: Plan (read-only), Default (confirm each action), Auto (classifier approval, labeled “research preview”).
OpenClaw uses code enforcement — tool profiles (minimal/coding/messaging/full), owner-only filtering, path traversal detection, and an exec approval system (src/infra/exec-approvals.ts with 20+ related files).
Neither trusts the model’s self-restraint. Claude Code uses another AI to supervise AI. OpenClaw uses code to constrain AI.
7. Easter Eggs
- 187 Spinner Verbs: From
ClaudingtoFlibbertigibbetingtoWhatchamacalliting— users can even customize them - Buddy Companion Sprite:
src/buddy/hides a terminal companion character with its own prompt and sprite graphics - Full Vim Engine: motions, operators, text objects, transitions — not just keybindings, a complete Vim implementation
- Bridge Remote Control: 30 files implementing phone/browser control of local Claude Code sessions, with JWT auth and trusted device management
8. Impact of the Leak & Personal Takeaways
Impact on Anthropic
This is the second time Claude Code has leaked via source maps (the first was February 2025). Making the same mistake twice points to a systemic gap in Anthropic’s CI/CD pipeline for build artifact verification. That said, the leak involves client implementation code — no model weights, no user data — so the direct security risk is limited.
The real impact is competitive intelligence. 510K lines of carefully crafted TypeScript, including complete prompt orchestration strategies, security model implementations, multi-agent collaboration architecture, and 89 feature flags controlling unreleased capabilities — all of Anthropic’s hard-won engineering know-how is now public.
Impact on the Chinese Tech Ecosystem: A Claude Code Clone Wave Is Coming
This is the point I most want to make.
The Claude Code source leak may impact China’s AI coding tool ecosystem more than it impacts Anthropic itself. The reason is simple: 510K lines of battle-tested TypeScript code is a ready-made product blueprint.
What we can expect:
- Major tech companies will move fast. Claude Code’s architecture (single-threaded main loop + prompt orchestration + tool system + multi-agent Swarm) is now a proven product pattern. Chinese AI coding tools (Tongyi Lingma, Doubao MarsCode, Baidu Comate, etc.) now have a detailed reference implementation.
- Open-source “tribute” projects will proliferate. People are already organizing the deobfuscated source on GitHub. Reimplementations in various languages will follow.
- Prompt orchestration methodology will be widely adopted. Claude Code’s 20+ dynamic section assembly, caching strategies, feature flag control — this prompt engineering methodology is more practical than any research paper.
- Security models will be studied and improved. BashTool’s 7-layer security checks, Auto mode’s classifier approval — these implementation details are valuable reference material for the entire industry’s agent security practices.
But let me also throw some cold water: copying architecture is easy; copying experience is hard. A huge portion of Claude Code’s 510K lines goes into Ink terminal rendering, Vim mode, theming, the Buddy sprite, 187 spinner verbs — all these “useless” details. It’s precisely these details that make Claude Code feel right. That product feel can’t be replicated by forking a repo.
Impact on OpenClaw
As an open-source project, OpenClaw may actually benefit from this leak. Two reasons:
- Design direction validated. Many of OpenClaw’s architectural decisions (plugin-based tool system, multi-model fallback, sub-agent depth control) have counterparts in Claude Code’s source. Two teams thinking independently arrived at similar conclusions.
- Differentiation is now crystal clear. Claude Code is a single-vendor, developer-focused polished tool; OpenClaw is a multi-vendor, multi-platform agent runtime. The leak turns this positioning difference from “speculation” into “confirmation.”
OpenClaw’s latest additions — ACP (Agent Control Plane), TUI, device pairing, secrets management — show it pushing toward enterprise agent platform territory, an area Claude Code doesn’t currently cover.
Personal Take
The biggest insight from this leak isn’t a technical detail — it’s a confirmation of product philosophy:
The core competitive advantage of AI agents isn’t the model. It’s the engineering.
Both Claude Code and OpenClaw are 500K-line TypeScript engineering efforts. Their “intelligence” comes from carefully orchestrated prompts, precisely controlled security boundaries, and extensive UX polish — not from some mysterious model capability.
This means the competition in AI agents is fundamentally a competition in engineering capability. Whoever can make prompt orchestration more precise, security models deeper, and user experience more polished — wins.
Models are infrastructure. Engineering is the moat.
This article is based on the Claude Code v2.1.88 source leaked on March 31, 2026 (1,884 TypeScript files, 512,664 lines of code) and OpenClaw’s latest main branch (3,044 non-test TypeScript files, ~530,000 lines of code). Previous article: Source-Level Teardown: OpenClaw vs Claude Code.
Disclaimer: This article is for technical analysis and academic discussion only. Analysis of the leaked Claude Code source is based on publicly available information.