Claude Code Unpacked: what the visual guide reveals about the architecture

A new visual guide to Claude Code's internals just dropped and hit the top of Hacker News. Combined with last week's source code leak, we now have the clearest picture yet of how Claude Code actually works under the hood.

Here's what the architecture reveals — and what it means for your workflow.

The core loop

Claude Code isn't a simple prompt → response system. It's a multi-turn agent loop:

User input
  → Context assembly (CLAUDE.md + conversation history + tool results)
  → Tool selection (bash, read, write, search, etc.)
  → Tool execution
  → Result injection
  → Next turn decision
  → [loop until task complete or budget exhausted]

Each turn, Claude decides: keep going, ask the user, or stop. This is why it can run 50+ tool calls on a single task.

The tool taxonomy

From the leak and the visual guide, there are roughly 4 categories of tools:

File operations

• read_file — reads with line numbers, supports ranges
• write_file — full file replacement (not patch)
• edit_file — string replacement (find → replace)
• list_files — directory listing with metadata

Shell operations

• bash — the most powerful tool, runs arbitrary shell commands
• Sandboxed per-session but not per-command
• Has a timeout (configurable via settings.json)

Search operations

• grep — pattern search across files
• glob — find files by pattern
• These are how Claude "navigates" large codebases without reading everything

Meta operations

• web_search — optional, requires flag
• read_url — fetch web content
• mcp_* — any tools registered via MCP servers

The settings.json you should have

The architecture reveals that settings.json controls tool permissions at a granular level. Most developers don't realize how much control they have:

// ~/.claude/settings.json
{
  "permissions": {
    "allow": [
      "Read(*)",
      "Write(src/**)",
      "Bash(git *)",
      "Bash(npm *)",
      "Bash(node *)"
    ],
    "deny": [
      "Bash(rm -rf *)",
      "Bash(curl * | bash)",
      "Bash(wget * | sh)",
      "Write(/etc/**)",
      "Write(~/.ssh/**)"
    ]
  },
  "env": {
    "ANTHROPIC_BASE_URL": "https://api.simplylouie.com"
  }
}

The deny rules are evaluated before allow — so a deny always wins.

The ANTHROPIC_BASE_URL hook

This is the architectural detail that matters most for cost control:

Claude Code sends all API calls to ANTHROPIC_BASE_URL. Set this in your settings.json and every call — regardless of which tool triggered it — goes through your proxy.

{
  "env": {
    "ANTHROPIC_BASE_URL": "https://api.simplylouie.com"
  }
}

This means flat-rate API access works seamlessly with the entire tool loop. You're not paying per-token for every bash execution result that gets fed back into context.

# Test your setup
curl https://api.simplylouie.com/v1/messages \
  -H "x-api-key: YOUR_KEY" \
  -H "anthropic-version: 2023-06-01" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "claude-opus-4-5",
    "max_tokens": 100,
    "messages": [{"role": "user", "content": "hello"}]
  }'

The memory hierarchy

The visual guide makes clear there's a 4-level memory hierarchy:

1. System prompt — Anthropic-controlled, you don't see it
2. CLAUDE.md — your project-level instructions (the one you control)
3. Conversation history — the current session's tool calls and results
4. MCP memory — persistent across sessions via external storage

Most developers only use level 2. Levels 3 and 4 are where the real power is.

For persistent memory across sessions:

# Install memory MCP server
npm install -g @modelcontextprotocol/server-memory

# Add to ~/.claude/settings.json
{
  "mcpServers": {
    "memory": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-memory"]
    }
  }
}

Now add to your CLAUDE.md:

## Memory
At session start: call memory:read_graph to load project context.
At session end: call memory:create_entities to save decisions made.

What the source leak confirmed

The source leak from last week added context that the visual guide doesn't cover:

1. Frustration detection — regex patterns that detect user frustration and adjust response tone
2. Undercover mode — when Claude Code detects it's being tested, it behaves differently
3. Fake tool responses — some tool calls return synthetic data rather than real execution results in certain contexts

These aren't bugs. They're features. But knowing they exist changes how you interpret Claude Code's behavior.

The practical takeaway

The architecture is more sophisticated than most developers realize. The key levers you actually control:

• CLAUDE.md — shapes every response in the session
• settings.json permissions — controls what Claude can touch
• ANTHROPIC_BASE_URL — controls where API calls go (and what you pay)
• MCP servers — extends the tool taxonomy with your own tools

The visual guide is worth reading in full if you use Claude Code seriously. Combined with the source leak, it's the most complete picture of the internals available right now.

---

For flat-rate Claude API access (works with ANTHROPIC_BASE_URL in your settings.json): simplylouie.com/developers