Dive into Claude Code

Claude Code answers four design questions that every production coding agent must face:

The system decomposes into 7 components (User → Interfaces → Agent Loop → Permission System → Tools → State & Persistence → Execution Environment) across 5 architectural layers.

↑ Back to top

The architecture traces from 5 human values through 13 design principles to implementation:

The paper also applies a sixth evaluative lens -- long-term capability preservation -- citing evidence that developers in AI-assisted conditions score 17% lower on comprehension tests.

↑ Back to top

The core is a ReAct-pattern while-loop: assemble context → call model → dispatch tools → check permissions → execute → repeat. Implemented as an AsyncGenerator yielding streaming events.

Before every model call, five compaction shapers run sequentially (cheapest first): Budget Reduction → Snip → Microcompact → Context Collapse → Auto-Compact.

9-step pipeline per turn: Settings resolution → State init → Context assembly → 5 pre-model shapers → Model call → Tool dispatch → Permission gate → Tool execution → Stop condition

Two execution paths:

• StreamingToolExecutor -- begins executing tools as they stream in (latency optimization)
• Fallback runTools -- classifies tools as concurrent-safe or exclusive

Recovery: Max output token escalation (3 retries), reactive compaction (once per turn), prompt-too-long handling, streaming fallback, fallback model

5 stop conditions: No tool use, max turns, context overflow, hook intervention, explicit abort

↑ Back to top

7 permission modes form a graduated trust spectrum: plan → default → acceptEdits → auto (ML classifier) → dontAsk → bypassPermissions (+ internal bubble).

Deny-first: A broad deny always overrides a narrow allow. 7 independent safety layers from tool pre-filtering through shell sandboxing to hook interception. Permissions are never restored on resume -- trust is re-established per session.

↑ Back to top

Four mechanisms at graduated context costs: Hooks (zero) → Skills (low) → Plugins (medium) → MCP (high). Three injection points in the agent loop: assemble() (what the model sees), model() (what it can reach), execute() (whether/how actions run).

Tool pool assembly (5-step): Base enumeration (up to 54 tools) → Mode filtering → Deny pre-filtering → MCP integration → Deduplication

27 hook events across 5 categories with 4 execution types (shell, LLM-evaluated, webhook, subagent verifier)

Plugin manifest accepts 10 component types: commands, agents, skills, hooks, MCP servers, LSP servers, output styles, channels, settings, user config

Skills: SKILL.md with 15+ YAML frontmatter fields. Key difference -- SkillTool injects into current context; AgentTool spawns isolated context.

↑ Back to top

9 ordered sources build the context window. CLAUDE.md instructions are delivered as user context (probabilistic compliance), not system prompt (deterministic). Memory is file-based (no vector DB) -- fully inspectable, editable, version-controllable.

4-level CLAUDE.md hierarchy: Managed (/etc/) → User (~/.claude/) → Project (CLAUDE.md, .claude/rules/) → Local (CLAUDE.local.md, gitignored)

5-layer compaction (graduated lazy-degradation): Budget reduction → Snip → Microcompact → Context Collapse (read-time projection, non-destructive) → Auto-Compact (full model summary, last resort)

Memory retrieval: LLM-based scan of memory-file headers, selects up to 5 relevant files. No embeddings, no vector similarity.

↑ Back to top

6 built-in types (Explore, Plan, General-purpose, Guide, Verification, Statusline) + custom agents via .claude/agents/*.md. Sidechain transcripts: only summaries return to parent (parent's context is protected from subagent verbosity). Three isolation modes: worktree, remote, in-process. Coordination via POSIX flock().

SkillTool vs AgentTool: SkillTool injects into current context (cheap). AgentTool spawns isolated context (expensive, but prevents context explosion).

Permission override: Subagent permissionMode applies UNLESS parent is in bypassPermissions/acceptEdits/auto (explicit user decisions always take precedence).

Custom agents: YAML frontmatter supports tools, disallowedTools, model, effort, permissionMode, mcpServers, hooks, maxTurns, skills, memory scope, background flag, isolation mode.

↑ Back to top

Three channels: append-only JSONL transcripts, global prompt history, subagent sidechains. Permissions never restored on resume -- trust is re-established per session. Design favors auditability over query power.

Chain patching: Compact boundaries record headUuid/anchorUuid/tailUuid. The session loader patches the message chain at read time. Nothing is destructively edited on disk.

Checkpoints: File-history checkpoints for --rewind-files, stored at ~/.claude/file-history/<sessionId>/.

↑ Back to top

New agent-system developments reinforce the same lesson surfaced by Claude Code: agent capability is not a model property alone. It emerges from the runtime, context layer, execution boundary, tool supply chain, human control surface, and evaluation loop around the model.

These signals do not replace Claude Code's design space; they make its boundaries clearer. The agent loop is the small part. The harness around it is where most capability, safety, and reliability decisions now live. For month-level source notes, see docs/agent-design-space-source-notes_zh.md.

↑ Back to top

Not a coding tutorial. A guide to the design decisions you must make, derived from architectural analysis.

Every production agent must navigate these decisions:

Read the full guide: docs/build-your-own-agent.md

↑ Back to top

The same recurring design questions admit different architectural answers when the deployment context changes. The table below contrasts Claude Code v2.1.88 with two notable peers — OpenClaw, a local-first multi-channel personal-assistant gateway, and NousResearch/hermes-agent, a self-improving multi-deployment agent — across the six design dimensions Section 10 of the paper uses for the OpenClaw comparison. Cells are source-grounded; this is not a feature scoreboard.

Design Dimension	Claude Code (v2.1.88)	OpenClaw	Hermes-Agent
System scope & deployment	Per-user CLI / SDK / IDE interface for coding; one queryLoop async generator across entry points.	Local-first WebSocket gateway (default port 18789, loopback-bound by default; other binds available); routes ~23 messaging surfaces to an embedded agent runtime; companion apps for macOS, iOS, Android.	Three entry points: hermes (interactive CLI), hermes-agent (programmatic runtime), hermes-acp (ACP server); gateway adapters route messages to per-session AIAgent instances cached LRU-style (max 128, 1 h idle TTL); also runs as MCP server via hermes mcp serve.
Trust model & security	Deny-first per-action evaluation; 7 permission modes; LLM-based auto-mode classifier (yoloClassifier / sideQuery); session-scoped permission state (session bypass flag, app allowlist state) is not restored on resume.	Single trusted operator per gateway; DM pairing codes, sender allowlists, gateway authentication; per-agent allow / deny tool policy; opt-in sandboxing via Docker / SSH / OpenShell, off by default; non-main mode sandboxes only non-main sessions; hostile multi-tenant isolation explicitly not supported.	Dangerous-command pattern detection with per-session approval state; CLI interactive prompts and gateway async prompts; auxiliary-LLM smart approval auto-approves low-risk commands; permanent allowlist persisted in config.yaml; subagent worker threads default to auto-deny dangerous commands (opt-in subagent_auto_approve for batch / cron runs).
Agent runtime & tools	Single queryLoop async generator with streamed event yields; environment- and feature-gated tool registry; before-API compaction (Snip, Microcompact, Context Collapse, Auto-Compact) runs conditionally, with Auto-Compact first attempting session-memory compaction.	Embedded agent runtime inside the gateway's RPC dispatch (the agent RPC validates parameters, accepts immediately, runs asynchronously, and streams lifecycle / stream events back over the gateway protocol); per-session queue serialization with an optional global lane.	While-loop with explicit per-turn iteration budget and grace-call slot; per-turn checkpoint dedup; gateway step_callback hook fires on each iteration; auxiliary-model context compression summarizes middle turns while protecting head and tail.
Extension architecture	Four mechanisms at graduated context cost: hooks → skills → plugins → MCP; 27 hook events; 10 plugin component types.	Manifest-first plugin system with 12 documented capability categories; central registry exposes tools, channels, provider setup, hooks, HTTP routes, CLI commands, services; separate skills layer with multiple sources (workspace highest precedence) plus the ClawHub public registry; openclaw mcp provides both an MCP server surface and an outbound client registry for other MCP servers.	12 bundled plugins under plugins/ (context_engine, disk-cleanup, example-dashboard, google_meet, hermes-achievements, image_gen, kanban, memory, observability, platforms, spotify, strike-freedom-cockpit); MCP server (mcp_serve.py) exposes 10 tools; ACP adapter (acp_adapter/) exposes Hermes as an ACP server.
Memory & context	4-level CLAUDE.md hierarchy; before-API compaction (Snip, Microcompact, Context Collapse, Auto-Compact); LLM-based selection from file-based Markdown memory files.	Workspace bootstrap files (AGENTS.md, SOUL.md, TOOLS.md, IDENTITY.md, USER.md) plus conditional BOOTSTRAP.md / HEARTBEAT.md / MEMORY.md; separate memory system (MEMORY.md, daily notes under memory/YYYY-MM-DD.md, optional DREAMS.md); hybrid vector + keyword search when an embedding provider is configured; experimental dreaming for long-term promotion; pluggable compaction providers.	SQLite state store with FTS5 full-text search and WAL-mode concurrent readers; sessions linked by parent_session_id chains for compression-triggered splits; 8 swappable memory backends under plugins/memory/ (byterover, hindsight, holographic, honcho, mem0, openviking, retaindb, supermemory); auxiliary-LLM compression as a separate context-management layer.
Multi-agent architecture	Sub-agent delegation via sidechain transcripts; 6 built-in agent definitions (availability conditional on build / mode) plus custom; a single summary message returns to parent (in-process / viewable transcript cases preserve more internal detail); agent-isolation settings include worktree and remote, with an in-process teammate backend in the swarm path.	Two layers. (1) Multi-agent routing: per-channel isolated agents with their own workspace, auth profiles, session store, and model configuration, dispatched via deterministic binding rules. (2) Sub-agent delegation: maxSpawnDepth range 1–5, default 1, recommended 2; tool policy varies by depth; project vision (VISION.md) rejects agent-hierarchy frameworks as the default.	delegate_task tool spawns child AIAgent instances in a ThreadPoolExecutor (parent blocks until children complete); each child has fresh conversation history, its own task_id, and a restricted toolset (DELEGATE_BLOCKED_TOOLS strips delegate_task, clarify, memory, send_message, execute_code); default depth MAX_DEPTH = 1 (configurable up to cap 3); default 3 concurrent children.

What this contrast reveals. Three observations follow from the table. First, deployment context drives the rest of the design: a per-user coding CLI converges on per-action approval and a single execution loop, a multi-channel gateway converges on perimeter trust and channel-bound agents, and a multi-deployment messaging-and-cloud agent converges on opt-in container/cloud isolation, an LLM-based smart approval, and a swappable-backend memory layer. Second, the extension layer is where each system most clearly differentiates: Claude Code stratifies four mechanisms by context cost, OpenClaw treats extension as registry-managed capabilities at the gateway, and Hermes-Agent ships bundled plugins plus dual MCP server / ACP server surfaces other agents can connect to. Third, memory architectures sit on a spectrum: file-based and inspectable Markdown (Claude Code), file-based plus optional vector + experimental dreaming (OpenClaw), or full-text indexed (FTS5) plus eight swappable plugin backends including dedicated vector / RAG providers (Hermes-Agent). The table is best read not as a scoreboard but as three different fixed points in the same design space.

↑ Back to top

A curated map of the repos, reimplementations, and academic papers surrounding Claude Code's architecture.

Official Anthropic Resources

Primary sources referenced throughout the paper — Anthropic's own engineering and research publications, plus product documentation.

Research & Engineering Blogs

Product Documentation

Architecture Analysis

Deep dives into Claude Code's internal design.

Repository	Description
ComeOnOliver/claude-code-analysis	Comprehensive reverse-engineering: source tree structure, module boundaries, tool inventories, and architectural patterns.
alejandrobalderas/claude-code-from-source	18-chapter technical book (~400 pages). All original pseudocode, no proprietary source.
liuup/claude-code-analysis	Chinese-language deep-dive — startup flow, query main loop, MCP integration, multi-agent architecture.
sanbuphy/claude-code-source-code	Quadrilingual analysis (EN/JA/KO/ZH) — multi-domain reports covering telemetry, codenames, KAIROS, unreleased tools.
cablate/claude-code-research	Independent research on internals, Agent SDK, and related tooling.
Yuyz0112/claude-code-reverse	Visualize Claude Code's LLM interactions — log parser and visual tool to trace prompts, tool calls, and compaction.
Piebald-AI/claude-code-system-prompts	Version-tracked prompt corpus across 170+ Claude Code releases — main system prompt, builtin tool descriptions, sub-agent prompts (Plan/Explore/Task), and ~40 system reminders. Updated within minutes of each release.

Open-Source Reimplementations

Clean-room rewrites and buildable research forks.

Repository	Description
chauncygu/collection-claude-code-source-code	Meta-collection of community Claude Code source artifacts -- includes claw-code (Rust port), nano-claude-code (Python), and the extracted original source archive.
777genius/claude-code-working	Working reverse-engineered CLI. Runnable with Bun, 450+ chunk files, 31 feature flags polyfilled.
T-Lab-CUHKSZ/claude-code	CUHK-Shenzhen buildable research fork — reconstructed build system from raw TypeScript snapshot.
ruvnet/open-claude-code	Nightly auto-decompile rebuild — 903+ tests, 25 tools, 4 MCP transports, 6 permission modes.
Enderfga/openclaw-claude-code	OpenClaw plugin — unified ISession interface for Claude/Codex/Gemini/Cursor. Multi-agent council.
memaxo/claude_code_re	Reverse engineering from minified bundles — deobfuscation of the publicly distributed cli.js file.
agentforce314/clawcodex	Python rebuild with multi-provider LLM support.

Claude Code Guides & Learning

Tutorials and hands-on learning paths for Claude Code itself.

Repository	Description
shareAI-lab/learn-claude-code	"Bash is all you need" — 19-chapter 0-to-1 course with runnable Python agents, web platform. ZH/EN/JA.
FlorianBruniaux/claude-code-ultimate-guide	Beginner-to-power-user guide with production-ready templates, agentic workflow guides, and cheatsheets.
affaan-m/everything-claude-code	Agent harness optimization — skills, instincts, memory, security, and research-first development.

General Harness Engineering Design Space Resources

External resources that complement this paper's design-space analysis — concept essays, curricula, and code that illuminate the harness layer as an engineering practice.

Repository	Description
deusyu/harness-engineering	Learning archive — original concept essays, independent thinking pieces, and curated translations of harness-engineering writing; from concept to independent practice.
walkinglabs/learn-harness-engineering	Project-based English course with PDF coursebooks, syllabus, and capstone, organized around five harness subsystems: instructions, state, verification, scope, and session lifecycle.
china-qijizhifeng/agentic-harness-engineering	Observability system that auto-evolves a coding agent's harness — a meta-agent reads execution traces and rewrites system prompts, tools, middleware, skills, sub-agents, and memory.
ZhangHanDong/harness-engineering-from-cc-to-ai-coding	The "Horse Book" (《马书》) — Chinese mdBook framing Claude Code v2.1.88 as a Harness Engineering case study; covers architecture, prompt engineering, context management, prompt cache, security, and lessons for builders.

Blog Posts & Technical Articles

Cross-Vendor Code-Agent Engineering

Official engineering posts from other vendors building code agents — useful for seeing how the same design questions are answered outside Claude Code.

Related Academic Papers

How This Paper Differs

While the projects above focus on engineering reverse-engineering or practical reimplementation, this paper provides a systematic values → principles → implementation analytical framework — tracing five human values through thirteen design principles to specific source-level choices, and using OpenClaw comparison to reveal that cross-cutting integrative mechanisms, not modular features, are the true locus of engineering complexity.

See the full curated list with more resources: docs/related-resources.md

↑ Back to top

A broader map of the agent design space surrounding Claude Code. The Cross-System Comparison above analyzes the three closest peers (Claude Code, OpenClaw, Hermes-Agent) in depth; the entries below give wider context across coding-agent peers, frameworks, memory systems, harness extensions, the MCP ecosystem, and specialized agents.

Coding Agent CLIs and IDE Harnesses

Repository	Launch	Focus
openclaw/openclaw	Jan 2026	Local-first personal AI assistant across messaging platforms. (Section 10 analysis)
NousResearch/hermes-agent	Feb 2026	Self-improving personal agent with cross-session memory. (Section 10 analysis)
opensquilla/opensquilla	Jun 2026	Token-efficient microkernel personal agent across CLI, Web UI, and chat channels; ML-classifier routing across four model cost tiers, local Markdown+SQLite memory (MEMORY.md plus dated notes with keyword and vector recall), and Bubblewrap/Seatbelt sandbox.
pewdiepie-archdaemon/odysseus	Jun 2026	Self-hosted, local-first AI workspace from PewDiePie: autonomous agents with tools, MCP, and shell access, plus memory, deep research, and hardware-aware model serving. AGPL-3.0.
sst/opencode	Jun 2025	Provider-agnostic terminal coding agent with ACP integration.
Aider-AI/aider	2023	Pair-program with LLMs in the terminal; works with most popular models.
continuedev/continue	2023	Source-controlled AI checks for IDEs with an open-source Continue CLI.
google-gemini/gemini-cli	2025	Google's open-source terminal coding agent with ReAct loop and MCP support.
openai/codex	2025	OpenAI's local terminal coding agent in Rust.
OpenHands/OpenHands	2024	Open SWE agent platform (formerly OpenDevin) with sandboxed runtime.
cline/cline	2024	VS Code agent with explicit Plan/Act oversight loop.
block/goose	2025	Block's open-source, editor-agnostic agent with MCP-style extensions.
charmbracelet/crush	2025	Agentic coding TUI in Go with multi-LLM provider abstraction.
RooCodeInc/Roo-Code	2024	VS Code multi-agent dev-team with Architect, Coder, and Reviewer modes.
bytedance/trae-agent	2025	ByteDance's modular SWE-bench-oriented agent for software engineering tasks.
github/copilot-cli	2026	GitHub Copilot's GA agentic terminal CLI; plans, builds, reviews.
badlogic/pi-mono	Aug 2025	Monorepo coding-agent toolkit — unified LLM API, TUI + web UI; OpenClaw embeds the pi-coding-agent SDK from here.

Agent Frameworks and Orchestration

Repository	Launch	Focus
geekan/MetaGPT	2023	Role-based multi-agent software-company simulation (ICLR 2024 oral).
microsoft/autogen	2023	Microsoft Research multi-agent conversation framework (COLM 2024).
langchain-ai/langgraph	2024	Stateful graph-based multi-agent orchestration with checkpointing.
openai/openai-agents-python	2024	OpenAI's lightweight multi-agent framework with handoffs and guardrails.
crewAIInc/crewAI	2023	Lean Python framework for role-based multi-agent collaboration, independent of LangChain.
openai/symphony	Feb 2026	OpenAI's orchestration for isolated, autonomous implementation runs.
ComposioHQ/agent-orchestrator	2025	Orchestration layer for parallel AI agents with git worktree isolation.
coleam00/Archon	Feb 2025	Deterministic harness — YAML-defined workflows with execution audit trail.
bytedance/deer-flow	2026	ByteDance's long-horizon "SuperAgent" harness: subagents, memory, sandboxes, skills, and a message gateway; a ground-up rewrite on LangGraph/LangChain.

Memory and Persistent Context

Repository	Launch	Focus
mem0ai/mem0	2024	Production memory layer with LoCoMo and LongMemEval benchmarks (arXiv:2504.19413).
letta-ai/letta	2023	Stateful-agent platform with OS-style hierarchical memory paging (formerly MemGPT, COLM 2024).
MemPalace/mempalace	2026	Local-first memory system for AI agents.

Skills and Harness Extensions

Repository	Launch	Focus
addyosmani/agent-skills	2025	22 lifecycle skills + slash commands (/spec, /plan, /build, /test, /review, /ship).
obra/superpowers	2025	Cross-harness mandatory-workflow skills framework (Claude Code, OpenCode, Codex).
mattpocock/skills	2026	Author's everyday .claude/skills collection for real engineering -- composable TDD, diagnose, and to-issues/to-prd skills; model-agnostic, targeting Claude Code, Codex, and other coding agents.
multica-ai/andrej-karpathy-skills	2026	Single CLAUDE.md encoding Andrej Karpathy's four LLM-coding rules (think before coding, simplicity first, surgical changes, goal-driven execution); installable as a plugin or per-project.
lsdefine/GenericAgent	2025	Minimal self-evolving autonomous agent framework — 9 atomic tools + ~100-line ReAct loop.

MCP Ecosystem

Repository	Launch	Focus
PrefectHQ/fastmcp	2024	Pythonic framework for building MCP servers and clients; de facto SDK.
upstash/context7	2025	Up-to-date library-documentation MCP server for LLMs and AI code editors.
microsoft/playwright-mcp	2024	Microsoft's official MCP server using accessibility-tree snapshots.

Specialized and Domain Agents

Repository	Launch	Focus
666ghj/MiroFish	Mar 2026	Multi-agent swarm-intelligence simulation engine.
multica-ai/multica	2026	Managed-agents platform for task assignment and skill compounding.
HKUDS/nanobot	Feb 2026	Ultra-lightweight personal AI agent from HKU-DS.
HKUDS/OpenHarness	Apr 2026	Open agent harness with built-in personal agent (Ohmo); academic harness reference.
karpathy/autoresearch	Mar 2026	Andrej Karpathy's autonomous AI-agent loop running nanochat training research on a single GPU.
HKUDS/CLI-Anything	Mar 2026	"Making ALL Software Agent-Native" — wraps arbitrary software as agent-callable tools.
Panniantong/Agent-Reach	Feb 2026	CLI giving agents access to Twitter, Reddit, YouTube, GitHub, Bilibili, Xiaohongshu.
agentscope-ai/QwenPaw	Feb 2026	Personal AI assistant from the AgentScope team.
cft0808/edict	Feb 2026	OpenClaw-based multi-agent orchestration on Tang-dynasty Three Departments and Six Ministries (三省六部制) bureaucracy.

↑ Back to top