The two-day secrecy half-life
Claude Fable 5's hidden 120,000-character rulebook was sitting in a public GitHub archive about two days after the model shipped — and it has company from 30 other coding agents.
When Anthropic released Claude Fable 5 in June, the instructions that govern how it behaves — roughly a novella's worth of behavioral rules, about 120,000 characters — were never meant to be read by users. They were public within two days, posted to a GitHub archive that does this to every major coding agent: Cursor, Devin, Windsurf, v0, Replit, Perplexity, thirty-odd in all.
A system prompt is now a publish-on-launch document whether its author intends it or not.
The genuinely useful part isn't the prose. Alongside the prompt text sit the JSON tool-definition files — the exact menu of functions each agent is allowed to call, and how its makers chose to structure them. You can open Cursor's tool schema next to a rival's and read, side by side, two shipping teams' answers to the same engineering problem. For anyone building an agent, it's a corpus of working reference designs that the vendors never published.
The commit history is the other tell. It runs as a changelog of vendors quietly rewriting their own hidden instructions — Windsurf alone has shipped roughly eleven rounds of tool-definition revisions, a visible fingerprint of production failure-modes being patched in real time.
What the archive proves is that a vendor's system prompt has essentially no secrecy half-life. The competitive moat people imagine in these instructions evaporates in days; the prompt that ships is the prompt the whole field can read by the weekend.
Open the repo's tool-definition JSON for Cursor and read how a shipping agent declares the functions it's allowed to call — that's the part vendors never document.
Open the repo at github.com →The lenses
The facts
How this connects
Tap a node to open it