DEV Community

Ritavidhata
Ritavidhata

Posted on

Inside Claude's Brain: What I Learned from Anaalyzing 75KB of AI Agent Architecture

#ai #typescript #opensource #architecture

Building production-grade AI coding agents isn't magic—it's engineering. Here's what the leaked Claude CLI code taught me about tool systems, task management, and secure AI orchestration.

The Unexpected Teacher

When I got my hands on leaked source code from Anthropic's Claude CLI agent, I expected chaos. What I found instead was architectural brilliance—a masterclass in building production-ready AI systems that every developer should study.

Over 75KB of well-structured TypeScript code revealed patterns that separate toy projects from enterprise-grade AI agents. Here's what I learned.

1. The Tool System is Everything

Every operation in Claude is a tool—file reads, bash commands, web searches, even subagent spawning. But what makes it brilliant is the buildTool pattern:

const MyTool = buildTool({
  name: 'MyTool',
  inputSchema: z.object({
    path: z.string(),
    recursive: z.boolean().optional()
  }),

  async call(input, context, canUseTool, parentMessage, onProgress) {
    const canUse = await canUseTool('MyTool', input)
    if (!canUse.allowed) return { data: { error: canUse.reason } }

    onProgress?.({ toolUseID: context.toolUseId, data: { type: 'progress' } })

    return { data: await performOperation(input) }
  }
})
Enter fullscreen mode Exit fullscreen mode

Tools aren't just functions—they're first-class citizens with:

  • ✅ Built-in permission systems (3 modes)
  • ✅ Progress tracking
  • ✅ Sandbox execution
  • ✅ Custom UI rendering

2. Permission Systems Must Be Granular

Claude has three permission modes:

Default (Safest): Prompt for everything
Auto (Balanced): Auto-approve safe operations, prompt for risky ones
Bypass (Dangerous): No checks (sandboxes only)

Rule syntax: Read(src/**), Bash(git:*), Edit(package.json)

3. Parallel Task Management

Tasks have:

  • Prefixed IDs for type identification
  • Output streaming (prevents memory bloat)
  • Pause/resume support
  • Concurrent execution limits
  • Automatic cleanup

4. Defense-in-Depth Security

4 layers:

  1. Input validation (Zod schemas)
  2. Permission checks (granular rules)
  3. Sandbox execution (resource limits)
  4. Output sanitization (detect sensitive data)

Principle: Never trust input. Always validate, sandbox, and sanitize.

5. Predictable State Management

Immutable, Redux-style updates:

setAppState(prev => ({
  ...prev,
  messages: [...prev.messages, newMessage]
}))
Enter fullscreen mode Exit fullscreen mode

Benefits: Predictable, easy debugging, thread-safe, performant.

6. MCP Integration

Model Context Protocol (MCP) makes agents infinitely extensible without changing core code.

Key Takeaways

  1. Tools > Functions - First-class citizens
  2. Granular permissions - Not just allow/deny
  3. Parallel execution - Sequential is too slow
  4. Layered security - Never trust, always validate
  5. Predictable state - Immutable updates
  6. Protocol extensibility - MCP, plugins

Open Source Specs

I documented everything in a public repository:

🔗 github.com/formatho/coding-agent-specs

  • 📚 75KB architectural docs
  • 💻 200+ TypeScript examples
  • 📊 15+ architecture diagrams
  • 🔒 Security best practices
  • ⚡ Production-ready patterns
  • 📜 MIT licensed

Star the repo ⭐ if helpful!

The future of AI-assisted development is being written now. Let's make it open source. 🚀

Top comments (0)