The first architecture deep-dive, hidden feature catalog, and cost optimization guide for Claude Code — based on v2.1.88 source analysis (1,884 files, 132K lines of TypeScript).

中文版 | English

On March 31, 2026, Claude Code's TypeScript source (1,884 files, ~132K lines) was exposed through an unstripped .map file in the npm package. This repository includes the complete restored source code in src/ plus original analysis. This project extracts actionable insights — architecture patterns, hidden features, cost optimization, and best practices — all with source file references.

• System Prompt (Complete Reconstruction)
• 87 Hidden Feature Flags
• 15 Hidden Slash Commands
• 25 Internal-Only Commands
• Undercover Mode (How Anthropic Hides AI Attribution)
• Cost Optimization (10 Tips from Source)
• Architecture Diagrams
• Claude Code vs Cursor vs Cline
• Telemetry & Privacy
• Remote Control & Killswitches
• Future Roadmap (Unreleased Features)
• CLAUDE.md Best Practices

Full document | Source: src/constants/prompts.ts, src/utils/systemPrompt.ts

Priority 0: Override (loop mode, testing)        ← highest
Priority 1: Coordinator (multi-worker orchestration)
Priority 2: Agent (subagent definitions)
Priority 3: Custom (--system-prompt flag)
Priority 4: Default (standard Claude Code)       ← lowest
         + appendSystemPrompt (always appended unless override)

The system prompt is 9 major sections:

1. Identity — "You are an interactive agent that helps users with software engineering tasks"
2. System Rules — Tool execution, permission modes, prompt injection detection
3. Task Execution — The most detailed section:
   • Read code before modifying (mandatory)
   • Don't add unrequested features/refactoring
   • Don't create helpers for one-time operations
   • "Three similar lines of code is better than a premature abstraction"
   • Avoid OWASP Top 10 vulnerabilities
4. Careful Actions — Destructive operations need user confirmation (rm -rf, force push, etc.)
5. Tool Usage — Use dedicated tools (Read/Edit/Glob/Grep) instead of Bash
6. Tone — No emojis, concise, file_path:line_number format
7. Output Efficiency — "If you can say it in one sentence, don't use three"
8. Cache Boundary — __SYSTEM_PROMPT_DYNAMIC_BOUNDARY__ splits static/dynamic parts
9. Environment — CWD, platform, model name, knowledge cutoff

The prompt is split by __SYSTEM_PROMPT_DYNAMIC_BOUNDARY__:

• Before boundary (static): Cached globally, saves tokens on repeat calls
• After boundary (dynamic): User/session-specific, recalculated each time (memory, MCP, language, etc.)

Full document | Source: src/commands.ts, various

These are compile-time switches via bun:bundle feature(). Most are dead-code-eliminated in the public npm build.

Runtime flags use tengu_ + random word pairs to deliberately hide their purpose:

tengu_frond_boric       → Analytics killswitch (Datadog/FirstParty)
tengu_passport_quail    → Memory extraction gate
tengu_moth_copse        → Memory extraction enable
tengu_bramble_lintel    → Memory extraction frequency
tengu_cicada_nap_ms     → Background refresh throttle
tengu_slate_prism       → Connector text summarization
tengu_amber_json_tools  → JSON tool format (token-efficient)
tengu_tool_pear         → Structured output (strict tools)

Source: src/commands.ts

These require specific feature flags to appear:

Condition: USER_TYPE === 'ant' && !IS_DEMO

Full document | Source: src/utils/undercover.ts

When Anthropic employees (USER_TYPE=ant) work in public repositories, Claude Code automatically hides all internal information.

isUndercover() check:
  USER_TYPE !== 'ant' → always OFF (external users unaffected)
  USER_TYPE === 'ant' →
    CLAUDE_CODE_UNDERCOVER=1 → forced ON
    Repo in internal allowlist → OFF
    Repo is public/unknown → ON (safe default)

There is NO force-OFF option. If Claude Code can't confirm it's an internal repo, undercover stays ON.

## UNDERCOVER MODE — CRITICAL

You are operating UNDERCOVER in a PUBLIC/OPEN-SOURCE repository.
NEVER include in commit messages or PR descriptions:
- Internal model codenames (Capybara, Tengu, etc.)
- Unreleased model version numbers
- Internal repo or project names
- The phrase "Claude Code" or any mention that you are an AI
- Co-Authored-By lines or any other attribution

anthropics/claude-cli-internal, anthropics/anthropic, anthropics/apps,
anthropics/casino, anthropics/dbt, anthropics/dotfiles,
anthropics/terraform-config, anthropics/hex-export, anthropics/feedback-v2,
anthropics/labs, anthropics/argo-rollouts, anthropics/starling-configs,
anthropics/ts-tools, anthropics/ts-capsules, anthropics/feldspar-testing,
anthropics/trellis, anthropics/claude-for-hiring, anthropics/forge-web,
anthropics/infra-manifests, anthropics/mycro_manifests,
anthropics/mycro_configs, anthropics/mobile-apps

Source: src/utils/commitAttribution.ts lines 30-75

Full document | Sources: src/utils/modelCost.ts, src/utils/context.ts, src/services/compact/

Fast mode is 6x the price. Use it only for short, time-sensitive tasks.

Source: src/utils/modelCost.ts lines 36-69

Context window:        200,000 tokens
Auto-compact trigger:  ~167,000 tokens (200K - 20K output - 13K buffer)
Manual compact buffer:   3,000 tokens
Default max_output:      8,000 tokens (escalates to 64,000 on retry)
Session memory min:     10,000 tokens
Session memory max:     40,000 tokens
Post-compact restore:   50,000 tokens budget, 5 files max

Full document

sequenceDiagram
    participant User
    participant REPL
    participant Query as QueryEngine
    participant API as Claude API
    participant Tool as Tool Executor

    User->>REPL: Input message
    REPL->>Query: submitMessage()
    Query->>Query: Build system prompt (5-layer priority)
    Query->>Query: Load CLAUDE.md + Memory
    Query->>API: messages.create(stream)

    loop Tool Loop
        API-->>Query: tool_use response
        Query->>Tool: Permission check → Execute
        Tool-->>Query: Tool result
        Query->>API: Continue with result
    end

    API-->>REPL: Final text response
    Query->>Query: Cost tracking + auto-compact check

Full document

40+ built-in tools across 4 permission levels:

Full document

4 modes: Default (ask) → Plan (read-only) → Auto (smart judge) → Bypass (allow all)

Full document

Main Thread → Agent tool → Subagent (fresh context, isolated)
                        → Subagent (can use different model)
                        → Subagent (can run in git worktree)

Subagent model priority: CLAUDE_CODE_SUBAGENT_MODEL env > tool-specified > agent config > inherit parent

Full documents: vs Cursor | vs Cline | Feature Matrix

Full document | Source: src/services/analytics/

Claude Code → First-Party (api.anthropic.com/api/event_logging/batch)  [640+ event types]
           → Datadog (us5.datadoghq.com)                              [64 allowed events]
           → BigQuery Metrics (api.anthropic.com/api/claude_code/metrics)

• Environment: platform, arch, terminal, package managers, runtimes, CI detection
• User ID: device_id (de-identified), user_bucket (SHA256 % 30), session_id
• Events: session lifecycle, API calls (model, tokens, latency), tool usage, permission decisions, voice toggles
• NOT collected by default: user prompts (requires OTEL_LOG_USER_PROMPTS=1), full file paths (extension only)

DISABLE_TELEMETRY=1                              # Disable analytics
CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC=1       # Disable all non-API network

Full document | Source: src/services/remoteManagedSettings/

• Endpoint: {BASE_URL}/api/claude_code/settings
• Interval: Every 1 hour
• Cache: ETag-based with SHA256 checksum verification
• Failure mode: Fail-open (continues working with cached/default settings)

Data reporting, auto mode, permission bypass, polling frequency, event sampling, model routing, memory system, cache strategy, Bash classification, version limits.

Full document

Assessed by verifiable code metrics, not subjective percentages:

108 modules are dead-code-eliminated from the npm build and exist only in Anthropic's internal monorepo.

Full document | Source: src/context.ts

~/.claude/CLAUDE.md (global) + project/CLAUDE.md (project) + .claude/CLAUDE.md
  → Merged → Injected into system prompt dynamic section → Sent with EVERY request

# CLAUDE.md

## Tech Stack
- Language: TypeScript 5.x, strict mode
- Framework: Next.js 14, App Router
- Testing: vitest
- Package manager: pnpm

## Conventions
- Components: PascalCase, hooks: camelCase
- Commits: conventional commits (feat/fix/chore)

## Project Structure
- src/app/ — routes
- src/components/ — shared components
- src/lib/ — utilities

• Don't repeat system prompt rules (already hardcoded)
• Don't write long descriptions (wastes tokens every request)
• Don't paste API docs (let Claude read the actual files)
• Don't put TODO lists (use conversation, not CLAUDE.md)

Based on static source code reading of Claude Code v2.1.88:

• All numeric constants verified against source with file paths and line numbers
• Architecture diagrams are simplified — actual flow may have uncaptured edge cases
• Feature assessments use verifiable metrics (file count, LOC, cross-references)
• Cursor/Cline comparison uses public documentation; internals may differ
• No code was executed or tested at runtime

Found an error? Open an issue with the source file and line number.

• NOT affiliated with, endorsed by, or maintained by Anthropic
• All original source code is Anthropic's intellectual property
• For educational and security research purposes only
• No proprietary source code is redistributed — all content is original analysis

Analysis and documentation: MIT | Original Claude Code source: Anthropic (all rights reserved)