A new arXiv paper tears open Claude Code and lays out exactly how Anthropic's agentic coding tool is put together — and where it diverges from the competition.
The researchers analyzed Claude Code's publicly available source code and compared it against two independent open-source systems, OpenClaw and Hermes Agent. At its core, Claude Code is a while-loop: call the model, run tools, repeat. The interesting parts live around that loop — a permission system with seven modes and an ML-based classifier, a five-layer context compaction pipeline, a subagent delegation and orchestration mechanism for farming out work to child agents, and four extensibility hooks (MCP, plugins, skills, and hooks). The paper traces all of this back to five motivating values: human decision authority, safety and privacy, reliable execution, capability amplification, and contextual adaptability.
The three-way comparison is where the paper earns its keep. At the safety layer, Claude Code checks each action individually; OpenClaw draws a perimeter around what the agent can touch at all; Hermes surfaces per-action approvals across multiple interfaces. At the runtime layer, Claude Code runs as a single CLI loop, OpenClaw embeds its runtime inside a gateway control plane, and Hermes launches one process whose role is determined by its entry point. At the context and extension layer, Claude Code stretches the context window, OpenClaw registers capabilities gateway-wide, and Hermes lets you swap in different memory and model backends. Three systems, three coherent but distinct philosophies shaped by their deployment contexts.
The paper closes with six open design directions — a useful reminder that even a mature shipping product still has unresolved architectural questions, which is either reassuring or alarming depending on how much code you let it touch.