️ Harness Engineering

The art of system prompt assembly

What is Harness Engineering?

Harness Engineering (also called Context Engineering) is Claude Code's core engineering secret - how it meticulously assembles system prompts sent to Claude API. This determines Claude's identity, capabilities, and behavior.

Three Identity Prefixes

DEFAULT_PREFIX:
  "You are Claude Code, Anthropic's official CLI for Claude."

AGENT_SDK_CLAUDE_CODE_PRESET_PREFIX:
  "You are Claude Code, Anthropic's official CLI for Claude,
   running within the Claude Agent SDK."

AGENT_SDK_PREFIX:
  "You are a Claude agent, built on Anthropic's Claude Agent SDK."

Seven-Layer Static Structure

  1. Intro Section - Identity and core principles
  2. System Section - Behavioral constraints
  3. Doing Tasks Section - Task execution guidelines
  4. Actions Section - Action caution principles
  5. Tools Section - Tool usage specifications
  6. Tone & Style Section - Tone requirements
  7. Output Efficiency - Conciseness principles

Dynamic Paragraphs

Cached (once per session)

  • session_guidance - Session-specific tool guidance
  • memory - Memory directory content
  • env_info_simple - Environment info
  • token_budget - Token budget guidance

Volatile (recalculated every turn)

  • mcp_instructions - MCP server instructions

CLAUDE.md: User Injection Layer

Four-tier discovery (priority increasing):

/etc/claude-code/CLAUDE.md       → Global managed
~/.claude/CLAUDE.md              → User global
/CLAUDE.md              → Project
/.claude/CLAUDE.md      → Project hidden
/.claude/rules/*.md     → Conditional rules
/CLAUDE.local.md        → Local private

Cache Boundary Architecture

SYSTEM_PROMPT_DYNAMIC_BOUNDARY = '__SYSTEM_PROMPT_DYNAMIC_BOUNDARY__'

This marker divides system prompt:

  • Before marker: Cross-org shared static, scope: 'global'
  • After marker: User/session dynamic, scope: 'org'

Three Cache Modes

ModeConditionScope
MCP ToolMCP tools presentorg
GlobalFirst-party + boundaryglobal
OrganizationDefaultorg

Attribution Header

x-anthropic-billing-header:
  cc_version=2.1.88.a3f2c1;     ← Version + fingerprint
  cc_entrypoint=cli;             ← Entry point
  cch=___ATTESTATION_TOKEN___;   ← Client attestation
  cc_workload=interactive;       ← Workload type

Anti-Distillation

When enabled, sends anti_distillation: ['fake_tools'] to API, causing server to inject decoy tool definitions - a "data poisoning" defense against model distillation attacks.

💡 See also: Harness Engineering Reference (MD) for complete analysis.