Video
Source: I found SECRET features Claude Code is hiding (LEAK) by Ras Mic
Executive Summary
When Claude Code's source code leaked via an npm map file, developer Ras Mic made a deliberate choice: no lines of code shown on screen. Instead, he works entirely from a Mintify-generated documentation file (credited to developer Vini) that describes how Claude Code actually works — its agentic loop, context assembly strategy, tool execution model, and permission system. It is as close to an authoritative teardown of Claude Code's internals as the community has produced without Anthropic's blessing.
The first half of the video is foundational — the mechanics of how a message becomes an action, how context is built and memoized, how permissions gate every tool call, and how sub-agents fit into the system. This is the plumbing most developers interact with daily but never see directly. The second half is the headline content: a catalog of unreleased features discovered in the codebase, ranging from voice mode and SSH remote development to a background memory consolidation system called AutoDream and a companion creature feature called Buddy.
Taken together, the video reveals that Anthropic is building toward a much more autonomous, persistent, and collaborative version of Claude Code — one that can run on remote infrastructure, sync memory across teams, coordinate fleets of agents, and interact with users through voice and chat platforms. Most of these features are already in the codebase, waiting to ship.
Key Takeaways
- The agentic loop is a tight cycle: User message → context assembly → model reasons and selects tools → permission check → tool executes → results appended → loop repeats until no tool calls remain.
- Context is memoized per conversation: Claude Code builds two context blocks at the start of every session — system context (git branch, last 5 commits, working tree status) and user context (CLAUDE.md, current date) — and caches them for the conversation's duration.
- Three permission modes control tool execution: Bypass (dangerouslySkipPermissions) auto-approves everything; Accept Edits (Shift+Tab) auto-approves file edits but prompts on bash; default mode prompts on every significant action. Read-only tools (Read, Glob, Grep) are auto-approved in all modes.
- Sub-agents run isolated nested loops: Each sub-agent gets its own conversation and tool set. Only the result flows back to the parent — not the intermediate steps. Parent agents don't know how a sub-agent arrived at its output.
- Background vs. foreground agents are distinct primitives: Foreground agents block the parent until complete; background agents run async and notify on completion. You can explicitly request either in your prompt.
- A Jupyter notebook tool exists and is largely undiscovered: Claude Code can read and edit cells in
.ipynbfiles directly — a capability most users have never tried. - A wave of unreleased features is already in the codebase: Voice mode, SSH remote development, AutoDream background memory, cron scheduling, remote triggers, team memory sync, MCP channels (Discord/Slack/SMS), ultra plan mode, and a Buddy companion creature are all present and staged for release.
Detailed Analysis
The Agentic Loop: How Claude Code Actually Processes a Message
The core mechanism is a loop, and understanding it clarifies almost everything else about how Claude Code behaves.
When a user sends a message — whether through the interactive terminal or via --print flag — Claude Code does not immediately call the model. First, it assembles context. The assembled package includes a system prompt with the current date, git status, recent commit history (last 5 commits, truncated to 2,000 characters), and the full list of available tools. This package, plus any CLAUDE.md memory files, is prepended to every API call. Critically, both blocks are memoized using an internal function called lo-ash-memoize — they are computed once and cached for the duration of the session.
Once the context is assembled, it is sent to the Anthropic API. The model reasons about the task and emits tool use blocks — structured JSON that specifies a tool name and its arguments. Claude Code then runs a permission check before executing each one. If approved, the tool runs and its results (file contents, command output, search hits) are appended to the conversation as tool result blocks. The model then receives those results and either calls more tools or produces a final text response. The loop repeats until no tool calls remain.
This is the complete picture of what an agent is at the mechanical level. The loop is also why context window management matters so much — every tool call result, every appended turn adds to the running total.
One detail worth noting: in remote/cloud mode (CLAUDE_CODE_REMOTE=1), the git status step is skipped entirely — consistent with the fact that there's no local repository to inspect.
Tool Execution and the Permission System
Claude Code does not run tools silently. Every tool has a checkPermissions method that determines the outcome before execution. The result is one of three states: allowed (runs immediately), asked (Claude pauses and renders a confirmation dialog), or denied (tool does not execute).
The active permission mode controls the default behavior:
- Bypass mode (
--dangerouslySkipPermissions): all checks are skipped, everything runs - Accept Edits mode (Shift+Tab in the terminal): file edit tools are auto-approved, but bash commands still prompt
- Default mode: prompt on every consequential action
One class of tools is always auto-approved regardless of mode: read-only operations including Read, Glob, and Grep. Since these can't modify state, they never require user confirmation.
The Full Tool Inventory
The leaked documentation surfaces the complete list of tools Claude Code ships with, several of which are less commonly known:
- File tools: Read, Edit, Write (create or fully overwrite), Glob (pattern-matched file search)
- Bash tool: arbitrary shell command execution
- Search tools: Grep, directory listing
- Web Fetch: fetch and extract content from URLs or run web searches
- Task/Agent tool: spawn sub-agents (the internal tool name is
agent, nottask) - TodoWrite: the to-do list management tool that produces Claude Code's step-by-step task tracking
- MCP tool: interface with any connected MCP server
- Notebook tool: read and edit cells in Jupyter
.ipynbfiles
The notebook tool is the surprise entry. Ras Mic notes he was unaware of it before reviewing the documentation — and it is likely underused by the broader community.
Sub-Agents: Architecture and Behavior
Sub-agents are nested agentic loops. Each sub-agent runs its own isolated conversation with its own tool set, which can be a restricted subset of the parent's tools. Sub-agents can run locally in-process or on remote compute. When complete, they return results to the parent agent — not the steps taken to produce them.
This isolation is architecturally important: the parent cannot observe a sub-agent's reasoning process, only its output. This keeps the parent's context window clean and makes sub-agents useful for both parallelism (run two agents simultaneously) and sandboxing (explore a solution without polluting the main context).
Claude Code decides autonomously when to spawn sub-agents based on the nature of the task. It will spawn them for parallel independent work, specialized tasks (like a dedicated code review agent), long-running background research, and isolated exploration of alternative solutions. It will not spawn them for simple tasks it can complete in a few tool calls.
Two sub-agent modes are available: foreground (default — parent waits for completion before proceeding) and background (parent continues working; receives a notification when the agent finishes). You can explicitly request either mode in your prompt (e.g., "run the integration tests in the background while you implement the next feature").
Hooks: Scripting Around the Loop
Hooks allow users to attach custom logic to specific events in the agentic loop. A hook can be a shell script, an HTTP endpoint, or an LLM prompt. The available hook events include: before tool execution, after tool execution, after a tool error, before Claude concludes a response, and before a sub-agent concludes a response.
The practical use is broad — send a webhook when Claude finishes a task, log all tool calls to a file, trigger a notification when an agent errors out, or have a separate LLM review Claude's response before it's displayed. Hooks are configured via the /hooks slash command inside Claude Code.
Unreleased Features in the Codebase
The second half of the video is a catalog of features present in the leaked source that have not yet shipped publicly.
Agent Teams — already available under an experimental flag; orchestrates multiple Claude Code sessions. (Searching "Claude agent teams" on Google surfaces the feature page.)
Voice Mode — hold-to-talk voice input using Anthropic's voice stream WebSocket endpoint for speech-to-text.
SSH Remote Development — run Claude Code on a remote host over SSH.
Direct Connect / Session Server — a persistent Claude Code session exposed via HTTP or Unix socket, with configurable timeouts and max session limits.
Hidden CLI Flags — --teleport resumes a teleport session; --remote creates a remote session; --remote-control starts an interactive session with remote control enabled. Remote control launched recently; teleport status is unclear.
MCP Channels — MCP servers can push messages directly into Claude Code sessions, with first-class support for chat platforms: Discord, Slack, and SMS.
Buddy — a small animated creature with a species and a name, rendered behind the user's input box. It occasionally comments in a speech bubble. Ras Mic draws the comparison to Clippy or OpenClaw's agent personalities.
Away Summary — after the terminal has been inactive for 5 minutes, Claude auto-generates a 1–3 sentence recap of what was in progress and what the next step is, using a small fast model.
Built-in Terminal Panel — an embedded terminal inside Claude Code, toggled by a configurable keybind.
Ultra Plan Mode — multi-agent planning that offloads exploration to Claude Code on the web, builds prompts from project files, polls for approval to exit plan mode, and can execute on remote or teleport archive. Uses Opus 4.6 by default with a 30-minute timeout.
Advisor — a server-side tool where a second model reviews and advises on the primary model's work before it's returned.
Task Budget — a configurable token budget for tasks.
Remote Skill Discovery — skills can be fetched from a remote registry using a discoverSkills call.
Team Memory Sync — shared memory files synced between local file system and Anthropic's server API, scoped to a GitHub repository. Enables teams working on the same codebase to share persistent agent memory.
Files API Client — integration with Anthropic's public files API.
Cron Scheduling — built-in scheduling for recurring agent tasks, positioning Claude Code more directly against tools like OpenClaw.
Remote Triggers — HTTP-based remote trigger management with OAuth, enabling creation, listing, updating, and running of remote scheduled agents.
AutoDream — a background memory consolidation system. After enough sessions accumulate, a forked sub-agent reviews session transcripts, distills them into memory files, and writes them to disk — protected by a lock to prevent concurrent consolidation. Anthropic calls it "dream," which Ras Mic notes is quite fitting.
Coordinator Mode — multi-agent orchestration where one Claude instance coordinates tool use across multiple agents.
Proactive Mode — autonomous agent behavior using a sleep tool, allowing Claude to work without user input on a schedule.
Computer Use / Web Browser Tool — an embedded browser UI; computer use launched recently, browser UI is still pending.
Message Actions — fork sub-agent, context collapse, and other in-message actions not yet detailed publicly.
Timestamped Topic Outline
| Timestamp | Topic |
|---|---|
| 0:00 | Introduction — the leak, methodology (no code shown), Mintify docs approach |
| 1:01 | The agentic loop — message → context → model → permissions → tools → loop |
| 3:06 | Context loading — system context (git) and user context (CLAUDE.md, date), memoization |
| 4:37 | Sponsor segment (Macroscope) |
| 6:13 | Tool execution model — permission modes: bypass, accept edits, default |
| 7:09 | Sub-agents — nested loops, isolated context, results-only return to parent |
| 8:37 | Full tool inventory — file, bash, search, web, task/agent, todo, MCP, Jupyter notebook |
| 9:46 | Hooks — events, use cases, configuration via /hooks |
| 10:56 | Multi-agent workflows — when Claude spawns agents, parallelism and specialization |
| 11:54 | Foreground vs. background agents |
| 12:32 | Unreleased features — Agent Teams, Voice Mode, SSH remote dev |
| 13:04 | Session server, hidden CLI flags, MCP channels |
| 13:57 | Buddy, Away Summary, built-in terminal panel |
| 14:34 | Ultra Plan Mode, Advisor, Task Budget |
| 15:11 | Remote skill discovery, Team Memory Sync, Files API |
| 15:36 | Cron scheduling, Remote Triggers, AutoDream |
| 16:46 | Coordinator mode, Proactive mode, Computer Use, Message Actions |
| 17:15 | Closing thoughts |
Sources & Further Reading
- Mintify Documentation — generated from the Claude Code codebase by developer Vini; linked in the video description. The primary source for all technical details in this video.
- Macroscope — PR description writer and AI code review tool (video sponsor); referenced for automated bug detection in CI workflows.
- Ras Mic's Claude Code Skills video — dedicated breakdown of the skills system; linked in the video description.
- Claude Agent Teams — experimental feature; searchable on Google as "Claude agent teams" for the official feature page.