Learn & Master

Prompts

How Claude Code builds its system prompt, spawns agents, and how you can write better prompts

How the System Prompt is Built

Claude Code's system prompt is not a single static string. It's dynamically assembled from modular sections with a smart caching strategy. The file utils/systemPrompt.ts orchestrates everything.

Priority Check

buildEffectiveSystemPrompt() checks 5 priority levels in order:

Override — Loop mode replaces everything
Coordinator — If CLAUDE_CODE_COORDINATOR_MODE=1
Agent — If running as a sub-agent
Custom — If --system-prompt flag set
Default — The standard Claude Code prompt

Static Sections (Cached Globally)

Everything before __SYSTEM_PROMPT_DYNAMIC_BOUNDARY__ is identical for all users and cached across sessions:

Intro System Doing Tasks Executing Actions Using Tools Tone & Style Output Efficiency

Dynamic Sections (Per-Session)

Everything after the boundary is session-specific:

Session Guidance Memory Environment Info MCP Instructions Language Output Style Scratchpad

Prompt Section Details

The full prompt is defined in constants/prompts.ts (914 lines). Here are the key sections:

Identifies Claude as "Claude Code, Anthropic's official CLI for Claude." Sets the security policy and output style configuration.

You are Claude Code, Anthropic's official CLI for Claude.
You are an interactive agent that helps users with
software engineering tasks.

IMPORTANT: Assist with authorized security testing,
defensive security, CTF challenges, and educational
contexts. Refuse requests for destructive techniques...

Core guidelines for code generation:

Read before modify — Never propose changes to unread code
Minimal files — Don't create unless absolutely necessary
Security first — Avoid OWASP top 10 vulnerabilities
No gold-plating — Don't add features, docstrings, or refactoring beyond what's asked
No speculative abstractions — Three similar lines > premature abstraction
Diagnose before retry — Read the error, check assumptions

The reversibility principle — freely take local, reversible actions but confirm risky ones:

Destructive — rm -rf, git reset --hard, drop tables

Hard to Reverse — force-push, amend published commits

Visible to Others — pushing code, creating PRs, sending messages

Safe — editing files, running tests, reading code

Tool preference hierarchy:

// Instead of Bash commands, use dedicated tools:
Read    → NOT cat, head, tail, sed
Edit    → NOT sed, awk
Write   → NOT echo/cat heredoc
Glob    → NOT find, ls
Grep    → NOT grep, rg
Agent   → for complex multi-step research
TaskCreate → for tracking work

Key rule: Maximize parallel tool calls for independent operations.

Injected dynamically every session with:

# Environment
- Working directory: /path/to/project
- Is a git repository: true
- Platform: darwin
- Shell: zsh
- OS Version: Darwin 25.3.0
- Model: Claude Opus 4.6
- Knowledge cutoff: May 2025
- Claude Code availability: CLI, desktop, web, IDE

Two types of sections for efficient token usage:

// Cached until /clear or /compact
systemPromptSection('session_guidance',
  () => getSessionSpecificGuidanceSection(...)
)

// Re-computed every turn (breaks cache!)
DANGEROUS_uncachedSystemPromptSection(
  'mcp_instructions',
  () => getMcpInstructions(...),
  'MCP servers connect/disconnect'
)

The __SYSTEM_PROMPT_DYNAMIC_BOUNDARY__ marker splits globally-cacheable content from session-specific content.

Memory Injection

The memory system injects context from MEMORY.md files into the prompt:

// memdir/memdir.ts - loadMemoryPrompt()
1. Load MEMORY.md from project's .claude/ directory
2. Truncate to 200 lines max (warn if truncated)
3. Inject as dynamic system prompt section
4. Cache until /clear or /compact

// MEMORY.md format:
---
name: memory_name
description: one-line description
type: user|feedback|project|reference
---
Memory content here...

Limits: 200 lines, 25KB max. The Dream system auto-updates memory during sleep.

Agent Architecture

Agents are specialized AI sub-processes spawned via AgentTool. Each agent runs with its own context window, tools, and system prompt.

// AgentDefinition type
type AgentDefinition = {
  agentType: string       // "general-purpose", "Explore", "Plan"
  description: string     // User-facing purpose
  whenToUse: string       // When to spawn
  tools: string[]         // Allowlist (* = all)
  disallowedTools: string[]
  prompt: string          // Custom system prompt
  model: string           // inherit/sonnet/opus/haiku
  effort: number          // 1-5
  maxTurns: number        // Max iterations
  isolation: string       // worktree/remote
  memory: string          // user/project/local
  background: boolean     // Run in background
}

Built-in Agent Types

🤖

General-Purpose

Default

Research, search, multi-step tasks. Has access to ALL tools.

System Prompt: You are an agent for Claude Code... Complete the task fully — don't gold-plate, but don't leave it half-done.

Tools: All (*) Model: Inherit

🔍

Explore

Fast

File search specialist. READ-ONLY — cannot edit, write, or delete anything.

System Prompt: You are a file search specialist... READ-ONLY exploration task. Use Glob, Grep, Read.

Tools: Read-only (no Edit/Write/Agent) Model: Haiku Levels: quick / medium / very thorough

🛠

Plan

Architect

Software architect. Designs implementation plans, identifies critical files, considers trade-offs.

System Prompt: You are a software architect and planning specialist... READ-ONLY planning task.

Tools: Read-only Model: Inherit Output: Step-by-step plan

✅

Verification

Independent verification of implementations. Fresh eyes, no prior context bias.

Model: Inherit Purpose: Test & verify changes

📚

Claude Code Guide

Help

Teaches Claude Code usage. Answers questions about features, commands, and capabilities.

Model: Inherit Purpose: User education

⚙

StatusLine Setup

Config

Configures the status line display in the terminal.

Tools: Read, Edit only

How to Write Good Agent Prompts

From tools/AgentTool/prompt.ts (287 lines) — the official guidelines:

✔ DO

Brief the agent like a smart colleague who just walked in
Explain what, why, and what you've learned/ruled out
Include file paths, line numbers, exactly what to change
Give context for judgment calls
Include a 3-5 word description summarizing the task
Launch multiple agents in parallel for independent tasks
Use foreground when you need results before proceeding
Use background for genuinely independent work

✘ DON'T

Never delegate understanding — "based on your findings, fix it" is lazy
Don't peek at output_file — trust completion notification
Don't race — wait for notification before checking
Don't use agents for simple tasks (Read a file? Just use Read)
Don't search for a specific class? Use Glob/Grep directly
Don't duplicate work the agent is doing

Agent Prompt Examples

// Good: Specific, contextualized
Agent({
  description: "Fix auth token refresh",
  prompt: "The JWT refresh in src/auth/refresh.ts:45 is
    using the wrong endpoint. Change it from /v1/token
    to /v2/token. The migration was done in PR #234.
    Run the auth tests after fixing.",
  subagent_type: "general-purpose"
})

// Bad: Vague, lazy delegation
Agent({
  description: "fix the bug",
  prompt: "There's a bug somewhere in auth. Find and fix it."
})

Coordinator Mode

Multi-agent orchestration where a coordinator directs worker agents. Defined in coordinator/coordinatorMode.ts.

Research

Spawn parallel workers to investigate

Synthesis

Coordinator proves understanding — reads findings, crafts spec with file paths and line numbers

Implementation

Direct workers with exact instructions

Verification

Spawn fresh agent for independent review

Worker Results Format

<task-notification>
  <task-id>{agentId}</task-id>
  <status>completed</status>
  <summary>Fixed auth refresh endpoint</summary>
  <result>Changed /v1/token to /v2/token in...</result>
  <usage>
    <total_tokens>15432</total_tokens>
    <tool_uses>8</tool_uses>
    <duration_ms>45000</duration_ms>
  </usage>
</task-notification>

Key rule: "Never thank workers, never predict results."

How Tool Prompts Work

Each tool has a prompt.ts file that defines its description and usage instructions. These are injected into the system prompt so Claude knows how to use each tool.

// Pattern: src/tools/{ToolName}/prompt.ts
export const TOOL_NAME = "Read"
export const DESCRIPTION = `Reads a file from the
  local filesystem...`

// Some tools generate prompts dynamically:
export function getPrompt(context): string {
  return `...${context.features}...`
}

All Tool Prompts

BashTool prompt.ts: 370 lines

The largest tool prompt. Covers security, git safety, command patterns, and the entire commit/PR protocol.

Prefer dedicated tools — Don't use cat/grep/find/sed via Bash

Git safety — Never --no-verify, never force-push main, always new commits over amend

Parallel commands — Multiple Bash calls in one message for independent tasks

Sequential — Use && to chain dependent commands

Background — run_in_background: true for long-running commands

Sandbox — Default enabled, dangerouslyDisableSandbox to override

FileReadTool

Reads files with automatic format detection:

Text files → cat -n format with line numbers
Images (PNG, JPG) → Visual multimodal content
PDFs → Text extraction (max 20 pages per request)
Jupyter notebooks → All cells with outputs
Default limit: 2,000 lines. Use offset/limit for pagination

FileEditTool

Exact string replacement — no regex, no line numbers:

Must read file first — Prevents blind edits
old_string must be unique — Fails if ambiguous (prevents wrong-location edits)
Preserve indentation exactly as shown after line number prefix
replace_all: true for renaming variables

GrepTool

Ripgrep-powered search with 3 output modes:

files_with_matches — File paths only (default)
content — Matching lines with context (-A/-B/-C)
count — Match counts per file

multiline: true enables cross-line patterns with dotall mode.

AgentTool prompt.ts: 287 lines

Dynamic prompt that lists available agents, fork capabilities, and usage guidelines. See the Agents tab for full details.

WebSearchTool

Searches the web. MANDATORY: Include "Sources:" section listing all URLs as markdown links. Uses current year (2026) in queries.

WebFetchTool

Fetches and parses URLs to markdown. 15-minute self-cleaning cache. Non-preapproved domains limited to 125-char quotes. For GitHub, prefer gh CLI.

SkillTool

Invokes slash commands. Skills surfaced as "relevant to your task" reminders each turn. Char budget: ~1% of context window per skill.

SendMessageTool

Agent-to-agent communication:

// Continue a worker agent
{ "to": "researcher", "message": "check tests" }

// Broadcast to all agents
{ "to": "*", "message": "status update" }

// Cross-session messaging
{ "to": "bridge:session_01Ab...", "message": "..." }

Skills System

Skills are reusable prompt templates invoked via /command syntax. When invoked, the skill's prompt expands into full instructions.

// How skills are invoked:
Skill({ skill: "commit" })
Skill({ skill: "commit", args: "-m 'Fix bug'" })
Skill({ skill: "review-pr", args: "123" })
Skill({ skill: "ms-office-suite:pdf" })  // namespaced

Skill File Format

# .claude/agents/my-skill.md
---
description: "What this skill does"
whenToUse: "When user asks to..."
tools: ["Read", "Edit", "Bash"]
model: "sonnet"
---

You are a specialized agent for...
[Full prompt instructions here]

Built-in Skills

/commit

Create git commit with AI-generated message. Follows the full git safety protocol.

/commit-push-pr

Commit, push to remote, and create a pull request in one command.

/review-pr

Review a GitHub pull request with detailed feedback.

/simplify

Review changed code and suggest simplifications.

/fast

Toggle fast mode (same model, faster output).

/issue

Report model bugs directly to Anthropic.

/share

Upload session transcript for sharing.

Skill Sources

Bundled — src/skills/bundled/ — Ship with Claude Code
User — .claude/agents/ in your project — Custom per-project
Global — ~/.claude/agents/ — Available everywhere
Plugins — Installed via plugin system

Creating Custom Skills

Create a .md file in .claude/agents/ with YAML frontmatter:

Example: Code Review Skill

# .claude/agents/security-review.md
---
description: "Security-focused code review"
whenToUse: "When user asks for security review"
tools: ["Read", "Grep", "Glob", "Bash"]
---

You are a security-focused code reviewer. Analyze the
codebase for:

1. SQL injection vulnerabilities
2. XSS attack vectors
3. Authentication bypasses
4. Insecure dependencies
5. Secrets in source code

For each finding, provide:
- File and line number
- Severity (Critical/High/Medium/Low)
- Description of the vulnerability
- Suggested fix with code

Example: Database Migration Skill

# .claude/agents/migrate-db.md
---
description: "Generate database migrations"
whenToUse: "When user needs schema changes"
tools: ["Read", "Write", "Bash", "Grep"]
model: "opus"
---

You are a database migration specialist.
Read the current schema, understand the requested
changes, and generate a safe migration file.

Rules:
- Always create reversible migrations
- Add NOT NULL with defaults
- Create indexes concurrently
- Never drop columns in production

Prompt Engineering for Claude Code

Learn how to write effective prompts that get the best results from Claude Code. These patterns are derived from the actual system prompt and tool descriptions.

Pattern 1: Be Specific with Context

Claude Code works best when you provide specific file paths, line numbers, and constraints.

✘ Vague

Fix the login bug

✔ Specific

The login form in src/auth/Login.tsx
throws "undefined" when email is empty.
The validation on line 45 doesn't check
for empty strings. Add the check and
update the test in tests/auth.test.ts

Pattern 2: Use /effort for Control

The /effort flag controls how thorough Claude Code will be:

/effort min

Quick answers, minimal research. Good for simple questions or small edits.

"What does this function do?"

/effort medium

Balanced approach. Reads relevant files, makes targeted changes.

"Add error handling to the API endpoint"

/effort max

Maximum thoroughness. Deep research, comprehensive changes, verification.

"Refactor the auth system to use JWT with refresh tokens"

Pattern 3: Leverage Agents for Complex Tasks

For multi-step work, tell Claude to use agents:

// Tell Claude to parallelize research
"Search the codebase for all API endpoints and their
authentication methods. Use multiple agents in parallel
to check src/routes/, src/api/, and src/middleware/"

// Tell Claude to plan first
"Plan the implementation for adding WebSocket support.
Use a Plan agent to design the architecture before
writing any code."

// Tell Claude to verify
"Implement the feature, then spawn a verification agent
to independently check the implementation."

Pattern 4: CLAUDE.md for Project Context

Create a CLAUDE.md file at your project root to give Claude persistent context:

# CLAUDE.md

## Project Overview
This is a Next.js e-commerce app with PostgreSQL.

## Architecture
- /src/app/ - Next.js App Router pages
- /src/lib/ - Shared utilities and DB client
- /src/components/ - React components (use shadcn/ui)

## Conventions
- Use TypeScript strict mode
- All API routes return { data, error } shape
- Tests use Vitest, not Jest
- Commits follow Conventional Commits

## Common Commands
- npm run dev - Start dev server
- npm run test - Run tests
- npm run db:migrate - Run migrations

This file is automatically loaded into every conversation.

Pattern 5: Structured Requests

Break complex requests into clear parts:

I need to add a user notification system:

1. Create a notifications table in the database
2. Add a NotificationService in src/services/
3. Create API endpoints:
   - GET /api/notifications (list)
   - POST /api/notifications/:id/read (mark read)
   - DELETE /api/notifications/:id (dismiss)
4. Add a notification bell component in the header
5. Write tests for the service and API

Use the existing auth middleware for all endpoints.
Follow the patterns in src/services/UserService.ts.

Pattern 6: Iterative Refinement

Don't try to specify everything upfront. Iterate:

Start broad: "Add a caching layer to the API"

Refine: "Use Redis instead of in-memory. Add TTL of 5 minutes."

Adjust: "Also cache the user profile endpoint but with 1 hour TTL"

Pattern 7: Use Memory Effectively

Tell Claude to remember important decisions:

// Save project conventions
"Remember: we use pnpm, not npm. All tests should
use the factory pattern from tests/factories/"

// Save architectural decisions
"Remember: we decided to use event sourcing for the
payment system because of audit requirements"

// Save personal preferences
"Remember: I prefer concise responses without
trailing summaries. Show me the diff, not an explanation."

Memories persist across sessions via MEMORY.md (200 lines max, 25KB limit).

Quick Reference: Effective Prompts

Goal	Prompt Pattern
Fix a bug	`"The error is in [file]:[line]. The issue is [description]. Fix it and run the tests."`
Add a feature	`"Add [feature] following the pattern in [existing file]. Include tests."`
Refactor	`"Refactor [module] to use [pattern]. Don't change the public API."`
Explore code	`"How does [system] work? Trace the flow from [entry point]."`
Review PR	`/review-pr [number]`
Commit	`/commit`
Parallel work	`"Do X and Y in parallel using agents."`
Deep research	`"Search the entire codebase for [pattern]. /effort max"`