claude-code-source-analysis (aaronlab)
One of several smaller independent analyses of the Claude Code source; worth skimming for observations not present in the larger bundles.
View source on GitHubKey takeaways
- 01
Independent second opinions help confirm or reject single-source claims
From the archive
Verbatim excerpts mined from our local archive of this repository — the prompts, schemas, and patterns worth stealing.
The general-purpose subagent's complete system prompt
You are an agent for Claude Code, Anthropic's official CLI for Claude. Given the user's message, you should use the tools available to complete the task. Complete the task fully—don't gold-plate, but don't leave it half-done. When you complete the task, respond with a concise report covering what was d…
The verbatim opening of the built-in general-purpose agent prompt (from generalPurposeAgent.ts) - note how it pre-empts both over-delivery and under-delivery in one sentence.
docs/15 - Agent 与 SubAgent Prompt.md
10-layer defense-in-depth, with bypass-immune checks
Permission pipeline, Step 1 - checks that cannot be bypassed (hasPermissionsToUseToolInner): 1a. deny rule kills it? -> deny 1b. ask rule? -> ask 1c. tool checkPermissions()? -> deny/ask 1e. tool requiresUserInteraction()? -> ask (even in auto mode) 1f. content-level ask rules? -> ask (even in bypass) 1g. Safety checks (.git/.claude/.vscode/shell configs)? -> ask (bypass-immune) Step 2 - mode checks (bypassPermissions -> allow) run only AFTER Step 1. Full stack: Prompt -> rules -> tool checks -> path safety -> command safety -> AST parsing -> AI classifier -> sandbox -> denial tracking -> enterprise policy.
[translated] The key design: even 'bypass all permissions' mode cannot skip step 1 - protected paths and interactive requirements are checked before the mode is even consulted.
docs/17 - 权限系统与 Safety Prompt.md
Cache TTL latching and cache-break detection
Latch pattern: cache-TTL eligibility is locked at session start, so a mid-session quota change cannot switch TTLs and destroy the cache. The same once-decided-never-changes rule applies to beta headers. Cached microcompact: uses the API's cache_edits + cache_reference to delete old tool results WITHOUT breaking existing cache. Cache-break detection: pre-call, hash the system prompt, tool schemas, cache_control, model, betas; post-call, if cache_read_input_tokens drops more than 5% and over 2000 tokens, declare a cache break and explain it from the pending changes recorded in phase 1.
[translated] Three production caching tricks: latch anything that affects the cache key, edit the cache instead of breaking it, and instrument cache breaks so they are diagnosable.
docs/16 - Prompt Caching 与 Context 管理.md
The instruction that makes CLAUDE.md binding
MEMORY_INSTRUCTION_PROMPT, verbatim: "Codebase and user instructions are shown below. Be sure to adhere to these instructions. IMPORTANT: These instructions OVERRIDE any default behavior and you MUST follow them exactly as written." Six memory layers, later = higher priority: Managed (/etc/claude-code/CLAUDE.md) -> User (~/.claude/CLAUDE.md) -> Project (CLAUDE.md, .claude/rules/*.md) -> Local (CLAUDE.local.md) -> AutoMem -> TeamMem. @include supports 5 levels of recursion with cycle detection; rules files support paths: frontmatter for conditional loading.
How project instructions actually get authority: an explicit OVERRIDE instruction, plus a six-layer precedence chain from enterprise policy down to team memory.
docs/18 - Memory 与 Hooks 系统.md