A research project exploring how modern agentic AI coding assistants work under the hood. This repository contains our best understanding of the prompt architecture, agent coordination patterns, and security mechanisms that power tools like Claude Code.
Everything here is based on behavioral observation, output analysis, community discussions, and publicly shared information. These are reconstructed approximations, not verbatim copies. The actual implementation may differ significantly.
This is an educational deep-dive into the design patterns behind agentic coding assistants. We analyze how these systems:
- Assemble dynamic system prompts at runtime
- Coordinate multiple specialized sub-agents
- Classify and auto-approve tool calls safely
- Manage context windows through intelligent compaction
- Handle memory, skills, and user preferences
The goal is to help AI engineers, researchers, and builders learn from these architectural patterns and apply them in their own projects.
This is not a leak, dump, or direct copy of any proprietary system. The prompts documented here are our best reconstructions based on observable behavior. They represent one interpretation of how these systems likely work.
| # | Pattern | Description |
|---|---|---|
| 01 | Main System Prompt | How the master prompt is dynamically assembled from modular sections |
| 02 | Simple Mode | Minimal prompt variant for lightweight operation |
| 03 | Default Agent Prompt | Base instructions inherited by all sub-agents |
| 04 | Cyber Risk Instruction | Security boundaries between authorized and prohibited actions |
| # | Pattern | Description |
|---|---|---|
| 05 | Coordinator System Prompt | Multi-worker orchestration with phased workflows |
| 06 | Teammate Prompt Addendum | Communication protocols for multi-agent collaboration |
| # | Pattern | Description |
|---|---|---|
| 07 | Verification Agent | Adversarial testing agent that validates implementations |
| 08 | Explore Agent | Read-only codebase exploration with no-modify constraints |
| 09 | Agent Creation Architect | Generates new agent configurations from requirements |
| 10 | Status Line Setup Agent | Terminal status line configuration across shells |
| # | Pattern | Description |
|---|---|---|
| 11 | Permission Explainer | Risk assessment before tool approval |
| 12 | Auto Mode Classifier | Multi-stage security classifier for autonomous tool execution |
| # | Pattern | Description |
|---|---|---|
| 13 | Tool-Specific Prompts | How individual tools (Bash, Edit, Agent, etc.) describe themselves |
| # | Pattern | Description |
|---|---|---|
| 14 | Tool Use Summary | Generating concise labels for completed tool batches |
| 15 | Session Search | Semantic search across past conversation sessions |
| 16 | Memory Selection | Selecting relevant memory files for query context |
| 17 | Auto Mode Critique | Reviewing user-written classifier rules |
| 20 | Session Title | Lightweight title generation for session management |
| 29 | Agent Summary | Background progress updates for sub-agents |
| 30 | Prompt Suggestion | Predicting likely user follow-up commands |
| # | Pattern | Description |
|---|---|---|
| 21 | Compact Service | Conversation summarization strategies for long sessions |
| 22 | Away Summary | Brief session recaps for returning users |
| # | Pattern | Description |
|---|---|---|
| 18 | Proactive Mode | Autonomous background operation with pacing controls |
| 23 | Chrome Browser Automation | Browser extension integration patterns |
| 24 | Memory Instruction | Hierarchical memory loading and override semantics |
| # | Pattern | Description |
|---|---|---|
| 19 | Simplify Skill | Multi-agent parallel code review pattern |
| 25 | Skillify Skill | Interview-based skill creation workflow |
| 26 | Stuck Skill | Session diagnostic and recovery patterns |
| 27 | Remember Skill | Memory organization and promotion workflow |
| 28 | Update Config Skill | Configuration management patterns |
Based on our analysis, the system prompt appears to be assembled through a pipeline of modular builders:
Prompt Assembly Pipeline
|
| Cacheable Prefix (stable across sessions)
|-- Identity and safety instructions
|-- Permission and hook configuration
|-- Code style and error handling rules
|-- Tool preferences and usage patterns
|-- Tone, style, and output rules
|
| Cache Boundary
|
| Dynamic Suffix (changes per session)
|-- Available agents and skills
|-- Memory file contents
|-- Environment context (OS, directory, git state)
|-- Language and output preferences
|-- Active MCP server instructions
|-- Context window management directives
The auto-approval system appears to use a multi-stage approach:
- A base classifier with predefined rules for safe and unsafe operations
- User-configurable overrides that can extend or restrict the defaults
- A fast first pass, with extended reasoning as fallback for ambiguous cases
Loading Order (earliest = lowest priority):
|
|-- Enterprise/managed configuration
|-- User global preferences
|-- Project-level instructions (shared)
|-- Project rules directory
|-- Local overrides (private, not committed)
|
| Supports transitive file inclusion
| Conditional injection via path-based filtering
This research is useful for:
- AI engineers building their own agentic coding tools
- Prompt engineers studying production-grade prompt architectures
- Security researchers understanding how autonomous AI tools manage permissions
- Students and educators learning about multi-agent system design
claude-code-system-prompts/
README.md
prompts/
01-30 documented patterns (see catalog above)
This is an independent research project. All content represents our analysis and approximations based on publicly observable behavior. This project is not affiliated with, endorsed by, or connected to Anthropic. All trademarks belong to their respective owners. If any content owner has concerns, please open an issue and we will address it promptly.