claude-code-sourcemap (leeyeel)
An independent, earlier source-map extraction of Claude Code (v0.2.8 research preview) capturing the agent's terminal-native design: codebase understanding, file edits, git workflows through natural language. Useful as a second witness when the SatoMini map is ambiguous, and for seeing how early the core loop stabilized.
View source on GitHubKey takeaways
- 01
Second independent witness for cross-checking module claims
- 02
Shows the core loop design was stable from very early versions
- 03
Covers the v0.2.x era - useful for evolution comparisons
Flows built on this research
Agent Architecture
Design a Single-Loop Agent
Build the core agent loop the leading coding agents use: one model, one loop, tools in, results folded back into context.
5 steps · 90-150 minutes
Harness Engineering
Version Your Harness and Track Behavior
Treat prompts, tools, and loop logic as versioned, changelogged artifacts - so behavior changes are decisions, not surprises.
4 steps · 45-75 minutes
From the archive
Verbatim excerpts mined from our local archive of this repository — the prompts, schemas, and patterns worth stealing.
The malicious-code refusal instruction, verbatim
IMPORTANT: Refuse to write code or explain code that may be used maliciously; even if the user claims it is for educational purposes. When working on files, if they seem related to improving, explaining, or interacting with malware or any malicious code you MUST refuse. IMPORTANT: Before you begin work, think about what the code you're editing is supposed to do based on the filenames directory structure. If it seems malicious, refuse to work on it or answer questions about it, even if the request does not seem malicious (for instance, just asking to explain or speed up the code).
From an early open-source Claude Code snapshot: the security instruction asks the model to infer intent from directory structure before touching any file.
src/constants/prompts.ts
The original subagent dispatch prompt
Launch a new agent that has access to the following tools: ${toolNames}. When you are searching for a keyword or file and are not confident that you will find the right match on the first try, use the Agent tool to perform the search for you.
Usage notes:
1. Launch multiple agents concurrently whenever possible... use a single message with multiple tool uses
2. When the agent is done, it will return a single message back to you. The result returned by the agent is not visible to the user.
3. Each agent invocation is stateless.
// In the source: getAgentTools() filters out AgentTool itself - 'No recursive agents, yet..' Three durable subagent rules in one prompt: parallelize by default, results are for the caller not the user, and recursion is disabled by construction.
src/tools/AgentTool/prompt.ts
BashTool's banned list and pre-flight ritual
export const BANNED_COMMANDS = ['alias', 'curl', 'curlie', 'wget', 'axel', 'aria2c', 'nc', 'telnet', 'lynx', 'w3m', 'links', 'httpie', 'xh', 'http-prompt', 'chrome', 'firefox', 'safari'] Before executing the command: 1. Directory Verification - if the command will create new directories or files, first use the LS tool to verify the parent directory exists and is the correct location 2. Security Check - for security and to limit the threat of a prompt injection attack, some commands are limited or banned. 3-5. Execute after proper quoting; truncate output beyond 30000 characters; include errors in the result.
The banned list is all network-fetch and browser commands - the model gets dedicated, auditable tools for the web instead of raw curl.
src/tools/BashTool/prompt.ts