72,000 Stars in Days: The Open-Source Claude Code Rewrite That Developers Actually Wanted

The Leak That Launched a Thousand Forks

On March 31, 2026, security researcher Chaofan Shou discovered something unusual inside the npm package @anthropic-ai/claude-code v2.1.88: a 59.8 MB JavaScript source map file containing approximately 512,000 lines of TypeScript across 1,906 source files. The complete internal architecture of Anthropic's Claude Code agent harness — production code, not pseudocode — was sitting in a public registry, accessible to anyone with npm install.

Within hours, Anthropic issued DMCA takedowns. Within the same morning, Sigrid Jin — a Korean developer profiled by the Wall Street Journal as one of the world's most active Claude Code users, having consumed over 25 billion tokens — had already finished a clean-room Python rewrite of the core architecture. He called it Claw Code.

The repository hit 30,000 stars faster than any project in GitHub history. It crossed 72,000 within days.

What Claw Code Actually Is

This isn't a mirror of the leaked code. Claw Code is a ground-up reimplementation, built without copying proprietary source — architecturally informed but legally independent. The stack is Python (27.1%) for agent orchestration and LLM integration, and Rust (72.9%) for performance-critical runtime paths. A full Rust migration branch is in progress.

What the project delivers is the *harness layer* — the part of an AI coding agent that most proprietary tools treat as a black box:

• Plugin-based tool system with 19 permission-gated tools (file I/O, bash execution, Git ops, web scraping, LSP integration)
• Query engine managing LLM API calls, response streaming, caching, multi-step orchestration, and configurable budget controls
• Multi-agent orchestration — the framework can spawn parallel sub-agents ("swarms") to decompose complex engineering tasks
• Full MCP integration with 6 transport types (Stdio, SSE, HTTP, WebSocket, SDK, ClaudeAiProxy)
• Provider-agnostic design supporting Claude, OpenAI, and local models — not locked to Anthropic
• 15 slash commands including /compact, /model, /permissions, /cost, /session

The codebase is fully auditable. You can trace every tool invocation, inspect every permission gate, and fork the entire runtime. That's the point.

Who It's For

Claw Code is not a Cursor replacement or a casual IDE plugin. It's infrastructure.

The primary audience is developers who need to build on top of agent systems — teams running autonomous coding pipelines, researchers studying agent architecture, platform engineers who need audit trails, and anyone who's hit a wall with the opacity of proprietary agentic tooling. The provider-agnostic design means you can point it at a local model and run it entirely air-gapped.

For power users of Claude Code specifically, Claw Code also reveals what was under the hood: KAIROS Mode (proactive, continuously-running assistant logic), ULTRAPLAN Mode (offloading complex planning to cloud containers with Opus-class models), and autoDream (background memory consolidation running as a forked sub-agent). The leak exposed that Anthropic has 44 compiled feature flags, 20 of which remain disabled for external users.

What the Adoption Curve Is Telling Us

72,000 stars in days isn't just an impressive vanity metric. It's a market signal with three clear readings.

First: The harness layer is the product. The model quality race has compressed — the delta between frontier models is shrinking. What differentiates real-world AI coding tools now is architecture: how context flows, how tools chain, how memory persists, how agents fail gracefully. Developers understand this, and they've been waiting for an open version.

Second: Inspectability is a first-class requirement. Enterprise developers cannot ship black-box agents into production pipelines. Audit trails, permission controls, observable tool invocations — these aren't nice-to-haves. The demand for Claw Code is partly a demand for *explainable* agent behavior.

Third: The community can move at model speed. Sigrid Jin rewrote the core architecture of a production-grade AI coding agent *in one morning*, using an AI orchestration tool (oh-my-codex) with parallel review modes. This is what AI-assisted development at full leverage looks like in 2026. The meta-story is almost as significant as the project itself: Claw Code was built using the exact category of tools it represents.

The Security Footnote You Shouldn't Skip

There's a supply-chain attack dimension that deserves explicit mention. During the 00:21–03:29 UTC window on March 31, 2026, some npm-based Claude Code installations received a malicious version of the axios package containing a remote access trojan. If your lockfiles reference axios versions 1.14.1 or 0.30.4 from that window, treat the host as compromised: rotate credentials, audit access logs, clean reinstall. Anthropic has since deprecated npm distribution in favor of a native installer.

Claw Code itself is auditable by design. The broader ecosystem around the leak is not automatically safe.

Bottom Line

Claw Code is the right project at the right moment. It turns the most consequential architecture leak in AI tooling history into something constructive: an open, extensible foundation that the developer community can actually build on. The 72,000 stars are a vote. Developers want to see the machinery. They want to modify it. They want to run it on their own infrastructure, with their own models, with full observability.

The harness layer was always the secret. Now it isn't.

--- *Claw Code is available at github.com/instructkr/claw-code and claw-code.codes. The project is open source and actively developed.*