Claude Code
Anthropic's terminal-based coding agent. A single Claude model in a ReAct loop with access to ~18 built-in tools, sub-agent delegation, and a tiered permission system. Open source.
Architecture
Core Loop
Claude Code runs a ReAct loop — the model reasons about the current state, selects a tool, observes the result, and repeats. Every turn is a full LLM call with the entire conversation context, tool definitions, and system instructions.
The system prompt includes ~18 tool definitions, behavioral instructions, CLAUDE.md project context, and auto-memory contents. Tool results feed back into the next iteration of the loop.
There is no separate planner or router model. A single Claude instance handles reasoning, tool selection, and output generation.
Tool System
Tools are defined in the system prompt as function schemas. The model outputs structured tool calls, the runtime executes them, and results are appended to the conversation.
| Category | Tools |
|---|---|
| Read | Read, Glob, Grep |
| Write | Edit, Write, NotebookEdit |
| Execute | Bash |
| Web | WebFetch, WebSearch |
| Planning | TodoWrite, EnterPlanMode, ExitPlanMode |
| Interaction | AskUserQuestion |
| Delegation | Task (sub-agents) |
Read-only tools require no approval. File modifications require per-session approval. Bash commands require per-command approval with optional permanent project-level rules.
Sub-Agent System
The Task tool spawns sub-agents — isolated Claude instances with their own context window, system prompt, and tool access. Sub-agents cannot see the parent's full context; they receive a task description and return a summary.
| Agent | Purpose | Tools |
|---|---|---|
| Explore | Codebase search and exploration | Read, Glob, Grep, WebFetch |
| Plan | Architecture and implementation planning | Read, Glob, Grep (no write) |
| Bash | Command execution | Bash only |
| Custom | User-defined in .claude/agents/ | Configurable |
Sub-agents protect the main context window from pollution. A deep codebase search might consume thousands of tokens; the sub-agent handles this internally and returns a concise result.
Permission Model
A three-tier permission system with human-in-the-loop controls:
| Tier | Tools | Approval |
|---|---|---|
| Read-only | File reads, search | None required |
| File modification | Edit, Write | Per-session |
| Execution | Bash commands | Per-command (with permanent allow rules) |
Permission rules follow a deny > ask > allow precedence. Rules can be scoped with glob patterns (Bash(npm run *)) and configured at user, project, or managed (enterprise) levels.
Permission modes range from default (prompt on first use) through plan (read-only) to bypassPermissions (no prompts, containers only).
Context Management
CLAUDE.md — project-level instructions injected into every prompt. Functions as the agent's persistent knowledge of the codebase: build commands, conventions, architecture notes. Loaded from project root, user home, and parent directories.
Auto-memory — a MEMORY.md file that the agent reads and updates across sessions. The first 200 lines are included in the system prompt. Used for stable patterns, not session-specific state.
Context compaction — when the context window fills, older messages are automatically summarized. The system preserves key details (file paths, error messages, task state) while compressing verbose tool outputs.
TodoWrite — for complex tasks, the agent creates a structured task list with status tracking (pending, in_progress, completed). This externalizes the plan and survives context compaction.
Plan Mode
A read-only mode where the agent explores the codebase and writes a plan to a markdown file before executing. The plan is written to disk, reviewed by the user, and then executed.
The enforcement is prompt-based — the system prompt instructs the agent not to use write tools. When the user approves the plan, the agent exits plan mode and gains write access.
Hooks
Shell commands that execute in response to agent events. Used for custom validation, automation, and permission logic.
| Hook | Fires When |
|---|---|
| PreToolUse | Before any tool executes |
| PostToolUse | After a tool succeeds |
| PermissionRequest | When permission dialog appears |
| Stop | When the agent finishes responding |
| SubagentStart/Stop | When sub-agents spawn or complete |
Hooks can approve, deny, or modify tool calls. They enable CI-like workflows: run tests after every file write, validate code before commits, block specific commands.
Patterns Used
| Pattern | How It's Used |
|---|---|
| ReAct | Core agent loop — reason, act, observe, repeat |
| Tool Router | Single model selects from ~18 tools via function calling |
| Human-in-the-Loop | Tiered permission system with approval gates |
| File-Based Memory | CLAUDE.md and auto-memory for cross-session persistence |
| Plan-and-Execute | Plan mode writes spec to disk before execution |
| Hierarchical Agent | Main agent delegates to specialized sub-agents |
| Conversation Summarization | Context compaction when window fills |