[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-752":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":10,"languages":10,"totalLinesOfCode":10,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":14,"subscribersCount":14,"size":14,"stars1d":15,"stars7d":16,"stars30d":17,"stars90d":14,"forks30d":14,"starsTrendScore":18,"compositeScore":19,"rankGlobal":10,"rankLanguage":10,"license":20,"archived":21,"fork":21,"defaultBranch":22,"hasWiki":21,"hasPages":21,"topics":23,"createdAt":10,"pushedAt":10,"updatedAt":26,"readmeContent":27,"aiSummary":28,"trendingCount":14,"starSnapshotCount":14,"syncStatus":29,"lastSyncTime":30,"discoverSource":31},752,"Dive-into-Claude-Code","VILA-Lab\u002FDive-into-Claude-Code","VILA-Lab","A Systematic Analysis and Discussion of Claude Code for Designing Today's and Future AI Agent Systems","https:\u002F\u002Farxiv.org\u002Fabs\u002F2604.14228",null,1520,228,23,0,37,136,446,111,20.08,"Other",false,"main",[24,25],"claude","claude-code","2026-06-12 02:00:18","# Dive into Claude Code\n\n\u003Cp align=\"center\">\n  \u003Cimg src=\".\u002Fassets\u002Fmain_structure.png\" width=\"85%\" alt=\"High-level system structure of Claude Code\">\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n  \u003Ca href=\".\u002Fpaper\u002FDive_into_Claude_Code.pdf\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FPaper-PDF-blue.svg?logo=adobeacrobatreader&logoColor=white\" alt=\"Paper\">\u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Farxiv.org\u002Fabs\u002F2604.14228\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2604.14228-b31b1b.svg\" alt=\"arXiv\">\u003C\u002Fa>\n  \u003Ca href=\".\u002FLICENSE\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-CC--BY--NC--SA--4.0-lightgrey.svg\" alt=\"License\">\u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FVILA-Lab\u002FDive-into-Claude-Code\u002Fstargazers\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FVILA-Lab\u002FDive-into-Claude-Code?style=social\" alt=\"Stars\">\u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n  \u003Cb>English\u003C\u002Fb> | \u003Ca href=\".\u002FREADME_zh.md\">中文\u003C\u002Fa>\n\u003C\u002Fp>\n\n> **A comprehensive source-level architectural analysis of Claude Code (v2.1.88, ~1,900 TypeScript files, ~512K lines of code), combined with a curated collection of community analyses, a design-space guide for agent builders, and cross-system comparisons.**\n\n> [!TIP]\n> **TL;DR** -- Only 1.6% of Claude Code's codebase is AI decision logic. The other 98.4% is deterministic infrastructure -- permission gates, context management, tool routing, and recovery logic. The agent loop is a simple while-loop; the real engineering complexity lives in the systems around it. This repo dissects that architecture and distills it into actionable design guidance for anyone building AI agent systems.\n\n---\n\n## Table of Contents\n\n**From Our Paper**\n\n- [🌟 Key Highlights](#key-highlights)\n- [📖 Reading Guide](#reading-guide)\n- [🏗️ Architecture at a Glance](#architecture-at-a-glance)\n- [🧭 Values and Design Principles](#values-and-design-principles)\n- [🔄 The Agentic Query Loop](#the-agentic-query-loop)\n- [🛡️ Safety and Permissions](#safety-and-permissions)\n- [🧩 Extensibility](#extensibility)\n- [🧠 Context and Memory](#context-and-memory)\n- [👥 Subagent Delegation](#subagent-delegation)\n- [💾 Session Persistence](#session-persistence)\n\n**Beyond the Paper**\n\n- [🛠️ Build Your Own AI Agent: A Design Guide](#build-your-own-ai-agent-a-design-guide)\n- [⚖️ Cross-System Comparison: Claude Code vs OpenClaw vs Hermes-Agent](#cross-system-comparison-claude-code-vs-openclaw-vs-hermes-agent)\n- [🌐 Community Projects & Research](#community-projects--research)\n- [🚀 Other Notable AI Agent Projects](#other-notable-ai-agent-projects)\n- [🔖 Citation](#citation)\n\n---\n\n## Key Highlights\n\n- **98.4% Infrastructure, 1.6% AI** -- The agent loop is a simple while-loop; the real complexity is permission gates, context management, and recovery logic.\n- **5 Values → 13 Principles → Implementation** -- Every design choice traces back to human authority, safety, reliability, capability, and adaptability.\n- **Defense in Depth with Shared Failure Modes** -- 7 safety layers, but all share performance constraints. 50+ subcommands bypass security analysis.\n- **4 CVEs Reveal a Pre-Trust Window** -- Extensions execute *before* the trust dialog appears.\n- **The Cross-Cutting Harness Resists Reimplementation** -- The loop is easy to copy; hooks, classifier, compaction, and isolation are not.\n\n---\n\n## Reading Guide\n\n| If you are a... | Start here | Then read |\n|:----------------|:-----------|:----------|\n| **Agent Builder** | [Build Your Own Agent](.\u002Fdocs\u002Fbuild-your-own-agent.md) | [Architecture Deep Dive](.\u002Fdocs\u002Farchitecture.md) |\n| **Security Researcher** | [Safety and Permissions](#safety-and-permissions) | [Architecture: Safety Layers](.\u002Fdocs\u002Farchitecture.md#seven-independent-safety-layers) |\n| **Product Manager** | [Key Highlights](#key-highlights) | [Values and Principles](#values-and-design-principles) |\n| **Researcher** | [Full Paper (arXiv)](https:\u002F\u002Farxiv.org\u002Fabs\u002F2604.14228) | [Community Resources](#community-projects--research) |\n\n`1,884 files` ·  `~512K lines` ·  `v2.1.88` ·  `7 safety layers` ·  `5 compaction stages` ·  `54 tools` ·  `27 hook events` ·  `4 extension mechanisms` ·  `7 permission modes`\n\n---\n\n\u003Cdetails open>\n\u003Csummary>\u003Ch2>Architecture at a Glance\u003C\u002Fh2>\u003C\u002Fsummary>\n\nClaude Code answers **four design questions** that every production coding agent must face:\n\n| Question | Claude Code's Answer |\n|:---------|:---------------------|\n| Where does reasoning live? | Model reasons; harness enforces. ~1.6% AI, 98.4% infrastructure. |\n| How many execution engines? | One `queryLoop` for all interfaces (CLI, SDK, IDE). |\n| Default safety posture? | Deny-first: deny > ask > allow. Strictest rule wins. |\n| Binding resource constraint? | ~200K (older models) \u002F 1M (Claude 4.6 series) context window. 5 compaction layers before every model call. |\n\nThe system decomposes into **7 components** (User → Interfaces → Agent Loop → Permission System → Tools → State & Persistence → Execution Environment) across **5 architectural layers**.\n\n\u003Cp align=\"center\">\n  \u003Cimg src=\".\u002Fassets\u002Flayered_architecture.png\" width=\"100%\" alt=\"5-layer subsystem decomposition\">\n\u003C\u002Fp>\n\n> [!NOTE]\n> For the full architectural deep dive -- 7 safety layers, 9-step turn pipeline, 5-layer compaction, and more -- see **[docs\u002Farchitecture.md](.\u002Fdocs\u002Farchitecture.md)**.\n\n\u003Cp align=\"right\">\u003Ca href=\"#dive-into-claude-code-the-design-space-of-todays-ai-agent-system\">↑ Back to top\u003C\u002Fa>\u003C\u002Fp>\n\n\u003C\u002Fdetails>\n\n---\n\n\u003Cdetails>\n\u003Csummary>\u003Ch2>Values and Design Principles\u003C\u002Fh2>\u003C\u002Fsummary>\n\nThe architecture traces from **5 human values** through **13 design principles** to implementation:\n\n| Value | Core Idea |\n|:------|:----------|\n| **Human Decision Authority** | Humans retain control via principal hierarchy. When a 93% prompt-approval rate revealed approval fatigue, response was restructured boundaries, not more warnings. |\n| **Safety, Security, Privacy** | System protects even when human vigilance lapses. 7 independent safety layers. |\n| **Reliable Execution** | Does what was meant. Gather-act-verify loop. Graceful recovery. |\n| **Capability Amplification** | \"A Unix utility, not a product.\" 98.4% is deterministic infrastructure enabling the model. |\n| **Contextual Adaptability** | CLAUDE.md hierarchy, graduated extensibility, trust trajectories that evolve over time. |\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>The 13 Design Principles\u003C\u002Fb>\u003C\u002Fsummary>\n\n| Principle | Design Question |\n|:----------|:----------------|\n| Deny-first with human escalation | Should unrecognized actions be allowed, blocked, or escalated? |\n| Graduated trust spectrum | Fixed permission level, or spectrum users traverse over time? |\n| Defense in depth | Single safety boundary, or multiple overlapping ones? |\n| Externalized programmable policy | Hardcoded policy, or externalized configs with lifecycle hooks? |\n| Context as scarce resource | Single-pass truncation or graduated pipeline? |\n| Append-only durable state | Mutable state, snapshots, or append-only logs? |\n| Minimal scaffolding, maximal harness | Invest in scaffolding or operational infrastructure? |\n| Values over rules | Rigid procedures or contextual judgment with deterministic guardrails? |\n| Composable multi-mechanism extensibility | One API or layered mechanisms at different costs? |\n| Reversibility-weighted risk assessment | Same oversight for all, or lighter for reversible actions? |\n| Transparent file-based config and memory | Opaque DB, embeddings, or user-visible files? |\n| Isolated subagent boundaries | Shared context\u002Fpermissions, or isolation? |\n| Graceful recovery and resilience | Fail hard, or recover silently? |\n\n\u003C\u002Fdetails>\n\nThe paper also applies a **sixth evaluative lens** -- long-term capability preservation -- citing evidence that developers in AI-assisted conditions score 17% lower on comprehension tests.\n\n\u003Cp align=\"right\">\u003Ca href=\"#dive-into-claude-code-the-design-space-of-todays-ai-agent-system\">↑ Back to top\u003C\u002Fa>\u003C\u002Fp>\n\n\u003C\u002Fdetails>\n\n---\n\n\u003Cdetails>\n\u003Csummary>\u003Ch2>The Agentic Query Loop\u003C\u002Fh2>\u003C\u002Fsummary>\n\n\u003Cp align=\"center\">\n  \u003Cimg src=\".\u002Fassets\u002Fiteration.png\" width=\"60%\" alt=\"Runtime turn flow\">\n\u003C\u002Fp>\n\nThe core is a **ReAct-pattern while-loop**: assemble context → call model → dispatch tools → check permissions → execute → repeat. Implemented as an `AsyncGenerator` yielding streaming events.\n\n**Before every model call**, five compaction shapers run sequentially (cheapest first): Budget Reduction → Snip → Microcompact → Context Collapse → Auto-Compact.\n\n**9-step pipeline per turn:** Settings resolution → State init → Context assembly → 5 pre-model shapers → Model call → Tool dispatch → Permission gate → Tool execution → Stop condition\n\n**Two execution paths:**\n- `StreamingToolExecutor` -- begins executing tools as they stream in (latency optimization)\n- Fallback `runTools` -- classifies tools as concurrent-safe or exclusive\n\n**Recovery:** Max output token escalation (3 retries), reactive compaction (once per turn), prompt-too-long handling, streaming fallback, fallback model\n\n**5 stop conditions:** No tool use, max turns, context overflow, hook intervention, explicit abort\n\n\u003Cp align=\"right\">\u003Ca href=\"#dive-into-claude-code-the-design-space-of-todays-ai-agent-system\">↑ Back to top\u003C\u002Fa>\u003C\u002Fp>\n\n\u003C\u002Fdetails>\n\n---\n\n\u003Cdetails>\n\u003Csummary>\u003Ch2>Safety and Permissions\u003C\u002Fh2>\u003C\u002Fsummary>\n\n\u003Cp align=\"center\">\n  \u003Cimg src=\".\u002Fassets\u002Fpermission.png\" width=\"75%\" alt=\"Permission gate\">\n\u003C\u002Fp>\n\n**7 permission modes** form a graduated trust spectrum: `plan` → `default` → `acceptEdits` → `auto` (ML classifier) → `dontAsk` → `bypassPermissions` (+ internal `bubble`).\n\n**Deny-first**: A broad deny *always* overrides a narrow allow. **7 independent safety layers** from tool pre-filtering through shell sandboxing to hook interception. Permissions are **never restored on resume** -- trust is re-established per session.\n\n> [!WARNING]\n> **Shared failure modes:** Defense-in-depth degrades when layers share constraints. Per-subcommand parsing causes event-loop starvation -- commands exceeding 50 subcommands bypass security analysis entirely to prevent the REPL from freezing.\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>More details: authorization pipeline, auto-mode classifier, CVEs\u003C\u002Fb>\u003C\u002Fsummary>\n\n**Authorization pipeline:** Pre-filtering (strip denied tools) → PreToolUse hooks → Deny-first rule evaluation → Permission handler (4 branches: coordinator, swarm worker, speculative classifier, interactive)\n\n**Auto-mode classifier** (`yoloClassifier.ts`): Separate LLM call with internal\u002Fexternal permission templates. Two-stage: fast-filter + chain-of-thought.\n\n**Pre-trust execution window:** 2 patched CVEs share this root cause -- hooks and MCP servers execute during initialization *before* the trust dialog appears, creating a structurally privileged attack window outside the deny-first pipeline.\n\n\u003C\u002Fdetails>\n\n\u003Cp align=\"right\">\u003Ca href=\"#dive-into-claude-code-the-design-space-of-todays-ai-agent-system\">↑ Back to top\u003C\u002Fa>\u003C\u002Fp>\n\n\u003C\u002Fdetails>\n\n---\n\n\u003Cdetails>\n\u003Csummary>\u003Ch2>Extensibility\u003C\u002Fh2>\u003C\u002Fsummary>\n\n\u003Cp align=\"center\">\n  \u003Cimg src=\".\u002Fassets\u002Fextensibility.png\" width=\"85%\" alt=\"Three injection points: assemble, model, execute\">\n\u003C\u002Fp>\n\n**Four mechanisms at graduated context costs:** Hooks (zero) → Skills (low) → Plugins (medium) → MCP (high). Three injection points in the agent loop: **assemble()** (what the model sees), **model()** (what it can reach), **execute()** (whether\u002Fhow actions run).\n\n**Tool pool assembly** (5-step): Base enumeration (up to 54 tools) → Mode filtering → Deny pre-filtering → MCP integration → Deduplication\n\n**27 hook events** across 5 categories with 4 execution types (shell, LLM-evaluated, webhook, subagent verifier)\n\n**Plugin manifest** accepts 10 component types: commands, agents, skills, hooks, MCP servers, LSP servers, output styles, channels, settings, user config\n\n**Skills:** SKILL.md with 15+ YAML frontmatter fields. Key difference -- SkillTool injects into current context; AgentTool spawns isolated context.\n\n\u003Cp align=\"right\">\u003Ca href=\"#dive-into-claude-code-the-design-space-of-todays-ai-agent-system\">↑ Back to top\u003C\u002Fa>\u003C\u002Fp>\n\n\u003C\u002Fdetails>\n\n---\n\n\u003Cdetails>\n\u003Csummary>\u003Ch2>Context and Memory\u003C\u002Fh2>\u003C\u002Fsummary>\n\n\u003Cp align=\"center\">\n  \u003Cimg src=\".\u002Fassets\u002Fcontext.png\" width=\"95%\" alt=\"Context construction\">\n\u003C\u002Fp>\n\n**9 ordered sources** build the context window. CLAUDE.md instructions are delivered as **user context** (probabilistic compliance), not system prompt (deterministic). Memory is **file-based** (no vector DB) -- fully inspectable, editable, version-controllable.\n\n**4-level CLAUDE.md hierarchy:** Managed (`\u002Fetc\u002F`) → User (`~\u002F.claude\u002F`) → Project (`CLAUDE.md`, `.claude\u002Frules\u002F`) → Local (`CLAUDE.local.md`, gitignored)\n\n**5-layer compaction** (graduated lazy-degradation): Budget reduction → Snip → Microcompact → Context Collapse (read-time projection, non-destructive) → Auto-Compact (full model summary, last resort)\n\n**Memory retrieval:** LLM-based scan of memory-file headers, selects up to 5 relevant files. No embeddings, no vector similarity.\n\n\u003Cp align=\"right\">\u003Ca href=\"#dive-into-claude-code-the-design-space-of-todays-ai-agent-system\">↑ Back to top\u003C\u002Fa>\u003C\u002Fp>\n\n\u003C\u002Fdetails>\n\n---\n\n\u003Cdetails>\n\u003Csummary>\u003Ch2>Subagent Delegation\u003C\u002Fh2>\u003C\u002Fsummary>\n\n\u003Cp align=\"center\">\n  \u003Cimg src=\".\u002Fassets\u002Fsubagent.png\" width=\"90%\" alt=\"Subagent architecture\">\n\u003C\u002Fp>\n\n**6 built-in types** (Explore, Plan, General-purpose, Guide, Verification, Statusline) + custom agents via `.claude\u002Fagents\u002F*.md`. **Sidechain transcripts**: only summaries return to parent (parent's context is *protected* from subagent verbosity). Three isolation modes: worktree, remote, in-process. Coordination via POSIX `flock()`.\n\n**SkillTool vs AgentTool:** SkillTool injects into current context (cheap). AgentTool spawns isolated context (expensive, but prevents context explosion).\n\n**Permission override:** Subagent `permissionMode` applies UNLESS parent is in `bypassPermissions`\u002F`acceptEdits`\u002F`auto` (explicit user decisions always take precedence).\n\n**Custom agents:** YAML frontmatter supports tools, disallowedTools, model, effort, permissionMode, mcpServers, hooks, maxTurns, skills, memory scope, background flag, isolation mode.\n\n\u003Cp align=\"right\">\u003Ca href=\"#dive-into-claude-code-the-design-space-of-todays-ai-agent-system\">↑ Back to top\u003C\u002Fa>\u003C\u002Fp>\n\n\u003C\u002Fdetails>\n\n---\n\n\u003Cdetails>\n\u003Csummary>\u003Ch2>Session Persistence\u003C\u002Fh2>\u003C\u002Fsummary>\n\n\u003Cp align=\"center\">\n  \u003Cimg src=\".\u002Fassets\u002Fsession_compact.png\" width=\"75%\" alt=\"Session persistence and context compaction\">\n\u003C\u002Fp>\n\nThree channels: append-only JSONL transcripts, global prompt history, subagent sidechains. **Permissions never restored on resume** -- trust is re-established per session. Design favors **auditability over query power**.\n\n**Chain patching:** Compact boundaries record `headUuid`\u002F`anchorUuid`\u002F`tailUuid`. The session loader patches the message chain at read time. Nothing is destructively edited on disk.\n\n**Checkpoints:** File-history checkpoints for `--rewind-files`, stored at `~\u002F.claude\u002Ffile-history\u002F\u003CsessionId>\u002F`.\n\n\u003Cp align=\"right\">\u003Ca href=\"#dive-into-claude-code-the-design-space-of-todays-ai-agent-system\">↑ Back to top\u003C\u002Fa>\u003C\u002Fp>\n\n\u003C\u002Fdetails>\n\n---\n\n## Build Your Own AI Agent: A Design Guide\n\n> Not a coding tutorial. A guide to the **design decisions** you must make, derived from architectural analysis.\n\nEvery production agent must navigate these decisions:\n\n| Decision | The Question | Key Insight |\n|:---------|:-------------|:------------|\n| [**Reasoning placement**](.\u002Fdocs\u002Fbuild-your-own-agent.md#decision-1-where-does-reasoning-live) | How much logic in the model vs. harness? | As models converge in capability, the harness becomes the differentiator. |\n| [**Safety posture**](.\u002Fdocs\u002Fbuild-your-own-agent.md#decision-2-what-is-your-safety-posture) | How do you prevent harmful actions? | Defense-in-depth fails when layers share failure modes. |\n| [**Context management**](.\u002Fdocs\u002Fbuild-your-own-agent.md#decision-3-how-do-you-manage-context) | What does the model see? | Design for context scarcity from day one. Graduated > single-pass. |\n| [**Extensibility**](.\u002Fdocs\u002Fbuild-your-own-agent.md#decision-4-how-do-you-handle-extensibility) | How do extensions plug in? | Not all extensions need to consume context tokens. |\n| [**Subagent architecture**](.\u002Fdocs\u002Fbuild-your-own-agent.md#decision-5-how-do-subagents-work) | Shared or isolated context? | Agent teams in plan mode cost ~7× tokens. Subagent summary-only returns prevent context blow-up. |\n| [**Session persistence**](.\u002Fdocs\u002Fbuild-your-own-agent.md#decision-6-how-do-sessions-persist) | What carries over? | Never restore permissions on resume. Auditability > query power. |\n\n**Read the full guide: [docs\u002Fbuild-your-own-agent.md](.\u002Fdocs\u002Fbuild-your-own-agent.md)**\n\n\u003Cp align=\"right\">\u003Ca href=\"#dive-into-claude-code-the-design-space-of-todays-ai-agent-system\">↑ Back to top\u003C\u002Fa>\u003C\u002Fp>\n\n---\n\n## Cross-System Comparison: Claude Code vs OpenClaw vs Hermes-Agent\n\nThe same recurring design questions admit different architectural answers when the deployment context changes. The table below contrasts Claude Code v2.1.88 with two notable peers — [OpenClaw](https:\u002F\u002Fgithub.com\u002Fopenclaw\u002Fopenclaw), a local-first multi-channel personal-assistant gateway, and [NousResearch\u002Fhermes-agent](https:\u002F\u002Fgithub.com\u002FNousResearch\u002Fhermes-agent), a self-improving multi-deployment agent — across the six design dimensions Section 10 of the paper uses for the OpenClaw comparison. Cells are source-grounded; this is not a feature scoreboard.\n\n| Design Dimension | Claude Code (v2.1.88) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fanthropics\u002Fclaude-code.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002Fanthropics\u002Fclaude-code) | OpenClaw [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fopenclaw\u002Fopenclaw.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002Fopenclaw\u002Fopenclaw) | Hermes-Agent [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FNousResearch\u002Fhermes-agent.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002FNousResearch\u002Fhermes-agent) |\n|:---|:---|:---|:---|\n| **System scope & deployment** | Per-user CLI \u002F SDK \u002F IDE interface for coding; one `queryLoop` async generator across entry points. | Local-first WebSocket gateway (default port 18789, loopback-bound by default; other binds available); routes ~23 messaging surfaces to an embedded agent runtime; companion apps for macOS, iOS, Android. | Three entry points: `hermes` (interactive CLI), `hermes-agent` (programmatic runtime), `hermes-acp` (ACP server); gateway adapters route messages to per-session AIAgent instances cached LRU-style (max 128, 1 h idle TTL); also runs as MCP server via `hermes mcp serve`. |\n| **Trust model & security** | Deny-first per-action evaluation; 7 permission modes; LLM-based auto-mode classifier (`yoloClassifier` \u002F `sideQuery`); session-scoped permission state (session bypass flag, app allowlist state) is not restored on resume. | Single trusted operator per gateway; DM pairing codes, sender allowlists, gateway authentication; per-agent allow \u002F deny tool policy; opt-in sandboxing via Docker \u002F SSH \u002F OpenShell, off by default; `non-main` mode sandboxes only non-main sessions; hostile multi-tenant isolation explicitly not supported. | Dangerous-command pattern detection with per-session approval state; CLI interactive prompts and gateway async prompts; auxiliary-LLM smart approval auto-approves low-risk commands; permanent allowlist persisted in `config.yaml`; subagent worker threads default to auto-deny dangerous commands (opt-in `subagent_auto_approve` for batch \u002F cron runs). |\n| **Agent runtime & tools** | Single `queryLoop` async generator with streamed event yields; environment- and feature-gated tool registry; before-API compaction (Snip, Microcompact, Context Collapse, Auto-Compact) runs conditionally, with Auto-Compact first attempting session-memory compaction. | Embedded agent runtime inside the gateway's RPC dispatch (the `agent` RPC validates parameters, accepts immediately, runs asynchronously, and streams lifecycle \u002F stream events back over the gateway protocol); per-session queue serialization with an optional global lane. | While-loop with explicit per-turn iteration budget and grace-call slot; per-turn checkpoint dedup; gateway `step_callback` hook fires on each iteration; auxiliary-model context compression summarizes middle turns while protecting head and tail. |\n| **Extension architecture** | Four mechanisms at graduated context cost: hooks → skills → plugins → MCP; 27 hook events; 10 plugin component types. | Manifest-first plugin system with 12 documented capability categories; central registry exposes tools, channels, provider setup, hooks, HTTP routes, CLI commands, services; separate skills layer with multiple sources (workspace highest precedence) plus the ClawHub public registry; `openclaw mcp` provides both an MCP server surface and an outbound client registry for other MCP servers. | 12 bundled plugins under `plugins\u002F` (context_engine, disk-cleanup, example-dashboard, google_meet, hermes-achievements, image_gen, kanban, memory, observability, platforms, spotify, strike-freedom-cockpit); MCP server (`mcp_serve.py`) exposes 10 tools; ACP adapter (`acp_adapter\u002F`) exposes Hermes as an ACP server. |\n| **Memory & context** | 4-level CLAUDE.md hierarchy; before-API compaction (Snip, Microcompact, Context Collapse, Auto-Compact); LLM-based selection from file-based Markdown memory files. | Workspace bootstrap files (AGENTS.md, SOUL.md, TOOLS.md, IDENTITY.md, USER.md) plus conditional BOOTSTRAP.md \u002F HEARTBEAT.md \u002F MEMORY.md; separate memory system (MEMORY.md, daily notes under `memory\u002FYYYY-MM-DD.md`, optional DREAMS.md); hybrid vector + keyword search when an embedding provider is configured; experimental dreaming for long-term promotion; pluggable compaction providers. | SQLite state store with FTS5 full-text search and WAL-mode concurrent readers; sessions linked by `parent_session_id` chains for compression-triggered splits; 8 swappable memory backends under `plugins\u002Fmemory\u002F` (byterover, hindsight, holographic, honcho, mem0, openviking, retaindb, supermemory); auxiliary-LLM compression as a separate context-management layer. |\n| **Multi-agent architecture** | Sub-agent delegation via sidechain transcripts; 6 built-in agent definitions (availability conditional on build \u002F mode) plus custom; a single summary message returns to parent (in-process \u002F viewable transcript cases preserve more internal detail); agent-isolation settings include `worktree` and `remote`, with an `in-process` teammate backend in the swarm path. | Two layers. (1) Multi-agent routing: per-channel isolated agents with their own workspace, auth profiles, session store, and model configuration, dispatched via deterministic binding rules. (2) Sub-agent delegation: `maxSpawnDepth` range 1–5, default 1, recommended 2; tool policy varies by depth; project vision (VISION.md) rejects agent-hierarchy frameworks as the default. | `delegate_task` tool spawns child AIAgent instances in a `ThreadPoolExecutor` (parent blocks until children complete); each child has fresh conversation history, its own `task_id`, and a restricted toolset (`DELEGATE_BLOCKED_TOOLS` strips `delegate_task`, `clarify`, `memory`, `send_message`, `execute_code`); default depth `MAX_DEPTH = 1` (configurable up to cap 3); default 3 concurrent children. |\n\n**What this contrast reveals.** Three observations follow from the table. First, **deployment context** drives the rest of the design: a per-user coding CLI converges on per-action approval and a single execution loop, a multi-channel gateway converges on perimeter trust and channel-bound agents, and a multi-deployment messaging-and-cloud agent converges on opt-in container\u002Fcloud isolation, an LLM-based smart approval, and a swappable-backend memory layer. Second, the **extension layer is where each system most clearly differentiates**: Claude Code stratifies four mechanisms by context cost, OpenClaw treats extension as registry-managed capabilities at the gateway, and Hermes-Agent ships bundled plugins plus dual MCP server \u002F ACP server surfaces other agents can connect to. Third, **memory architectures sit on a spectrum**: file-based and inspectable Markdown (Claude Code), file-based plus optional vector + experimental dreaming (OpenClaw), or full-text indexed (FTS5) plus eight swappable plugin backends including dedicated vector \u002F RAG providers (Hermes-Agent). The table is best read not as a scoreboard but as three different fixed points in the same design space.\n\n\u003Cp align=\"right\">\u003Ca href=\"#dive-into-claude-code-the-design-space-of-todays-ai-agent-system\">↑ Back to top\u003C\u002Fa>\u003C\u002Fp>\n\n---\n\n## Community Projects & Research\n\nA curated map of the repos, reimplementations, and academic papers surrounding Claude Code's architecture.\n\n### Official Anthropic Resources\n\nPrimary sources referenced throughout the paper — Anthropic's own engineering and research publications, plus product documentation.\n\n#### Research & Engineering Blogs\n\n| Article | Topic |\n|:--------|:------|\n| [Building Effective Agents](https:\u002F\u002Fwww.anthropic.com\u002Fresearch\u002Fbuilding-effective-agents) | Foundational: simple composable patterns over heavy frameworks. |\n| [Effective Context Engineering for AI Agents](https:\u002F\u002Fwww.anthropic.com\u002Fengineering\u002Feffective-context-engineering-for-ai-agents) | Context curation and token-budget management. |\n| [Harness Design for Long-Running Application Development](https:\u002F\u002Fanthropic.com\u002Fengineering\u002Fharness-design-long-running-apps) | Harness architecture for autonomous full-stack dev; multi-agent patterns. |\n| [Claude Code Auto Mode: A Safer Way to Skip Permissions](https:\u002F\u002Fwww.anthropic.com\u002Fengineering\u002Fclaude-code-auto-mode) | ML-classifier approval automation; source of the 93% approval-rate finding. |\n| [Beyond Permission Prompts: Making Claude Code More Secure and Autonomous](https:\u002F\u002Fwww.anthropic.com\u002Fengineering\u002Fclaude-code-sandboxing) | Sandbox-based security; 84% reduction in permission prompts. |\n| [Measuring AI Agent Autonomy in Practice](https:\u002F\u002Fanthropic.com\u002Fresearch\u002Fmeasuring-agent-autonomy) | Longitudinal usage: auto-approve rates grow from ~20% to 40%+ with experience. |\n| [Our Framework for Developing Safe and Trustworthy Agents](https:\u002F\u002Fwww.anthropic.com\u002Fnews\u002Four-framework-for-developing-safe-and-trustworthy-agents) | Governance framework for responsible agent deployment. |\n| [Scaling Managed Agents: Decoupling the Brain from the Hands](https:\u002F\u002Fwww.anthropic.com\u002Fengineering\u002Fmanaged-agents) | Hosted-service architecture separating reasoning, execution, and session. |\n\n#### Product Documentation\n\n| Document | Topic |\n|:---------|:------|\n| [How Claude Code Works](https:\u002F\u002Fcode.claude.com\u002Fdocs\u002Fen\u002Fhow-claude-code-works) | Official overview of the agent loop, tools, and terminal automation. |\n| [Permissions](https:\u002F\u002Fcode.claude.com\u002Fdocs\u002Fen\u002Fpermissions) | Tiered permission system, modes, granular rules. |\n| [Hooks](https:\u002F\u002Fcode.claude.com\u002Fdocs\u002Fen\u002Fhooks) | 27-event hook reference, execution models, lifecycle events. |\n| [Memory](https:\u002F\u002Fcode.claude.com\u002Fdocs\u002Fen\u002Fmemory) | CLAUDE.md hierarchy, auto memory, learned preferences. |\n| [Sub-agents](https:\u002F\u002Fcode.claude.com\u002Fdocs\u002Fen\u002Fsub-agents) | Specialized isolated assistants, custom prompts, tool access. |\n\n### Architecture Analysis\n\nDeep dives into Claude Code's internal design.\n\n| Repository | Description |\n|:-----------|:------------|\n| [**ComeOnOliver\u002Fclaude-code-analysis**](https:\u002F\u002Fgithub.com\u002FComeOnOliver\u002Fclaude-code-analysis) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FComeOnOliver\u002Fclaude-code-analysis.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002FComeOnOliver\u002Fclaude-code-analysis) | Comprehensive reverse-engineering: source tree structure, module boundaries, tool inventories, and architectural patterns. |\n| [**alejandrobalderas\u002Fclaude-code-from-source**](https:\u002F\u002Fgithub.com\u002Falejandrobalderas\u002Fclaude-code-from-source) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Falejandrobalderas\u002Fclaude-code-from-source.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002Falejandrobalderas\u002Fclaude-code-from-source) | 18-chapter technical book (~400 pages). All original pseudocode, no proprietary source. |\n| [**liuup\u002Fclaude-code-analysis**](https:\u002F\u002Fgithub.com\u002Fliuup\u002Fclaude-code-analysis) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fliuup\u002Fclaude-code-analysis.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002Fliuup\u002Fclaude-code-analysis) | Chinese-language deep-dive — startup flow, query main loop, MCP integration, multi-agent architecture. |\n| [**sanbuphy\u002Fclaude-code-source-code**](https:\u002F\u002Fgithub.com\u002Fsanbuphy\u002Fclaude-code-source-code) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fsanbuphy\u002Fclaude-code-source-code.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002Fsanbuphy\u002Fclaude-code-source-code) | Quadrilingual analysis (EN\u002FJA\u002FKO\u002FZH) — multi-domain reports covering telemetry, codenames, KAIROS, unreleased tools. |\n| [**cablate\u002Fclaude-code-research**](https:\u002F\u002Fgithub.com\u002Fcablate\u002Fclaude-code-research) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fcablate\u002Fclaude-code-research.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002Fcablate\u002Fclaude-code-research) | Independent research on internals, Agent SDK, and related tooling. |\n| [**Yuyz0112\u002Fclaude-code-reverse**](https:\u002F\u002Fgithub.com\u002FYuyz0112\u002Fclaude-code-reverse) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FYuyz0112\u002Fclaude-code-reverse.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002FYuyz0112\u002Fclaude-code-reverse) | Visualize Claude Code's LLM interactions — log parser and visual tool to trace prompts, tool calls, and compaction. |\n\n### Open-Source Reimplementations\n\nClean-room rewrites and buildable research forks.\n\n| Repository | Description |\n|:-----------|:------------|\n| [**chauncygu\u002Fcollection-claude-code-source-code**](https:\u002F\u002Fgithub.com\u002Fchauncygu\u002Fcollection-claude-code-source-code) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fchauncygu\u002Fcollection-claude-code-source-code.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002Fchauncygu\u002Fcollection-claude-code-source-code) | Meta-collection of community Claude Code source artifacts -- includes claw-code (Rust port), nano-claude-code (Python), and the extracted original source archive. |\n| [**777genius\u002Fclaude-code-working**](https:\u002F\u002Fgithub.com\u002F777genius\u002Fclaude-code-working) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002F777genius\u002Fclaude-code-working.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002F777genius\u002Fclaude-code-working) | Working reverse-engineered CLI. Runnable with Bun, 450+ chunk files, 31 feature flags polyfilled. |\n| [**T-Lab-CUHKSZ\u002Fclaude-code**](https:\u002F\u002Fgithub.com\u002FT-Lab-CUHKSZ\u002Fclaude-code) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FT-Lab-CUHKSZ\u002Fclaude-code.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002FT-Lab-CUHKSZ\u002Fclaude-code) | CUHK-Shenzhen buildable research fork — reconstructed build system from raw TypeScript snapshot. |\n| [**ruvnet\u002Fopen-claude-code**](https:\u002F\u002Fgithub.com\u002Fruvnet\u002Fopen-claude-code) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fruvnet\u002Fopen-claude-code.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002Fruvnet\u002Fopen-claude-code) | Nightly auto-decompile rebuild — 903+ tests, 25 tools, 4 MCP transports, 6 permission modes. |\n| [**Enderfga\u002Fopenclaw-claude-code**](https:\u002F\u002Fgithub.com\u002FEnderfga\u002Fopenclaw-claude-code) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FEnderfga\u002Fopenclaw-claude-code.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002FEnderfga\u002Fopenclaw-claude-code) | OpenClaw plugin — unified ISession interface for Claude\u002FCodex\u002FGemini\u002FCursor. Multi-agent council. |\n| [**memaxo\u002Fclaude_code_re**](https:\u002F\u002Fgithub.com\u002Fmemaxo\u002Fclaude_code_re) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fmemaxo\u002Fclaude_code_re.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002Fmemaxo\u002Fclaude_code_re) | Reverse engineering from minified bundles — deobfuscation of the publicly distributed cli.js file. |\n| [**agentforce314\u002Fclawcodex**](https:\u002F\u002Fgithub.com\u002Fagentforce314\u002Fclawcodex) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fagentforce314\u002Fclawcodex.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002Fagentforce314\u002Fclawcodex) | Python rebuild with multi-provider LLM support. |\n\n### Claude Code Guides & Learning\n\nTutorials and hands-on learning paths for Claude Code itself.\n\n| Repository | Description |\n|:-----------|:------------|\n| [**shareAI-lab\u002Flearn-claude-code**](https:\u002F\u002Fgithub.com\u002FshareAI-lab\u002Flearn-claude-code) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FshareAI-lab\u002Flearn-claude-code.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002FshareAI-lab\u002Flearn-claude-code) | \"Bash is all you need\" — 19-chapter 0-to-1 course with runnable Python agents, web platform. ZH\u002FEN\u002FJA. |\n| [**FlorianBruniaux\u002Fclaude-code-ultimate-guide**](https:\u002F\u002Fgithub.com\u002FFlorianBruniaux\u002Fclaude-code-ultimate-guide) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FFlorianBruniaux\u002Fclaude-code-ultimate-guide.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002FFlorianBruniaux\u002Fclaude-code-ultimate-guide) | Beginner-to-power-user guide with production-ready templates, agentic workflow guides, and cheatsheets. |\n| [**affaan-m\u002Feverything-claude-code**](https:\u002F\u002Fgithub.com\u002Faffaan-m\u002Feverything-claude-code) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Faffaan-m\u002Feverything-claude-code.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002Faffaan-m\u002Feverything-claude-code) | Agent harness optimization — skills, instincts, memory, security, and research-first development. |\n\n### General Harness Engineering Design Space Resources\n\nExternal resources that complement this paper's design-space analysis — concept essays, curricula, and code that illuminate the harness layer as an engineering practice.\n\n| Repository | Description |\n|:-----------|:------------|\n| [**deusyu\u002Fharness-engineering**](https:\u002F\u002Fgithub.com\u002Fdeusyu\u002Fharness-engineering) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fdeusyu\u002Fharness-engineering.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002Fdeusyu\u002Fharness-engineering) | Learning archive — original concept essays, independent thinking pieces, and curated translations of harness-engineering writing; from concept to independent practice. |\n| [**walkinglabs\u002Flearn-harness-engineering**](https:\u002F\u002Fgithub.com\u002Fwalkinglabs\u002Flearn-harness-engineering) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fwalkinglabs\u002Flearn-harness-engineering.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002Fwalkinglabs\u002Flearn-harness-engineering) | Project-based English course with PDF coursebooks, syllabus, and capstone, organized around five harness subsystems: instructions, state, verification, scope, and session lifecycle. |\n| [**china-qijizhifeng\u002Fagentic-harness-engineering**](https:\u002F\u002Fgithub.com\u002Fchina-qijizhifeng\u002Fagentic-harness-engineering) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fchina-qijizhifeng\u002Fagentic-harness-engineering.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002Fchina-qijizhifeng\u002Fagentic-harness-engineering) | Observability system that auto-evolves a coding agent's harness — a meta-agent reads execution traces and rewrites system prompts, tools, middleware, skills, sub-agents, and memory. |\n\n### Blog Posts & Technical Articles\n\n| Article | What Makes It Valuable |\n|:--------|:----------------------|\n| [Marco Kotrotsos — \"Claude Code Internals\" (15-part series)](https:\u002F\u002Fkotrotsos.medium.com\u002Fclaude-code-internals-part-1-high-level-architecture-9881c68c799f) | Most systematic pre-leak analysis. Architecture, agent loop, permissions, sub-agents, MCP, telemetry. |\n| [Alex Kim — \"The Claude Code Source Leak\"](https:\u002F\u002Falex000kim.com\u002Fposts\u002F2026-03-31-claude-code-source-leak\u002F) | Anti-distillation mechanisms, frustration detection, Undercover Mode, ~250K wasted API calls\u002Fday. |\n| [Haseeb Qureshi — Cross-agent architecture comparison](https:\u002F\u002Fgist.github.com\u002FHaseeb-Qureshi\u002F2213cc0487ea71d62572a645d7582518) | Claude Code vs Codex vs Cline vs OpenCode — architecture-level comparison. |\n| [George Sung — \"Tracing Claude Code's LLM Traffic\"](https:\u002F\u002Fmedium.com\u002F@georgesung\u002Ftracing-claude-codes-llm-traffic-agentic-loop-sub-agents-tool-use-prompts-7796941806f5) | Complete system prompts and full API logs. Discovered dual-model usage (Opus + Haiku). |\n| [Agiflow — \"Reverse Engineering Prompt Augmentation\"](https:\u002F\u002Fagiflow.io\u002Fblog\u002Fclaude-code-internals-reverse-engineering-prompt-augmentation\u002F) | 5 prompt augmentation mechanisms backed by actual network traces. |\n| [Engineer's Codex — \"Diving into the Source Code Leak\"](https:\u002F\u002Fread.engineerscodex.com\u002Fp\u002Fdiving-into-claude-codes-source-code) | Modular system prompt, ~40 tools, large query\u002Ftool subsystem, anti-distillation. |\n| [MindStudio — \"Three-Layer Memory Architecture\"](https:\u002F\u002Fwww.mindstudio.ai\u002Fblog\u002Fclaude-code-source-leak-memory-architecture) | In-context memory, MEMORY.md pointer index, CLAUDE.md static config. Best single resource on memory. |\n| [WaveSpeed — \"Claude Code Architecture: Leaked Source Deep Dive\"](https:\u002F\u002Fwavespeed.ai\u002Fblog\u002Fposts\u002Fclaude-code-architecture-leaked-source-deep-dive\u002F) | 512K-line TS source deep dive; context compression and anti-distillation. |\n| [Zain Hasan — \"Inside Claude Code: An Architecture Deep Dive\"](https:\u002F\u002Fzainhas.github.io\u002Fblog\u002F2026\u002Finside-claude-code-architecture\u002F) | Layered architecture, 5 entry modes, multi-agent walkthrough. |\n\n### Related Academic Papers\n\n| Paper | Venue | Relevance |\n|:------|:------|:----------|\n| [Decoding the Configuration of AI Coding Agents](https:\u002F\u002Farxiv.org\u002Fabs\u002F2511.09268) | arXiv | Empirical study of 328 Claude Code configuration files — SE concerns and co-occurrence patterns. |\n| [On the Use of Agentic Coding Manifests](https:\u002F\u002Farxiv.org\u002Fabs\u002F2509.14744) | arXiv | Analyzed 253 CLAUDE.md files from 242 repos — structural patterns in operational commands. |\n| [Context Engineering for Multi-Agent Code Assistants](https:\u002F\u002Farxiv.org\u002Fabs\u002F2508.08322) | arXiv | Multi-agent workflow combining multiple LLMs for code generation. |\n| [OpenHands: An Open Platform for AI Software Developers](https:\u002F\u002Farxiv.org\u002Fabs\u002F2407.16741) | ICLR 2025 | Primary academic reference for open-source AI coding agents. |\n| [SWE-Agent: Agent-Computer Interfaces](https:\u002F\u002Farxiv.org\u002Fabs\u002F2405.15793) | NeurIPS 2024 | Docker-based coding agent with custom agent-computer interface. |\n\n### How This Paper Differs\n\n> While the projects above focus on **engineering reverse-engineering** or **practical reimplementation**, this paper provides a **systematic values → principles → implementation** analytical framework — tracing five human values through thirteen design principles to specific source-level choices, and using OpenClaw comparison to reveal that cross-cutting integrative mechanisms, not modular features, are the true locus of engineering complexity.\n\n**See the full curated list with more resources: [docs\u002Frelated-resources.md](.\u002Fdocs\u002Frelated-resources.md)**\n\n\u003Cp align=\"right\">\u003Ca href=\"#dive-into-claude-code-the-design-space-of-todays-ai-agent-system\">↑ Back to top\u003C\u002Fa>\u003C\u002Fp>\n\n---\n\n## Other Notable AI Agent Projects\n\nRecently launched (2025–2026) open-source AI agent projects outside the Claude Code ecosystem.\n\n| Repository | Launch | Focus |\n|:-----------|:-------|:------|\n| [**openclaw\u002Fopenclaw**](https:\u002F\u002Fgithub.com\u002Fopenclaw\u002Fopenclaw) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fopenclaw\u002Fopenclaw.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002Fopenclaw\u002Fopenclaw) | Jan 2026 | Local-first personal AI assistant across messaging platforms. |\n| [**sst\u002Fopencode**](https:\u002F\u002Fgithub.com\u002Fsst\u002Fopencode) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fsst\u002Fopencode.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002Fsst\u002Fopencode) | Jun 2025 | Provider-agnostic terminal coding agent. |\n| [**NousResearch\u002Fhermes-agent**](https:\u002F\u002Fgithub.com\u002Fnousresearch\u002Fhermes-agent) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fnousresearch\u002Fhermes-agent.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002Fnousresearch\u002Fhermes-agent) | Feb 2026 | Self-improving personal agent with cross-session memory. |\n| [**666ghj\u002FMiroFish**](https:\u002F\u002Fgithub.com\u002F666ghj\u002FMiroFish) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002F666ghj\u002FMiroFish.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002F666ghj\u002FMiroFish) | Mar 2026 | Multi-agent swarm-intelligence simulation engine. |\n| [**MemPalace\u002Fmempalace**](https:\u002F\u002Fgithub.com\u002FMemPalace\u002Fmempalace) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FMemPalace\u002Fmempalace.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002FMemPalace\u002Fmempalace) | 2026 | Local-first memory system for AI agents. |\n| [**multica-ai\u002Fmultica**](https:\u002F\u002Fgithub.com\u002Fmultica-ai\u002Fmultica) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fmultica-ai\u002Fmultica.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002Fmultica-ai\u002Fmultica) | 2026 | Managed-agents platform for task assignment and skill compounding. |\n| [**badlogic\u002Fpi-mono**](https:\u002F\u002Fgithub.com\u002Fbadlogic\u002Fpi-mono) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fbadlogic\u002Fpi-mono.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002Fbadlogic\u002Fpi-mono) | Aug 2025 | Monorepo coding-agent toolkit — unified LLM API (OpenAI\u002FAnthropic\u002FGoogle), TUI + web UI, per-cwd session persistence. |\n| [**coleam00\u002FArchon**](https:\u002F\u002Fgithub.com\u002Fcoleam00\u002FArchon) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fcoleam00\u002FArchon.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002Fcoleam00\u002FArchon) | Feb 2025 | Deterministic harness — YAML-defined workflows with execution audit trail; contrast to model-driven agent loops. |\n| [**HKUDS\u002Fnanobot**](https:\u002F\u002Fgithub.com\u002FHKUDS\u002Fnanobot) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FHKUDS\u002Fnanobot.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002FHKUDS\u002Fnanobot) | Feb 2026 | Ultra-lightweight personal AI agent from HKU-DS; minimalist design contrast to heavyweight harnesses. |\n| [**HKUDS\u002FOpenHarness**](https:\u002F\u002Fgithub.com\u002FHKUDS\u002FOpenHarness) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FHKUDS\u002FOpenHarness.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002FHKUDS\u002FOpenHarness) | Apr 2026 | Open agent harness with built-in personal agent (Ohmo); academic reference point on harness architecture. |\n| [**openai\u002Fsymphony**](https:\u002F\u002Fgithub.com\u002Fopenai\u002Fsymphony) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fopenai\u002Fsymphony.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002Fopenai\u002Fsymphony) | Feb 2026 | OpenAI's orchestration for isolated, autonomous implementation runs — parallel-session design axis. |\n| [**karpathy\u002Fautoresearch**](https:\u002F\u002Fgithub.com\u002Fkarpathy\u002Fautoresearch) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fkarpathy\u002Fautoresearch.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002Fkarpathy\u002Fautoresearch) | Mar 2026 | Andrej Karpathy's autonomous AI-agent loop that runs nanochat training research on a single GPU. |\n| [**HKUDS\u002FCLI-Anything**](https:\u002F\u002Fgithub.com\u002FHKUDS\u002FCLI-Anything) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FHKUDS\u002FCLI-Anything.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002FHKUDS\u002FCLI-Anything) | Mar 2026 | \"Making ALL Software Agent-Native\" — unified CLI surface that wraps arbitrary software as agent-callable tools. |\n| [**Panniantong\u002FAgent-Reach**](https:\u002F\u002Fgithub.com\u002FPanniantong\u002FAgent-Reach) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FPanniantong\u002FAgent-Reach.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002FPanniantong\u002FAgent-Reach) | Feb 2026 | One CLI giving agents read\u002Fsearch access to Twitter, Reddit, YouTube, GitHub, Bilibili, and Xiaohongshu without paid APIs; ships with MCP and Claude Code \u002F Cursor integration. |\n| [**agentscope-ai\u002FQwenPaw**](https:\u002F\u002Fgithub.com\u002Fagentscope-ai\u002FQwenPaw) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fagentscope-ai\u002FQwenPaw.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002Fagentscope-ai\u002FQwenPaw) | Feb 2026 | Personal AI assistant from the AgentScope team — self-hosted or cloud, multi-chat-app support, and extensible capabilities. |\n| [**cft0808\u002Fedict**](https:\u002F\u002Fgithub.com\u002Fcft0808\u002Fedict) [![Star](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fcft0808\u002Fedict.svg?style=social&label=Star)](https:\u002F\u002Fgithub.com\u002Fcft0808\u002Fedict) | Feb 2026 | OpenClaw-based multi-agent orchestration modeled on the Tang-dynasty Three Departments and Six Ministries (三省六部制) bureaucracy: 9 specialized agents, real-time dashboard, model config, and full audit trails. |\n\n\u003Cp align=\"right\">\u003Ca href=\"#dive-into-claude-code-the-design-space-of-todays-ai-agent-system\">↑ Back to top\u003C\u002Fa>\u003C\u002Fp>\n\n---\n[![Star History Chart](https:\u002F\u002Fapi.star-history.com\u002Fsvg?repos=VILA-Lab\u002FDive-into-Claude-Code&type=Date)](https:\u002F\u002Fwww.star-history.com\u002F#VILA-Lab\u002FDive-into-Claude-Code&Date)\n\n## Citation\n\n\u003C!-- \u003Cdetails>\n\u003Csummary>BibTeX\u003C\u002Fsummary> -->\n\n```bibtex\n@article{diveclaudecode2026,\n  title={Dive into Claude Code: The Design Space of Today's and Future AI Agent Systems},\n  author={Jiacheng Liu, Xiaohan Zhao, Xinyi Shang, and Zhiqiang Shen},\n  year={2026},\n  eprint={2604.14228},\n  archivePrefix={arXiv},\n  primaryClass={cs.SE},\n}\n```\n\n\u003C\u002Fdetails>\n\n\n## License\n\nThis work is licensed under [CC BY-NC-SA 4.0](https:\u002F\u002Fcreativecommons.org\u002Flicenses\u002Fby-nc-sa\u002F4.0\u002F).\n","Dive-into-Claude-Code 是一个对 Claude Code 进行系统性分析和讨论的项目，旨在为当今及未来的 AI 代理系统设计提供参考。该项目通过对 Claude Code（v2.1.88）大约 1,900 个 TypeScript 文件、512K 行代码进行源码级架构分析，并结合社区分析、构建指南以及跨系统比较，揭示了 Claude Code 的核心架构特点：仅 1.6% 的代码库涉及 AI 决策逻辑，其余 98.4% 则是用于权限控制、上下文管理、工具路由等基础设施。此外，项目还总结了从设计原则到实现细节的一系列指导，适用于任何希望深入了解或构建复杂 AI 代理系统的开发者。",2,"2026-06-11 02:39:03","CREATED_QUERY"]