:PROPERTIES:
:ID:       512dd121-2292-4f3d-ac53-31bf3d12a60f
:CREATED:  [2026-05-22 Thu]
:END:
#+title: Claude Code — Anthropic AI Coding Agent
#+filetags: :passepartout:strategy:competitive:claude-code:

Anthropic's proprietary coding agent. TypeScript/Bun, ~512K lines (leaked source analysis). Not open source.

Architecture: Bun-bundled TypeScript single-file executable. Ink/React terminal UI. 23+ core tools. Subagent forking with byte-identical API prefixes for prompt cache sharing. Multi-agent coordination mode.

Safety model: Layered deterministic safety — NOT prompt-based: 7 permission modes, persistent permission rules (alwaysAllow/alwaysDeny/alwaysAsk from 4 sources), bash security validator at 2,592 lines with 23+ named security checks using tree-sitter AST parsing, sandbox runtime, path/mode validation, optional ML bash classifier. This is the most sophisticated safety system of any coding agent analyzed.

Data model: File-based markdown memdir at ~/.claude/projects/<slug>/memory/. 4 memory types: user, feedback, project, reference. YAML frontmatter in .md files. PROJECT.md and CLAUDE.md for project config. No database.

Self-modification: HIGH. Skill system writes SKILL.md files. Plugin system, cron scheduling, agent spawning.

Verification: None.

Key gap vs Passepartout: No proof system, no neurosymbolic architecture, no self-verification, no persistent knowledge graph (flat markdown files, not Org-mode with cross-references), markdown data model lacks semantic depth. Proprietary — Anthropic controls it completely. The permission rules system is impressive but structurally inferior to Passepartout's gate stack because rules are heuristic (regex-based pattern matching) rather than typed (type-level gates with structural guarantees).

See the full [[id:3aa22300-2f25-57b0-8787-9f199cc978b1][competitive analysis]] for the landscape view and comparison.