A source-code-level review of Anthropic’s Claude Code — 1,902 files, 513K lines of TypeScript. This episode takes you inside the codebase to understand how one of the most capable AI coding agents actually works under the hood.
This is the first episode of the Deep Dives series, where we go beyond product demos and into actual source code. Claude Code is Anthropic’s CLI-based coding agent — and its internals reveal fascinating engineering decisions about how to build reliable, safe, and extensible AI tooling.
Claude Code runs on Bun (not Node), renders its terminal UI with Ink (React for the terminal), and manages state with Zustand. It supports 4 API providers, 6 MCP transport types, and has a modular architecture split across dozens of subsystems.
At the heart of Claude Code is an async generator that orchestrates every interaction. Each query passes through a 6-step flow: user input processing, tool planning, tool execution, continuation decisions, and response generation — with post-sampling hooks that can intercept and modify behavior at every stage.
The tool catalog is extensive — from file read/write and glob/grep search to shell execution, web fetching, notebook editing, and MCP server integration. Each tool runs through a streaming executor with sibling-abort capability, meaning one tool can cancel another if it gets a better result first.
Safety is deeply engineered. The 3-layer permission model (tool → mode → rules) draws from 8 different rule sources and includes bash AST analysis that actually parses shell commands before deciding whether to allow execution. There are 7 permission modes ranging from fully automatic to fully manual.
When Claude Code needs to parallelize work, it spawns subagents — specialized workers with their own context windows and tool access. There are 6 agent types, each with a 7-step lifecycle and fork mechanics that share cache for efficiency.
The memory system uses MEMORY.md as a pointer index with 4 distinct memory types. Security spans 6 layers including 24 bash validators, an ML classifier for detecting prompt injection, and permission gates that cannot be bypassed — even by the AI itself.
We also explored context autocompaction, the speculation system, the Buddy companion (18 species with rarity tiers!), computer use and voice mode, telemetry, team memory sync, and over 200 spinner verbs hidden as easter eggs.
Claude Code is 513K lines of TypeScript across 1,902 files — built on Bun, rendered with Ink (React for terminals), state managed by Zustand.
The core query loop is an async generator with a 6-step flow: user input → tool planning → execution → continuation decision → response, with post-sampling hooks at every stage.
43 built-in tools span file I/O, search, shell execution, web access, MCP, and notebook editing — each with a streaming executor and sibling-abort capability.
Permissions use a 3-layer model (tool → mode → rules) with 7 modes and 8 rule sources, including bash AST analysis that parses shell commands before execution.
Subagents run as a swarm — 6 agent types with a 7-step lifecycle, fork mechanics, and shared cache. The Agent tool itself spawns specialized subprocess workers.
The memory system uses MEMORY.md as a pointer index with 4 memory types (user, feedback, project, reference), Sonnet model selection, and an autoDream feature.
Security has 6 layers of defense including 24 bash validators, an ML classifier for prompt injection, and a never-bypassable permission gate.
John is Head of AI & Developer Relations at Itential, a Google Developer Expert, former Cisco AI Technical Leader, former Senior Network Architect for the Parliament of Canada — and a fellow Ca...
Alex Seymour is a contributor to IBM's open-source agent infrastructure (BAI framework, Agent Stack, and the Relay project), exploring what it takes to build general-purpose agentic systems at ente...
AI Governance Isn't an Afterthought — It's a Kill SwitchLogan Kelly, founder of Waxel, built AI agents for sales automation, shipped them to production, and immediately realized he had no control o...