Current-state review of the canonical implementation in /Users/cjerzak/Documents/claw-code/rust/, with emphasis on the main agent workflow, sub-agent path, MCP plumbing, and internet-facing logic.
Important scoping note: the Python files under src/ are a companion/reference workspace. The runtime that actually executes the agent pipeline is the Rust workspace described in README.md and CLAUDE.md.
The core agent is not a graph executor. It is a sequential conversation loop: user message into session state, provider stream produces assistant text and tool-use blocks, each tool-use is permission-checked and executed, tool results are appended back into session state, and the cycle repeats until the assistant stops without more tools.
Internet access is implemented as built-in tools, not as a separate orchestration graph. WebSearch uses DuckDuckGo HTML search by default and parses links from returned HTML. WebFetch performs direct HTTP fetches, converts HTML to stripped text, and returns a prompt-conditioned summary.
The built-in tools ListMcpResources, ReadMcpResource, McpAuth, and MCP are part of the default tool manifest, but their handlers use global_mcp_registry() in the tools crate instead of the live RuntimeMcpState created by the CLI.
Impact: the model can see and call a dead or misleading MCP surface even when the real MCP path is available elsewhere. This is both a correctness issue and a tool-selection hazard.
TaskCreate and RunTaskPacket are described as background task launchers, but the handlers only allocate task records and return metadata. There is no subprocess spawn, worker thread, provider runtime, or scheduler integration behind these APIs.
Impact: higher-level orchestration can believe it has delegated work when it has only created bookkeeping entries. This is especially risky if later logic treats task status as operational truth.
The naming suggests operational behavior, but the current implementation only stores metadata. TeamCreate extracts incoming task_id values and creates a record; it does not launch sub-agents. CronCreate creates a schedule record; it does not install a scheduler or execute recurring work.
Impact: this is less severe than the MCP mismatch because the behavior is at least internally consistent, but the tool descriptions currently overstate capability.
The Agent tool is the real delegated execution path today. It writes an agent manifest, spawns a background thread, builds a dedicated provider-backed runtime with an allowed-tool subset, and persists terminal state on completion or failure.
rust/crates/rusty-claude-cli/src/main.rs
Parses command mode, selects prompt vs REPL vs slash-command behavior, loads config, plugin state, and MCP state.
runtime/src/prompt.rs
Builds static instructions, environment context, git snapshot, discovered CLAUDE files, and rendered runtime config.
runtime/src/config.rs
runtime/src/permissions.rs
Merges user, project, and local settings, resolves permission mode, MCP config, hooks, sandbox, and allow/deny/ask rules.
runtime/src/conversation.rs
Owns session state, streams assistant events, executes tools, records usage, and optionally auto-compacts context.
api/src/providers/anthropic.rs
api/src/providers/openai_compat.rs
Converts session messages into provider requests, streams text/tool events back into the runtime, and tracks usage.
tools/src/lib.rs
Defines built-in tools, merges plugin/runtime tools, enforces permissions, and executes the selected tool path.
Confirmed in runtime/src/conversation.rs:296-420. The loop is sequential over pending tool uses inside a single assistant message.
tools/src/lib.rs:2598-2604 builds a blocking reqwest client with a 20 second timeout, redirect limit 10, and a fixed user-agent string.
The built-in internet tools are separate from model-provider transport. Provider calls happen in api/; web search and fetch happen in the tools crate.
There is no separate research graph. Internet access is just another tool-use branch inside the same conversation loop and permission model.
The CLI loads MCP config, creates a live RuntimeMcpState, and turns discovered MCP tools into runtime tool definitions. When servers are present, it also exposes wrapper tools for generic MCP invocation and resource access.
The runtime crate also contains runtime/src/mcp_tool_bridge.rs, a stateful registry abstraction that can register servers, list resources, and call tools through an McpServerManager. In the current CLI path, that bridge is not the object actually feeding model-visible MCP tools.
This is the real delegated execution path. The tool writes an agent manifest, spawns a background thread, builds a provider-backed runtime, constrains tools by subagent type, and persists terminal state.
Worker tools are not themselves coding agents. They are a startup and delivery state machine for external coding workers: trust-gate detection, ready-for-prompt handshakes, prompt misdelivery detection, replay arming, restart, and terminate.
main.rs chooses prompt, REPL, slash command, status, auth, or support surface.
prompt.rs discovers instruction files up the directory tree and embeds git snapshots plus merged config.
tools/src/lib.rs combines built-in tools with plugin tools and runtime MCP tools.
main.rs:6704-6713 folds tool requirements and config-driven allow/deny/ask rules into one policy.
The runtime sends the current session plus tool definitions to Anthropic or another provider-compatible adapter.
Streaming responses are normalized into text deltas, tool-use events, usage records, and message stop markers.
Each tool call is hook-checked, permission-gated, executed, and written back as a tool_result conversation block.
If tool-use blocks were present, the runtime loops. Otherwise it returns a turn summary and may auto-compact session history.
| Area | Primary file(s) | What it controls |
|---|---|---|
| CLI dispatch | rust/crates/rusty-claude-cli/src/main.rs | Program entry, command mode selection, runtime assembly, live MCP integration, interactive permission prompting. |
| Prompt/context | rust/crates/runtime/src/prompt.rs | System prompt scaffold, environment section, instruction-file discovery, git status/diff snapshots, rendered config section. |
| Settings merge | rust/crates/runtime/src/config.rs | User/project/local settings precedence, sandbox config, plugin config, MCP config, permission-mode decoding. |
| Permission engine | rust/crates/runtime/src/permissions.rs | Required tool modes, allow/deny/ask rules, prompt escalation, hook overrides. |
| Conversation loop | rust/crates/runtime/src/conversation.rs | Turn execution, session updates, hook callbacks, tool execution cycle, usage tracking, auto compaction. |
| Built-in tools | rust/crates/tools/src/lib.rs | WebSearch, WebFetch, file/search tools, Agent, Worker, Task, Team, Cron, MCP built-ins, REPL, config, notebook editing. |
| Provider adapters | rust/crates/api/src/providers/anthropic.rs | Anthropic transport and SSE event normalization. |
| Provider adapters | rust/crates/api/src/providers/openai_compat.rs | OpenAI/xAI-compatible transport, tool-definition translation, streaming normalization. |
| Live MCP bridge | rust/crates/runtime/src/mcp_stdio.rs | Configured stdio MCP server launch, discovery, tool calling, and manager lifecycle. |
| Worker boot plane | rust/crates/runtime/src/worker_boot.rs | Trust-gate detection, ready state, prompt replay, failure classification for external coding workers. |
| Reference-only graph | src/bootstrap_graph.py, src/command_graph.py | Useful for conceptual orientation, but not the canonical runtime path used by the Rust CLI. |
The current Claw Code implementation is a session-centric, tool-augmented conversational runtime rather than a LangGraph-style planner. The core turn loop is coherent and the sub-agent path is real. The most important correctness gap today is the duplicated MCP surface: model-visible built-in MCP tools do not line up with the live CLI MCP plumbing. The next most important gap is naming fidelity: task, team, and cron APIs currently promise operational behavior that their implementations do not yet perform.