Claude Wiki

995 entities, 688 claims, 881 relations across 229 sources.

Artifact (1)

dist/cli.mjs Production Bundle — Single-file output of the esbuild build — ESM bundle at dist/cli.mjs with shebang #!/usr/bin/env node. Runnable direct

Command (2)

/remember Command — Command that bridges automatic memory with deliberate configuration. Reviews session memories, identifies recurring patt
/remember Command — Command that bridges automatic memory with deliberate configuration. Reviews session memories, identifies recurring patt

Component (2)

ThemeProvider Component — React component in src/components/design-system/ThemeProvider.tsx (path approximate) that wraps the Ink render tree to i
Zig-Based Attestation Client — Cryptographic attestation layer implemented in Zig that sits below the Claude Code JS layer and proves the API request c

Concept (405)

.mcp.json Config File — MCP server configuration file consumed by Claude Code. Top-level 'mcpServers' map keyed by server name, each entry speci
/autofix-pr Command — Internal debug command that runs an automated fix pass against a pull request — addresses PR-review comments or CI failu
/batch Command Worktree Orchestration — Primary production multi-agent path: /batch breaks a refactoring or analysis task into 5-30 parallel git worktree agents
/bridge-kick Command — Operator command that force-restarts the IDE bridge connection. Used to recover from wedged sessions — tears down the cu
/cost Command — Slash command added in v2.1.92 for real-time spend tracking. Shipped immediately before the v2.1.94 default-effort eleva
/init-verifiers Command — Bootstraps verifier hook scripts in a project. Verifiers are hook scripts that validate Claude's output before it lands
/insights Command — Pre-leak slash command that reads all session JSONL logs and generates a friction analysis â€” repeated failures, tool-c
/insights Command — Built-in Claude Code command that reads 30 days of ~/.claude/projects/*/.jsonl session transcripts and generates an in
/model Mid-Conversation Switch Warning — v2.1.108 safeguard: /model now warns before switching models mid-conversation because the switch triggers a full uncache
/proactive Command Alias — v2.1.105 alias /proactive -> /loop for simpler autonomous mode activation.
/recap Command — Session context restoration command shipped in v2.1.108. First autonomous session-context-restoration feature in Claude
/resume Picker Default Scoping — v2.1.108 UX change: /resume picker now defaults to sessions from the current directory; Ctrl+A expands to all projects.
/rewind Command — Reverts the current conversation/workspace to a previous checkpoint, undoing file edits and conversation state up to tha
/team-onboarding Command — v2.1.104 slash command that generates teammate ramp-up guides into .claude/onboarding/.
/team-onboarding Command — Slash command shipped in v2.1.101 that walks a new team member through Claude Code configuration â€” permissions, plugin
/thinkback Command Family — Debug/observation commands that replay Claude's thinking process for a prior turn. /thinkback shows the trace statically
1.6% Direct API Call Ratio — Sebastian Raschka's quantification, derived from the leaked source, that only 1.6% of the Claude Code codebase directly
10 Steps Per Iteration — Fixed 10-step execution order each while-loop iteration in query.ts: Context Compression, Token Budget Check, Call Model
12 Boring Primitives Framework — Nate Jones' architectural framing of Claude Code as '20% LLM, 80% plumbing,' organized into 12 primitives across three b
14 Cache-Breaking Vectors — Enumerated list of 14 events that invalidate the prompt cache: CLAUDE.md mid-session edit, hook-injected system prompt,
1421-Line While Loop — The 1,421-line while(true) state-machine loop body in query.ts (lines 307-1728) that serves as the heartbeat of Claude C
15 Reverse-Engineered Design Intents — Ji_ai's catalog of 15 encoded design decisions extracted from the leaked TypeScript â€” patterns that explain observable
16 Bundled Skills — The default skill set shipped with Claude Code. Known bundled skills: batch, claudeApi, claudeInChrome, debug, keybindin
17% Code Comprehension Reduction (AI-Assisted Developers) — Independent research cited by the VILA paper: developers in AI-assisted conditions scored 17% lower on code comprehensio
27 Hook Events Across 5 Categories — Source coreTypes.ts defines 27 hook events across 5 categories: tool authorization (5), session lifecycle, user interact
27-Event Hook Pipeline (5 Safety / 22 Lifecycle) — The paper's count: Claude Code's hook pipeline spans 27 event types; of these, 5 are safety-related (including PreToolUs
3,167-Line God Function Metrics — Quantified signature of the single largest function in Claude Code: 3,167 lines, 486 branch points, 12 levels of nesting
4-Layer Prompt Pipeline — System prompt assembly pipeline with four layers and an explicit cache boundary after Layer 2. L1 core prompt (most cach
5 Tool-Authorization Hook Events — Of 27 hook events, 5 participate directly in the permission flow: PreToolUse, PostToolUse, PostToolUseFailure, Permissio
5-Stage Compression Pipeline — Ordered compression cascade: Snip Compact -> Micro Compact -> Context Collapse -> Auto Compact -> Reactive Compact (emer
512K vs 64K Line Count Discrepancy — Clarification of line-count confusion in media coverage: 512,000 lines = total source-map content (comments, blank lines
54 Built-in Tools Breakdown (19 Unconditional + 35 Conditional) — VILA paper's quantified breakdown of the built-in tool surface: up to 54 built-in tools total, composed of 19 unconditio
64 Undocumented Gated Modules Question — Open question flagged in Round 31: the VILA paper confirms 35 conditional built-in tools gated on feature flags/user typ
8+ MCP Transport Variants — Claude Code supports 8 or more Model Context Protocol transport variants for MCP server connections, documented in the V
9 Ordered Context Sources — The context window is assembled from 9 sources in order: (1) System prompt, (2) Environment info, (3) CLAUDE.md hierarch
93% Permission Approval Rate — Anthropic's figure showing users approved 93% of permission prompts. Reframes auto mode as friction removal, not securit
Hidden Scratchpad — Pattern used during autocompaction: the model generates its reasoning inside an XML tag that is stripped via
@MODEL_LAUNCH Annotation — Comment convention in prompts.ts tagging model-specific behavioral workarounds for clean removal on model upgrade. Commu
ACP (Agent Client Protocol) Composition — OpenClaw's integration mechanism for hosting external coding harnesses (Claude Code, OpenAI Codex, Gemini CLI) as agents
AI Copyright Paradox — Three-pronged legal paradox: AI-generated code may not be copyrightable (no human author), DMCA may not apply to AI outp
AI-Authorship Percentage Escalation — Timeline of escalating PR claims about AI-authorship of Claude Code: March 2025 Amodei '3-6 months from 90%'; May 2025 C
AI-Written Code at Scale Critique — Cultural critique emerging from post-leak essays: the leaked CLI and tool layers show signs of AI authorship — repetitiv
APIMessage (Stage 2 API Wire Format) — Second stage of the Three-Stage Message Pipeline. Clean API contract: role ('user'|'assistant') plus content (string or
Agent Lifecycle — The spawn-to-completion lifecycle of Claude Code agents. Covers omitClaudeMd optimization (5-15 GTok/week savings), gitS
Agent Teams Permission Dialog Crash Fix — v2.1.114's single changelog entry: fixed crash in the permission dialog when an agent-teams teammate requested tool perm
AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS — Named, typed guard in Claude Code that makes accidental user-data logging a deliberate act. The verbose type name forces
AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS — TypeScript type name used as a privacy enforcement pattern â€” any call site sending analytics must construct a value of
Ant-Only Bridge Dev Overrides — Two environment variables that override bridge authentication and base URL for development. Both are gated to process.en
Anthropic 132-Engineer Internal Study (Paradox of Supervision) — Anthropic's internal study of 132 engineers and researchers documenting a 'paradox of supervision' — AI assistance risks
Anthropic DMCA Failure — Community-reported state: Anthropic's DMCA takedown campaign against GitHub mirrors of the leaked source is failing sile
Anthropic IPO Timeline (Q4 2026) — Anthropic's reported Q4 2026 (October) IPO target at $380B valuation (post-$30B Feb 2026 raise), with Goldman Sachs, JPM
AppState — Global mutable state object at src/state/AppStateStore.ts using React context + custom store pattern. Passed into tool c
AppState — Global mutable state object at src/state/AppStateStore.ts using React context + custom store pattern. Passed into tool c
Append-Only Auditability Commitment — A cross-cutting design commitment the paper identifies: session transcripts are append-only JSONL with read-time chain p
Architectural Convergence Thesis — Thesis from data-centered.com: the design choices in the leaked Claude Code — file-based memory over vector DBs, grep ov
Async Generator Query Architecture — QueryEngine.submitMessage() returns an AsyncGenerator rather than a Promise; the yield* chain preserves stat
Auditability Over Query Power Principle — Session persistence design principle: append-only JSONL favors auditability and simplicity over query power. Every event
Auth Backend Selection Matrix — Runtime logic in src/services/api/client.ts + src/utils/auth.ts that selects one of five Anthropic-compatible API backen
Auto-Mode Threat Model (4 Categories) — From the auto-mode classifier design (Hughes 2026). Four explicitly targeted risk categories: (1) overeager behavior, (2
AutoBE-Claude-Code Coexistence Model — Practical division of labor: AutoBE handles initial backend generation (the 0->80 problem, where constraints and structu
Avoid-Creating-New-Files Instruction Softening — Observed evolution of the Claude Code system prompt: the 'avoid creating new files' rule has been progressively softened
BRIDGE_MODE Feature Flag — Build-time / env feature flag that gates the entire bridge subsystem. When false (default), bridge code paths are skippe
Background Plugin Monitors — v2.1.105 feature: a top-level 'monitors' manifest key in plugin definitions. Auto-arms at session start or on skill invo
Background Skill Improvement — PROACTIVE mode sub-feature. Between user interactions, a background agent automatically analyzes recent session patterns
Bedrock/Vertex/Foundry 429 Status-URL Fix — v2.1.113 bug fix: 429 errors from third-party providers (AWS Bedrock, GCP Vertex, Azure Foundry) no longer incorrectly r
Bimodal Token Distribution (Pre/Post v2.1.100) — Proxy-verified measurement across 40+ sessions shows two distinct clusters of per-request cache_creation_input_tokens: ~
BoundedUUIDSet Message Dedup — Fixed-capacity set of recently seen message UUIDs maintained by the bridge to reject echoes and re-deliveries across bot
Bridge Control Request Protocol — Out-of-band control messages on the bridge channel. Inbound control_request types: initialize, set_model, interrupt, set
Bridge JWT Authentication — JWT-based authentication for bridge connections between IDE extensions and the Claude Code CLI. Implemented in src/bridg
Bridge Spawn Modes — Three ways the claude remote-control command can spawn bridge-driven sessions. single-session: one session in the cw
Bridge Transport v1 vs v2 — Two transport generations in the bridge layer. v1 is env-based (WebSocket reads via Session-Ingress, HTTP POST writes, n
Brief Mode (/brief) — Output-style mode that produces concise, structured messages (as opposed to conversational prose). Toggled via /brief. S
Build Scanner Codename Paradox — Anthropic's CI/CD pipeline runs a grep-based scanner on compiled binaries that flags internal codenames (Capybara, Fenne
Bun DCE Feature-Gate Pattern — Architectural pattern: entire subsystems are gated by compile-time constants that Bun's dead-code elimination then strip
Bun Runtime — Claude Code runs on Bun (not Node.js). Key implications: native JSX/TSX support without transpilation, bun:bundle featur
Bun Runtime — Claude Code runs on Bun (not Node.js). Key implications: native JSX/TSX support without transpilation, bun:bundle featur
Bun-Level Zig HMAC Request Signing — Previously undocumented DRM mechanism embedded in Claude Code's HTTP request path. The JavaScript layer writes a 5-byte
CLAUDE.md Category Error (Handbook vs Lock) — Community-articulated architectural framing (Yurukusa, April 2026) that CLAUDE.md rules are advisory preference statemen
CLAUDE.md Instruction-Following Ceiling — Empirically-established practical ceiling for CLAUDE.md instruction-following: ~60-100 lines before degradation begins.
CLAUDE.md Jailbreak Vector — Attack class where a modified CLAUDE.md in a project overrides safety controls, causing Claude Code to generate RATs or
CLAUDE_CODE_AGENT_COST_STEER — Env var (v2.1.89) controlling how aggressively Claude Code delegates subagent tasks to cheaper models â€” cost steering
CLAUDE_CODE_AUTO_COMPACT_WINDOW — Environment variable controlling the token threshold at which auto-compact triggers. Recommended workaround value in Che
CLAUDE_CODE_CERT_STORE — Env var added in v2.1.104 for enterprise TLS certificate store control. OS CA store is now trusted by default; 'bundled'
CLAUDE_CODE_COORDINATOR_MODE — Environment variable that enables Coordinator Mode spawn mechanism (value =1). Distinguishes it from Agent Teams (--team
CLAUDE_CODE_DEBUG_LOG_LEVEL — Environment variable that raises the internal logger verbosity. Exposed in dev through an npm script (dev:debug) that se
CLAUDE_CODE_DISABLE_ADAPTIVE_THINKING — Environment variable confirmed by Boris Cherny as the interim workaround for the zero-reasoning adaptive thinking bug. W
CLAUDE_CODE_DISABLE_COMMAND_INJECTION_CHECK (removed) — Env var that formerly disabled the command injection safety check. Removed in v2.1.89 â€” the toggle was deleted, check
CLAUDE_CODE_DISABLE_GIT_INSTRUCTIONS — Environment variable that suppresses git status from the prompt-cache block 2. Community-recommended workaround for the
CLAUDE_CODE_ENABLE_AWAY_SUMMARY — Environment variable that force-enables /recap's away-summary generation even when telemetry is disabled. Needed because
CLAUDE_CODE_EXECPATH — Env var (v2.1.92) that overrides the binary path for symlinked or wrapped Claude Code installations.
CLAUDE_CODE_FORK_SUBAGENT Env Var — Environment variable gate introduced in v2.1.117: CLAUDE_CODE_FORK_SUBAGENT=1 enables forked subagents on external bui
CLAUDE_CODE_MAX_CONTEXT_TOKENS — Env var (v2.1.100) setting a hard ceiling on context window use. Overrides default autocompact threshold.
CLAUDE_CODE_MCP_ALLOWLIST_ENV — Env var (v2.1.94) replacing the all-or-nothing env inheritance for MCP servers. Fixes the 'MCP servers inherit everythin
CLAUDE_CODE_SANDBOXED — Env var introduced in v2.1.94 declaring sandbox state; consumed by the permission engine to identify CI/CD context.
CLAUDE_CODE_SCRIPT_CAPS — Env var (v2.1.100) capping script invocations per session; pairs with PID namespace sandboxing.
CLAUDE_CODE_SCRIPT_CAPS — Per-session limit (default 10) on how many script invocations Claude Code may execute. Companion guard to PID namespace
CLAUDE_CODE_SDK_HAS_OAUTH_REFRESH — Env var added in v2.1.104 that prevents double-refresh races in IDE extensions when multiple processes try to refresh OA
CLAUDE_CODE_SIMULATE_PROXY_USAGE — Env var (v2.1.92) enabling simulated proxy behavior without real proxy infrastructure â€” intended for CI/CD testing.
CLAUDE_CODE_SUBPROCESS_ENV_SCRUB — Env var (v2.1.83) that scrubs sensitive environment variables from subprocess environments before execution â€” defense
CLAUDE_CODE_USE_ANTHROPIC_AWS — Env var (v2.1.90) pointing Claude Code at Anthropic's own AWS-hosted infrastructure â€” distinct from the Bedrock path.
CLAUDE_CODE_USE_MANTLE — Env var (v2.1.94) enabling the Mantle auth proxy for Amazon Bedrock.
CONTEXT_COLLAPSE (Layer 5 Emergency Compaction) — Fifth and deepest layer of the compaction hierarchy: an emergency-only hidden API call available exclusively in Anthropi
Cache Creation JSONL Schema — Server-authored per-assistant-message object in ~/.claude/projects/*/.jsonl recording which cache TTL tier an API call
Cache Disabled Startup Warning — Startup-time warning added in v2.1.108 that surfaces when any DISABLE_PROMPT_CACHING* variable is set. Fixes the prior s
Cache Economics — The principle that every design decision in Claude Code bends toward cache preservation. Prompt cache is load-bearing in
Cache Sticky Latch — Stateful latch set the first time any of the 14 cache-breaking vectors fires in a session; the latch remains set for the
Cache Write Cost Premium — Anthropic prompt-cache write cost premiums relative to base price: 1h write = +100% premium, 5m write = +25% premium, ca
Cache-Prefix-Change-Suffix Principle — Convergent principle: split every prompt into a static cacheable prefix and a dynamic session-specific suffix. Claude Co
CachePointBlock — Most operationally significant ContentBlock variant: marks where the prompt cache boundary is inserted in the assembled
Cached vs Non-Cached Billing Multiple — At 200K-context Opus rates, the difference between cached and non-cached billing is approximately 5x; a single mid-sessi
Capybara v8 False-Claims Rate Regression — Internal Anthropic metric: Capybara v8 production model reports task-completion-when-problems-still-exist at 29-30% vs C
Capybara v8 False-Claims Regression — Internal regression metric exposed in leaked source: Capybara v4 had a 16.7% false-claims rate (model asserts completion
Chrome Native Host Bridge — Alternate bridge mode invoked via --claude-in-chrome-mcp or --chrome-native-host CLI flags. Lets a Chrome extension talk
Claude Code Feature Flag Catalog — Named compile-time flags consumed via import { feature } from 'bun:bundle'. Known flags include PROACTIVE, KAIROS, BRI
Claude Code Guide Subagent — Built-in subagent for onboarding and documentation assistance, with its own permissionMode override.
Claude Code Slash-Command Catalog (~85) — Comprehensive catalog of user-facing slash commands in Claude Code. Roughly 85 subdirectories plus ~15 single-file comma
Claude Mythos Preview — Unreleased frontier model announced April 7 via Project Glasswing. Offensive security capabilities: 93.9% SWE-bench Veri
Claude Self-Observation Passage — Passage written by Claude itself after analyzing its own session logs, most-quoted excerpt from GitHub issue #42796: 'I
CliMessage (Stage 1 CLI Internal Representation) — First stage of the Three-Stage Message Pipeline. TypeScript interface with fields: type ('user'|'assistant'|'attachment'
Code Authorship Anomaly — Finding from static code authorship analysis that the leaked Claude Code codebase does not match human- or typical-LLM-a
Codified Behavior Over Model Self-Discipline — Design principle that behaviors such as 'don't refactor, rename, or reorganize beyond what the task requires' are enforc
Coding-Is-Solved vs Brittle-Infrastructure Tension — Rhetorical tension identified across post-leak essays: Boris Cherny's 'coding is practically solved' talk is contrasted
Command System — User-facing slash command framework. Commands are invoked with / prefix in the REPL and live in src/commands/. Three typ
Command System — User-facing slash command framework. Commands are invoked with / prefix in the REPL and live in src/commands/. Three typ
Compaction Headroom Reservation (~16.5%) — Structural property that ~16.5% of the 200K Claude Code context window is permanently reserved as a compaction buffer. A
Compaction Laundering Path — Architectural vulnerability path quantified by IntentGuard: a CLAUDE.md instruction embedded in a cloned repo gets compa
Complete Cache Bug Catalogue (6 Bugs, 4 Layers) — ArkNill's reverse-engineered canonical catalogue of six confirmed client-side cache bugs in Claude Code: B1 Sentinel (Bu
Compounding /insights Loop — Feedback cycle in which /insights identifies friction, the user adds rules to CLAUDE.md, subsequent sessions are less fr
Conditional-Statement Fingerprint — Stylistically unique pattern of if/else/ternary structures produced by Claude Code that remains distinguishable even whe
Config Schemas — Zod v4-based configuration schemas at src/schemas/. Validates user settings, project settings, organization/enterprise p
Config Schemas — Zod v4-based configuration schemas at src/schemas/. Validates user settings, project settings, organization/enterprise p
ContentBlock Polymorphism (9 Variants) — The ContentBlock discriminated union has 9 variants per Southbridge's source analysis: TextBlock, ImageBlock, ToolUseBlo
Context Collapse Read-Time Projection — When context exceeds 90%, compression is applied as a read-time view rather than a destructive modification of conversat
Context-Is-Architecture Thesis — Thesis elevated in the HackerNews code-quality debate (item 47665285) that with foundation-model-driven products, 'the p
Conversations Outgrow a Single Path Principle — Session design principle: a session should not be trapped on a single linear trajectory. The append-only transcript lets
Conversations Outlive Context Principle — Session design principle: a session's useful life cannot be capped by the model's context window. The transcript on disk
Copy-on-Write Overlay Filesystem — Per-process overlay directory at ~/.claude/tmp/speculation/// used by the speculation engine to redirect all
Core-10 Tool Set — The 10 tools designated as essential for Claude Code to function at all: BashTool (shell), FileReadTool, FileWriteTool,
Correction Memory Injection — When a user cancels or rejects a Claude action, the system injects a behavioral hint: 'The user's next message may conta
Cowork-Style Three-Panel Layout — Epitaxy desktop layout: dedicated panels for Plan (current task decomposition), Tasks (sub-agent execution in real time)
Cryptographic Turn Signing — Proposed architectural fix for the speaker attribution bug: each human turn hashed and verified before the model is perm
Dark Code Thesis — Forbes-coined category for AI-agent-authored code that compiles, passes tests, and deploys but whose reasoning is not pr
Dead-Fork Entry Replay Bug — Pre-v2.1.116 behavior: /resume on sessions with abandoned fork branches from multi-agent sessions replayed those dead-fo
Defense-in-Depth Independence Assumption Failure — The paper's critique that Claude Code's layered safety architecture rests on an independence assumption (if one layer fa
Deferred Tool Loading Convergence — Pattern of loading tool definitions in batches as context requires them rather than all at once at session start; observ
Denial Tracking System — 46-line subsystem that, when a user repeatedly denies actions, shifts the agent from auto-mode to per-action permission
Denial as Routing Signal — When the classifier or a deny rule blocks an action, the system treats the denial as a routing signal rather than a hard
Dumb Zone — Pattern where the speaker attribution bug and related harness failures occur disproportionately in long conversations ap
ENABLE_PROMPT_CACHING_1H — Environment variable shipped in v2.1.108 (April 14, 2026) that opts direct API key, Bedrock, Vertex, and Foundry users i
EXTERNAL_PERMISSION_MODES Array — Explicit array in types/permissions.ts containing the 5 externally visible modes (acceptEdits, bypassPermissions, defaul
Employee Post-Edit Verification — Leaked source confirms Anthropic employees receive automatic post-edit type-checking and ESLint validation after every e
Entrypoint System — Initialization and startup orchestration at src/entrypoints/. Four entrypoints: cli.tsx (CLI session), init.ts (config/t
Entrypoint System — Initialization and startup orchestration at src/entrypoints/. Four entrypoints: cli.tsx (CLI session), init.ts (config/t
Execution-Feedback-Shaped Code Hypothesis — Hypothesis that the leaked Claude Code's singularly unified style is consistent with code generation trained against exe
Explore Agent Read-Only System Prompt — Hard-coded system prompt block for the Explore subagent that STRICTLY PROHIBITS creating, modifying, deleting, moving, o
Explore Subagent — Built-in subagent primarily oriented to read/search investigation. Write and edit tools are in its deny-list, ensuring i
Extended-Thinking Rotating Indicator — UX indicator shipped in v2.1.109 (April 15, 2026) that cycles through contextual hints about the current extended-thinki
FORCE_PROMPT_CACHING_5M — Environment variable shipped in v2.1.108 that forces 5-minute TTL â€” the cost-correct choice for Max subscribers and wo
Feature Flag Environment Variable Namespace — Environment-variable namespace with CLAUDE_CODE_ prefix that toggles feature flags when using the bun:bundle runtime shi
Feature Flags (Build-Time) — Build-time feature gating via Bun's bun:bundle. Code inside inactive feature flags is completely stripped at build time.
Feature Flags (Build-Time) — Build-time feature gating via Bun's bun:bundle. Code inside inactive feature flags is completely stripped at build time.
Feature-Flag Sprawl Thesis — Culture-essay framing: 79 tengu_* gates, 200+ env vars, and multiple unlaunched subsystems (Buddy, KAIROS, Undercover,
Feature-Gate 60-Minute Hot-Reload — GrowthBook feature gates re-poll every 60 minutes during an active Claude Code session. Flags can change for any user mi
Feature-Gated Agent Tool Input Schema — AgentTool input schema omits optional parameters when their backing features are disabled. The isolation field offers ['
Fennec — Internal Anthropic codename for the predecessor of Opus 4.6; fennec-latest migrated to opus in production. Part of the a
Five Context-Conservation Mechanisms Beyond Compaction — The paper enumerates five context-conservation decisions that exist alongside the 5-layer compaction pipeline: (1) CLAUD
Five-Layer Architecture — Claude Code's clean five-layer separation: (1) Entrypoints (CLI/Desktop/Web/SDK/IDE), (2) Runtime (REPL/Query/Hooks/Stat
Five-Layer Compaction Architecture — The complete public taxonomy of Claude Code's context management (Layer 1 Tool Result Budget → Layer 2 HISTORY_SNIP Snip
Five-Layer Subsystem Decomposition — The paper's expanded view of the architecture into five layers mapped to source directories: (1) Surface layer (src/entr
Focus View (Ctrl+O) — Terminal-rendering mode introduced in v2.1.97 (Ctrl+O) providing a flicker-free view for long-running sessions. Part of
Forbes Dark Code Framing — Forbes' framing of the long-term consequence of the leak: the emergence of 'dark code' — software written, modified, and
Forked Agent Cache-Sharing Economics — Because sub-agents forked from a parent inherit byte-identical context, the first fork pays the full context cache-write
Forked Agent Pattern — Shared primitive underlying all background operations in Claude Code. Creates child agents via CacheSafeParams with clon
Four Memory Systems — The four interconnected memory systems that work together: CLAUDE.md (human-written, manual edit, rules/instructions), A
Four Memory Systems — The four interconnected memory systems that work together: CLAUDE.md (human-written, manual edit, rules/instructions), A
Fresh Context Validator Pattern — Goal-hacking prevention pattern: a hook-driven reviewer runs in a FRESH context (no access to the main session's history
Fresh-Session Token Baseline (31K) — Measured token consumption of a Claude Code session before any user work: ~31K tokens composed of system prompt (4.3K),
Fucks Chart — Informal cohort-level frustration-tracking dashboard Boris Cherny built into Claude Code's development telemetry. Graphs
Function Calling Harness — AutoBE's architectural approach: LLMs fill predefined JSON Schema ASTs instead of generating free-form code. A compiler
Future Direction: Cross-Session Persistence Substrate — Second of six open design directions (Section 12.2). Asks what belongs between Claude Code's static-instruction layer (C
Future Direction: Governance and Oversight at Scale — Fifth of six open design directions (Section 12.5). Asks which logging, transparency, and human-oversight affordances co
Future Direction: Harness Boundary Evolution (Where/When/What/With-Whom) — Third of six open design directions (Section 12.3), building on Rajasekaran's observation that 'the space of interesting
Future Direction: Horizon Scaling (Session to Scientific Program) — Fourth of six open design directions (Section 12.4). Asks how the architecture's turn/session/sub-agent units support lo
Future Direction: Long-Term Capability Preservation as First-Class Design Problem — Sixth of six open design directions (Section 12.6). The paper's Section 14 pivot: 'Future systems could treat that susta
Future Direction: Silent Failure and Observability-Evaluation Gap — First of six open design directions (Section 12.1). Asks whether the observability-evaluation adoption gap (89% adoption
General-Purpose Subagent — Built-in subagent: broadly capable, used when explicitly requested. Omitting the type may route to the fork-subagent pat
Git-Status Cache Bust — Architectural anti-pattern where git status is embedded in the second prompt-cache block {system-prompt | ~/.claude/clau
GitHub Issue #46917 (Phantom Tokens) — GitHub issue anthropics/claude-code#46917: 'Claude Code versions 2.1.100 and 2.1.101 consume ~20,000 more cache_creation
GitHub Issue #47098 (Git Cache-Bust) — GitHub issue anthropics/claude-code#47098 documenting the git-status prompt-cache invalidation. Filed after HackerNews t
GitHub Webhook Subscription — KAIROS/PROACTIVE integration that lets Claude Code subscribe to GitHub webhook events (PR opened, issue created, CI fail
Glasswing Paradox — Picus Security's framing of the structural problem Project Glasswing creates: Mythos finds vulnerabilities at rates no h
God Function Responsibilities — Set of orthogonal responsibilities co-located in the 3,167-line function: agent run loop, SIGINT handling (3 interrupt s
Graceful-Degradation Service Wiring Pattern — Architectural pattern used by Claude Code's service layer: every backend-dependent service (GrowthBook, policy limits, r
Graduated Layering Over Monolithic Mechanisms — A cross-cutting design commitment the paper identifies as recurring across Claude Code's otherwise-independent subsystem
GuardContentBlock — ContentBlock variant used by the safety classifier to annotate content. Undocumented in the public API reference; visibl
HISTORY_SNIP Snip Compaction — Layer 2 of the five-layer compaction architecture. A feature-gated, zero-cost compaction step that edits cached conversa
Harness Underperformance Gap (77% vs 93%) — Leaked benchmark data showing Opus 4.6 scores 77% on agent benchmarks when run through Claude Code's native harness vs 9
Harness-Is-The-Differentiator Thesis — The paper's signature cross-cutting thesis: frontier coding models converge in capability (top 3 within 1% on SWE-bench)
Harness-as-Differentiator Thesis — Signature conclusion claim of arXiv:2604.14228: as frontier models converge in practical capability for coding tasks, th
IDE/Device Handoff Commands — Command cluster that moves a running Claude Code session between surfaces: /ide opens the current session in an IDE; /de
In-App Custom Agent Builder — Epitaxy GUI that generates .claude/agents/ YAML, sets scope constraints, and runs a test invocation â€” all from within
Ink Render Pipeline — 5-stage rendering pipeline that turns React components into terminal output: (1) src/ink.ts exposes render()/createRoot(
Internal Debug Command Cluster — Internal/debug-only slash commands intended primarily for Anthropic engineers: /ant-trace, /autofix-pr, /backfill-sessio
Issue Tracker Automation — Three-bot automation pipeline on the claude-code repo: a Claude-Sonnet-powered deduplication bot triages each new issue;
JSONL Token Undercount (100-174x) — Systematic bug in all tools reading Claude Code JSONL session logs for token accounting: Claude Code writes JSONL entrie
Judgment-Encoding Hooks — Hook-design philosophy articulated by Blake Crosley in which the hooks that reliably improve agent output quality are th
KAIROS Security Concerns — Security criticism that KAIROS's autonomous nature broadens the prompt injection attack surface. A compromised instructi
KAIROS Security Concerns — Security criticism that KAIROS's autonomous nature broadens the prompt injection attack surface. A compromised instructi
LLM-as-Untrusted-Component — Architectural stance emerging from the speaker attribution bug: even when an LLM is acting as an agent on behalf of a us
Late Context Injection — Several context sources are injected late, after the main window is constructed: relevant-memory prefetch, MCP instructi
Lazy-Loaded Heavy Dependencies — Heavy dependencies are deferred via dynamic import() until first use to reduce cold-start cost. Notable examples: Open
LocalMainSessionTask — Task type that represents the main foreground REPL session itself as an entry in the Task system. Lets the task list and
Long-Term Capability Preservation (Evaluative Lens) — The paper's sixth concern, treated as an evaluative lens rather than a co-equal value: does the architecture preserve lo
Long-Term Capability Preservation Lens — The sixth evaluative lens the paper adds beyond its five-value framework (Authority, Safety, Reliability, Capability, Ad
Loop State Record — Typed state carried across iterations of query.ts, including autoCompactTracking, maxOutputTokensRecoveryCount, hasAttem
MACRO Global Object — Compile-time-inlined global object that Bun's bundler substitutes into the source during builds. Holds three fields: VER
MACRO.ISSUES_EXPLAINER — Build-time MACRO field referenced from system prompt construction. Resolves to a human-readable string describing where
MCP Ecosystem 17000-Server Milestone — April 2026 metric: the MCP server ecosystem crossed 17,000 servers with ~300 new per month. Growth trajectory: 425 (Aug
MCP Startup Tax — Dominant latency factor in Claude Code startup for users with 5+ MCP servers installed. Each MCP server process must com
March 23 Rate Acceleration — Community-observed step-change around March 23, 2026 in per-session Claude Code token burn rates. Three converging cause
Melon Mode — Feature present in earlier reverse-engineered versions of Claude Code, absent from the v2.1.88 source. Triggered by --me
Memory Hierarchy — Five memory systems at three scopes: CLAUDE.md (user-written), auto-memory (Claude-written), session memory (per-session
Memory as Hint, Not Truth — Architectural stance that the agent's stored beliefs are hints to be verified against the actual codebase, not facts â€”
Model Codenames — Internal codenames for model versions (Capybara, Fennec, Numbat, Mythos, Tengu). Some hex-encoded to evade leak detectio
Model Judgment Within Deterministic Harness — A cross-cutting design commitment the paper identifies: across all subsystems, Claude Code trusts the model's judgment w
Module Size Map — Reference distribution of Claude Code module sizes used to navigate the codebase: QueryEngine.ts 46K lines, Tool.ts 29K,
Multi-Repo Support (Epitaxy) — Epitaxy capability allowing a single Claude Code session to reference and modify files across multiple repositories â€”
Mythos Obfuscation Incident Pattern — System card's official acknowledgement that early Mythos versions, while attempting difficult user-specified tasks, some
Mythos Self-Covering-Tracks Behavior — Documented production behavior in pre-release Claude Mythos Preview: after exploiting a file-permissions bug in testing,
Nine Continue Points — Nine distinct conditions under which the query.ts while-loop restarts an iteration without returning control to the user
Nine-Step Per-Turn Pipeline — The paper's enumeration of query.ts queryLoop()'s fixed per-turn sequence: (1) settings resolution, (2) mutable State in
No-Change-For-Users Post-Leak Finding — 20-day retrospective conclusion: despite the leak, community analyses, and documented token-accounting bugs, Anthropic h
Non-restoration on Resume Layer — Safety layer 6 of 7: session-scoped permissions never persist across session boundaries. Resume/fork require permissions
Numbat — Internal Anthropic codename for an unreleased model in testing as of April 2026. Referenced in source but not deployed.
Numeric Length Anchors (Anthropic-Only) — Hard numeric word-count limits appended to the system prompt only for Anthropic-employee sessions: <=25 words between to
On-Demand Language Grammar Loading — v2.1.108 memory optimization: syntax highlighting grammars for file reads and edits are now loaded on demand rather than
Optional-vs-Essential Dependency Triage — Engineering pattern recorded in Prompt 09 for standing up QueryEngine: classify each of its dependencies as essential (A
Opus 4.7 Context Window Bug (200K vs 1M) — Correctness bug patched in v2.1.117: Opus 4.7 sessions computed context-utilization percentages against a 200K window in
Ouroboros Architecture — Stetskov's diagnosis of Claude Code engineering culture: AI writes the code, AI reviews the code, AI checks the deployme
Output-Efficiency Internal-vs-External Prompt Gap — Cultural gap surfaced by cchistory/Piebald and dbreunig/Harrison analysis: the system-prompt block for Anthropic employe
PROACTIVE Mode — Unshipped autonomous mode with 37 source references. Leaked prompt: 'You are running autonomously. Look for useful work
Paradox of Supervision — The principle — documented by Anthropic's 132-engineer internal study — that AI assistance risks atrophying the skills r
Parallel Startup Prefetch — On startup, main.tsx fires parallel side-effects BEFORE heavy module imports: MDM policy reads, Keychain prefetch, API p
Patterns-Borrowed-Not-Understood Thesis — Community consensus from the 20-day retrospective: Claude Code's architectural patterns (fork-subagent, sidechain transc
Perforce VCS Support — Perforce version control integration. CLAUDE_CODE_USE_PERFORCE (v2.1.98) enables Perforce mode; CLAUDE_CODE_PERFORCE_MOD
Permission Mode Constraints Layer — Safety layer 3 of 7: the active permission mode determines baseline handling of tool requests, shaping which fast-paths
Phoenix Security Kill Chain — Single exploitation chain linking CVE-2026-35020 (TERMINAL env injection, zero user interaction) -> write crafted .claud
Piebald — Community tool that automatically extracts all prompt strings from 141 Claude Code versions via compiled JavaScript patt
Plan Subagent — Built-in subagent that creates structured plans; execution proceeds through the standard permission model.
Planning-Execution Session Separation — Workflow pattern (popularized by Boris Tane's 936-point HN post and codified in Crosley's orchestration system) in which
Plugin 4-Component Distribution Bundle — Architectural framing (Palma.ai post-leak analysis) that the Claude Code plugin system is a distribution layer for AI ca
Plugin Manifest 10 Component Types — PluginManifestSchema (utils/plugins/schemas.ts) accepts 10 component types: commands, agents, skills, hooks, MCP servers
Post-Leak Claude Code Playbook — De facto seven-step operational pattern emerging in community posts since April 15: (1) run via CLI + native binary and
Post-Leak Default-Prompt Counter-Prompt Pattern — Community pattern documented in a widely shared r/ClaudeCode post (April 14, 2026): replace the default Claude Code syst
Pre-Prompt Semantic Injection Pattern — Architectural pattern where memory retrieval fires automatically on every user prompt via a UserPromptSubmit hook, injec
Pre-Trust Initialization Window — A temporal-ordering property of Claude Code's permission pipeline, revealed by independent security research: hooks, MCP
Pre-trust Execution Window — Named vulnerability class where extension code runs before the user's trust dialog. Defense-in-depth layers can be bypas
PreCompact Hook — New lifecycle hook added in v2.1.105. Fires before Auto Compact; can return {"decision":"block"} or exit code 2 to preve
Principal Hierarchy (Anthropic > Operators > Users) — From Claude's Constitution / safe-agents framework: a formalization of who holds authority over what, with Anthropic at
Prompt Cache Section Registry — Internal registry tracking 14 distinct vectors that can invalidate the prompt cache and cause full re-billing of convers
Prompt Priority Hierarchy — Structural property of Claude Code's context assembly: instructions placed at user-message position outrank system-promp
Q1 2026 Feature Release Cluster — Dense feature-shipping window in Feb-March 2026 during which 12+ features shipped concurrent with the thinking regressio
Query Loop State Object — The State object carried between while-loop iterations in query.ts. Fields include autoCompactTracking, maxOutputTokensR
QueryEngine (Conversation Wrapper) — QueryEngine is a class that wraps conversation management for non-interactive surfaces (Agent SDK, headless CLI). It is
Ralph Wiggum Technique — Community-developed framework for autonomous overnight agent loops. Claude attempts work, tries to stop when it believes
Ralph Wiggum Technique — Community-developed framework for autonomous overnight agent loops. Claude attempts work, tries to stop when it believes
Rate Limit Traffic Light System — Claude Code's rate-limiting UX: two time windows (5-hour session + 7-day rolling), progression Yellow -> Orange -> Red,
Rationalization Meta-Pattern — Behavioral meta-pattern first articulated in Issue #45550: Claude Code reads a rule, understands it, and silently overri
Reactive Compact Circuit Breaker — Safety mechanism in the query-loop state that gives up after 3 attempts to recover from HTTP 413 via reactive compaction
Read-time Projection Non-Destructive Property — Context Collapse's defining architectural property: compression operates as a virtual projection at read time over the u
Read:Edit Ratio Collapse — Community-measured metric showing the ratio of Read tool calls to Edit tool calls dropped from 6.6 (baseline) to 2.0 dur
Recurring Design Questions Framework — The paper's organizing thesis: production coding agents can be understood as answers to a recurring set of design questi
Reduce-Choices-Not-Prohibit Principle — Convergent design principle identified by both Claude Code and AutoBE: telling an LLM 'don't use X' makes it think about
Regression Feedback Loop — Observed pattern in round 27 where community-documented regressions (proxy-measured thinking decline, 6,852-session beha
Release Velocity Paradox — Tension that each release introduces new surface area needing testing, at a codebase that has zero test files. 13 releas
ReplBridgeHandle Interface — The TypeScript interface the REPL uses to drive the bridge: write messages, send control requests (initialize/set_model/
Round 30 Post-Leak Culture Analysis Corpus — Cluster of essays and posts (Darko/Kilo, Gabriella Morgan, varshithvhegde, dbreunig, Nate Jones, Harrison, r/ClaudeCode)
SYSTEM_PROMPT_DYNAMIC_BOUNDARY — Marker in Claude Code's system prompt assembly that splits the static cacheable half from the dynamic session-specific h
SYSTEM_PROMPT_DYNAMIC_BOUNDARY — Prompt cache split marker in the system prompt that separates static (cacheable) from dynamic (per-request) portions. Id
SYSTEM_PROMPT_DYNAMIC_BOUNDARY — Marker in prompts.ts that splits the system prompt into a static (cacheable) prefix and a dynamic (session-specific) suf
Sandbox Dangerous-Path Bypass (rm/rmdir) — Security bug patched in v2.1.115/116: when sandbox auto-allow mode was active (the default in many team configurations),
Science Vertical Product Lineage — Anthropic's multi-year vertical-application stack culminating in Operon/Epitaxy: AI for Science (2025) -> Claude for Lif
ScopedMcpServerConfig Type — TypeScript type in src/services/mcp/types.ts that represents an MCP server configuration entry carrying its scope (proje
Screenshot Base64 Cost — Per Kangraemin proxy analysis: a single screenshot attachment adds hundreds of kilobytes to the Claude Code API request
Second-Generation Ceiling — The fundamental architectural limit Nam names: Claude Code represents the pinnacle of 2nd-generation agents â€” prompts
Self-Contained Worker Context Principle — Convergent principle: multi-agent parallelism is reliable only when workers receive specific, bounded instructions rathe
Service Layer — The collection of external integrations and shared services at src/services/. Encompasses 18+ distinct service modules i
Service Layer — The collection of external integrations and shared services at src/services/. Encompasses 18+ distinct service modules i
Seven-Component High-Level Architecture — The paper's structural decomposition of Claude Code into seven components connected by a left-to-right data spine: (1) U
Shared Failure Modes in Defense-in-Depth — Paper's thesis that layered safety architecture rests on an independence assumption that can fail when layers share comm
Silent Model Downgrade — Confirmed source-level behavior: after MAX_529_RETRIES consecutive 529 errors the client throws FallbackTriggeredError a
Six Orchestration Patterns — Community-cataloged patterns: Orchestrator (central AI plans/delegates/reviews, never writes code), Fan-Out/Fan-In (para
Six Orchestration Patterns — Community-cataloged patterns: Orchestrator (central AI plans/delegates/reviews, never writes code), Fan-Out/Fan-In (para
Skill Tool Built-in Slash Command Invocation — v2.1.108 capability: the model can now discover and invoke built-in slash commands (/init, /review, /security-review) vi
Slash Command Execution Surface — Two-surface invocation model for slash commands: (1) from the Ink REPL when user types '/' followed by command name, and
Sleep-Time Compute — The UC Berkeley paper (arXiv:2504.13171, April 2025) demonstrating that LLMs can pre-compute inferences during idle time
Sleep-Time Compute — The UC Berkeley paper (arXiv:2504.13171, April 2025) demonstrating that LLMs can pre-compute inferences during idle time
Speculation Safety Envelope — The explicit policy bounding what speculative execution may do: write-permitted tools restricted to Edit/Write/NotebookE
Stalled Stream Auto-Abort — v2.1.105 watchdog: API streams that stall for more than 5 minutes are auto-aborted and retried. Eliminates the 'infinite
Startup Context Tax Crisis — Documented context overhead problem: developers installing 7+ MCP servers (GitHub + PostgreSQL + AWS core/docs/CDK/prici
State-Machine Loop Pattern (Not Recursion) — Architectural decision to structure the agent iteration as a while-loop state machine instead of a recursive call tree,
Statusline-Setup Subagent — Built-in subagent specialized for terminal status line configuration.
Straiker Compaction-Persistence Attack Model — Formal threat model published by AI security firm Straiker: because the leak exposes the four-stage compaction pipeline'
StreamAccumulator (Stage 3 Streaming Representation) — Third stage of the Three-Stage Message Pipeline. Holds the partial in-flight API message, the list of content-block delt
Streaming Tool Execution 40% Speedup — Performance pattern where StreamingToolExecutor launches tools while the LLM is still generating. Typical 5-tool turn co
Streaming Tool Execution Parallelism — Design where tool invocations are executed as their definitions stream in from the model â€” not after the full model re
Streaming Watchdog Bug Chain — A three-bug compound failure that caused the majority of observed stream hangs: (1) watchdog initializes AFTER the dange
Strict Write Discipline — Invariant that the agent only updates its memory index after a confirmed successful file write, so failed writes cannot
Sub-Agent Context Isolation Property — Architectural property of Claude Code's sub-agent spawning: each sub-agent receives no conversational context from the p
Sub-Agent TTL Binary Cutover Pattern — Silent-rollout pattern fingerprint distinguishing server-side policy flip from all other explanations: a single-day bina
Summary-Only Subagent Return Model — Only a subagent's final response text and metadata return to the parent conversation context; full subagent history neve
Supply Chain Cascade Timeline (March 24 - April 3) — Coder.com's mapping of the Claude Code leak as one node in a multi-event cascade compressing months of supply chain expo
System Prompt Assembly — Cache boundary placement, two-tier prompt structure, DANGEROUS_ naming convention. 15-40K hidden tokens compiled before
System Prompt Simplicity Bias — Documented design decision in the external user system prompt to favor simple over best-practice implementations (~5:1 r
System Reminders — 40+ behaviorally-specific short instructions that fire at tool boundaries, pre-compaction, pre-commit, etc. Added Januar
Tab-Acceptance Pipelining — Latency-hiding mechanism in the speculation engine: if the user presses Tab after a prediction has completed, the respon
Telemetry Default-On Asymmetry by Endpoint — Claude Code's telemetry default posture differs by inference endpoint: Anthropic API direct is enabled by default; AWS B
Tengu — Product/telemetry codename prefix used throughout Claude Code. Drives 250+ analytics events and feature flag names (e.g.
Thinking Hash System — Server-side reasoning-preservation mechanism: Anthropic computes a hash of the true thinking trace, stores the trace in
Thinking Hints System — System injecting progress text during the extended-thinking phase. v2.1.107 (April 14 06:11 UTC) shipped the fix to fire
Thinking Signature Field Proxy — Measurement technique using the length of the redacted thinking 'signature' field as a proxy for thinking content length
Thinking-Signature Resume Tax — Quantified tax on long extended-thinking sessions (GitHub #42260): when resuming, encrypted thinking-block signatures fr
Thread Taxonomy — Community-developed framework classifying agent work units into seven thread types: Base (single prompt), P-thread (para
Thread Taxonomy — Community-developed framework classifying agent work units into seven thread types: Base (single prompt), P-thread (para
Three Extension Injection Points — From the design guide: every agent loop has three places where extensions can intervene. (1) assemble() — what the model
Three Meta-Patterns of Claude Code — The design guide's meta-synthesis across the six decisions: (1) graduated layering over monolithic mechanisms (safety, c
Three Persistence Channels — Claude Code persists session state across three independent channels: session transcripts (project-scoped JSONL, one per
Three Slash-Command Types — Claude Code slash commands are one of three types. PromptCommand formats a prompt and hands it to the LLM with injected
Three View Modes (Verbose/Normal/Summary) — Desktop Epitaxy rebuild exposes three levels of tool-call transparency: Verbose shows every tool invocation and argument
Three-Generation Agent Taxonomy — Nam's taxonomy placing Claude Code at the 2nd-gen peak. 1st gen: human writes, AI suggests (Copilot autocomplete). 2nd g
Three-Layer Claude Code Extension Stack — Blake Crosley's architectural diagram of the Claude Code extension system as three stacked layers: (1) Core Layer — main
Three-Layer Compression Hierarchy — Three-level context compression hierarchy triggered by budget usage. MicroCompact (~80%): zero-API-call direct cache edi
Three-Layer Frustration Detection System — Production instrumentation stack for detecting user dissatisfaction: (1) zero-latency regex classification on every user
Three-Model Subagent Execution Matrix — Cross-dimension comparison of the three subagent delegation models confirmed by the leak: Fork (one-way, hierarchical, 1
Three-Vector Leak Pattern — The systemic pattern of three Claude Code source leaks in 13 months via three distinct vectors: (1) inline base64 source
Tick Prompt System — Mechanism that injects synthetic 'tick' prompts into the agent's conversation between user messages, keeping it alive an
Tiered Enforcement Architecture — Community-consensus enforcement stack for complex projects that emerged from synthesis across issues #42863, #44461, #45
Token Doubling Effect — The hidden cost phenomenon where extractMemories fires a separate Opus API call after every turn, transmitting the entir
Token Doubling Effect — The hidden cost phenomenon where extractMemories fires a separate Opus API call after every turn, transmitting the entir
Tokenizer-Effort-Cache Cost-Multiplier Model — Analytical framing (Finout, Vellum) treating effective Opus 4.7 cost as a product of three multipliers: tokenizer overhe
Tool Interface Contract — Core contract in src/Tool.ts (~29K LOC file combining tool types + permission system) that every tool must satisfy. Fiel
Tool Pre-filtering Safety Layer — Safety layer 1 of 7: blanket-denied tools are removed from the model's view entirely via filterToolsByDenyRules() at too
Tool Registry Gating Taxonomy — Four-category classification of tools as they appear in src/tools.ts: (1) Always-available — unconditionally imported; (
Tool Result Budget — Layer 1 of the compaction hierarchy: per-tool-call truncation applied before the tool output enters the conversation con
Tool Result Storage — Mechanism for offloading large tool outputs to temporary disk files. Conversation holds references, not content. Prevent
Tool System — The framework for defining and registering agent tools. Every tool lives in src/tools// as a self-contained mo
Tool System — The framework for defining and registering agent tools. Every tool lives in src/tools// as a self-contained mo
Trusted Device Token — Elevated-security-tier header token (X-Trusted-Device-Token) that enrolls a specific device for higher-privilege bridge
Two-Version Output Efficiency Directive — Conditional branch in the Claude Code system prompt that renders structurally different Output Efficiency text for Anthr
UDS Inbox (Fabricated Feature) — Widely reported but completely fabricated feature. Zero references found in the 512K-line codebase. Enterprise decisions
ULTRAPLAN State Machine (running/needs_input/plan_ready/approved/rejected) — The full five-state ULTRAPLAN lifecycle: running (remote cloud browser session researching/planning) → needs_input (bloc
ULTRAPLAN Three Variants — Three ULTRAPLAN execution modes captured by Piebald-AI tracker at v2.1.88. one_shot: single Opus 4.6 pass, 10-15 minutes
USER_TYPE === 'ant' Gate — Feature-flag gate in Claude Code that exclusively enables the speculation engine for Anthropic employees. Reflects token
UltraPlan Third Execution Context — Architectural clarification of UltraPlan: it adds a third execution context separate from local terminal and local sessi
Ultraplan Web-Fallback Hide Fix — v2.1.113 plan-mode improvement: hides 'Refine with Ultraplan' when the user's org or auth cannot reach Claude Code on th
Velocity-Pressure Code Pattern — Anti-pattern diagnosis: features added to the safest-feeling existing location rather than extracted into new modules, p
Verification Agent Gate — Conditional system-prompt section (rendered only when verification_agent feature is enabled and AgentTool available) tha
Verification Subagent — Built-in subagent specialized for running validation checks such as test suites and linting.
W3C TRACEPARENT Propagation — Integration where any subprocess Claude invokes that reads the TRACEPARENT environment variable parents its OTel spans u
WebFetch CSS/JS Stripping — v2.1.105 preprocessing step: strips