- Updated code-standards.md with v4.3.2 subsystem organization, delegation patterns, and symlinking standards - Enhanced codebase-summary.md to document delegation system, selective .claude/ symlinking, and shell completion - Revised project-overview-pdr.md with v4.3.2 capabilities, feature requirements, and architectural evolution - Added comprehensive project-roadmap.md documenting version history and future plans - Updated system-architecture.md with delegation architecture, symlinking strategy, and diagnostics infrastructure - Added repomix-output.xml to .gitignore
38 KiB
CCS System Architecture
Overview
CCS (Claude Code Switch) is a lightweight CLI wrapper that provides instant profile switching between Claude Sonnet 4.5, GLM 4.6, GLMT (GLM with Thinking), and Kimi for Coding models. Current version v4.3.2 features AI-powered delegation system, selective .claude/ directory symlinking, stream-JSON output, shell completion (4 shells), and comprehensive diagnostics (doctor, sync, update commands).
Core Architecture Principles
Design Philosophy
- YAGNI (You Aren't Gonna Need It): No features "just in case"
- KISS (Keep It Simple): Minimal complexity, maximum reliability
- DRY (Don't Repeat Yourself): Single source of truth for each concern
Simplification Goals
- Consolidate duplicate logic into reusable functions
- Remove unnecessary validation layers ("security theater")
- Simplify error handling and messaging
- Maintain cross-platform compatibility
High-Level Architecture (v4.3.2)
%%{init: {'theme': 'dark'}}%%
graph TB
subgraph "User Interface Layer"
CLI[Command Line Interface]
FLAGS[Special Flag Handlers]
DELEGATION[Delegation Flag]
end
subgraph "Core Processing Layer"
DETECT[Profile Detection Logic]
CONFIG[Configuration Manager]
SPAWN[Unified Spawn Executor]
DELEGATOR[Delegation Handler]
end
subgraph "New v4.x Subsystems"
SYMLINK[Symlink Manager]
DOCTOR[Diagnostics]
COMPLETION[Shell Completion]
SESSION[Session Manager]
end
subgraph "System Integration Layer"
CLAUDE[Claude CLI Detector]
PATH[Path Resolution]
ENV[Environment Variables]
end
subgraph "External Dependencies"
CLAUDE_EXEC[Claude CLI Executable]
SETTINGS[Claude Settings Files]
SHARED[~/.ccs/shared/]
end
CLI --> DETECT
CLI --> DELEGATION
FLAGS --> SPAWN
DELEGATION --> DELEGATOR
DETECT --> CONFIG
CONFIG --> SPAWN
DELEGATOR --> SPAWN
SPAWN --> CLAUDE
CLAUDE --> PATH
CLAUDE --> ENV
SPAWN --> CLAUDE_EXEC
CONFIG --> SETTINGS
SYMLINK --> SHARED
Component Architecture
1. Main Entry Point (bin/ccs.js - ~800 lines)
Role: Central orchestrator for all CCS operations
Key Responsibilities:
- Argument parsing and profile detection
- Special command handling (--version, --help, --shell-completion, auth, doctor, sync, update)
- Delegation detection (
-p/--promptflag routing) - Profile type routing (settings-based vs account-based)
- GLMT proxy lifecycle management
- Unified process execution through
execClaude() - Error propagation and exit code management
- Auto-recovery for missing configuration
Architecture with Delegation Support (v4.3.2):
graph TD
subgraph "Entry Point"
ARGS[Parse Arguments]
SPECIAL[Handle Special Commands]
RECOVER[Auto-recovery]
DETECT[ProfileDetector]
SETTINGS[Settings-based Profile]
GLMT{GLMT Profile?}
ACCOUNT[Account-based Profile]
PROXY[Spawn Proxy]
EXEC[Execute Claude]
end
ARGS --> SPECIAL
SPECIAL --> RECOVER
RECOVER --> DETECT
DETECT --> SETTINGS
DETECT --> ACCOUNT
SETTINGS --> GLMT
GLMT -->|Yes| PROXY
GLMT -->|No| EXEC
PROXY --> EXEC
ACCOUNT --> EXEC
Key Enhancements:
- v3.3.0: GLMT proxy spawning with verbose flag detection, API key validation, 5s timeout
- v3.2.0: Dual-path execution supporting both
--settingsflag (backward compatible) andCLAUDE_CONFIG_DIRenv var (concurrent sessions) - v3.1.0: Auto-recovery manager for missing configs
GLMT-Specific Logic:
// Check if GLMT profile
if (profileInfo.name === 'glmt') {
// 1. Read API key from settings
// 2. Spawn proxy with --verbose flag (if detected in args)
// 3. Wait for PROXY_READY:port signal (5s timeout)
// 4. Spawn Claude CLI with proxy URL
// 5. Kill proxy when Claude exits
await execClaudeWithProxy(claudeCli, 'glmt', remainingArgs);
}
2. Configuration Manager (bin/config-manager.js)
Role: Handles all configuration-related operations
Key Responsibilities:
- Configuration file path resolution
- JSON parsing and validation
- Profile-to-settings-file mapping
- Error handling for configuration issues
Architecture Flow:
graph TD
PATH[Get Config Path] --> READ[Read Config File]
READ --> PARSE[Parse JSON]
PARSE --> VALIDATE[Validate Structure]
VALIDATE --> MAP[Map Profile to Settings]
MAP --> RETURN[Return Settings Path]
Simplified Validation: Removed redundant validation functions while maintaining essential checks for file existence and JSON validity.
3. Claude CLI Detector (bin/claude-detector.js)
Role: Locates and validates the Claude CLI executable
Key Responsibilities:
- Environment variable override support (
CCS_CLAUDE_PATH) - System PATH resolution
- Cross-platform executable detection
- Windows-specific executable extension handling
Detection Priority:
graph TD
ENV[CCS_CLAUDE_PATH] --> VALID{Valid Path?}
VALID -->|Yes| USE_ENV[Use Environment Path]
VALID -->|No| PATH[System PATH Lookup]
PATH --> FOUND{Found in PATH?}
FOUND -->|Yes| USE_PATH[Use PATH Result]
FOUND -->|No| FAIL[Return null]
Platform-Specific Logic:
- Unix/macOS: Uses
which claudecommand - Windows: Uses
where.exe claudewith extension preference - Cross-platform: Unified error handling and fallback logic
4. Helpers Module (bin/helpers.js)
Role: Provides essential utility functions
Key Responsibilities:
- TTY-aware color formatting
- Path expansion with tilde and environment variables
- Simplified error reporting
- Cross-platform compatibility
Removed Functions (Security Theater):
escapeShellArg(): Unnecessary with spawn() arraysvalidateProfileName(): Redundant validationisPathSafe(): Excessive security checking
5. Instance Manager (bin/instance-manager.js) - NEW in
Role: Manages isolated Claude CLI instances per profile
Key Responsibilities:
- Lazy instance initialization on first use (YAGNI principle)
- Instance directory creation (
~/.ccs/instances/<profile>/) - Credential synchronization from vault to instance
- Instance integrity validation
- Instance lifecycle management (create, validate, delete)
Architecture Flow:
graph TD
ACTIVATE[activateInstance] --> EXISTS{Instance exists?}
EXISTS -->|No| INIT[initializeInstance]
EXISTS -->|Yes| SYNC[syncCredentialsToInstance]
INIT --> SYNC
SYNC --> VALIDATE[validateInstance]
VALIDATE --> RETURN[Return instance path]
Directory Structure Created:
~/.ccs/instances/<profile>/
├── session-env/ # Claude session data
├── todos/ # Per-profile todo lists
├── logs/ # Execution logs
├── file-history/ # File edit history
├── shell-snapshots/ # Shell state snapshots
├── debug/ # Debug information
├── .anthropic/ # Anthropic SDK config
├── commands/ # Custom commands (copied from global)
├── skills/ # Custom skills (copied from global)
└── .credentials.json # Encrypted credentials (synced from vault)
6. Profile Detector (bin/profile-detector.js) - NEW in
Role: Determines profile type for routing
Key Responsibilities:
- Detect settings-based profiles (glm, kimi) - Priority 1 for backward compatibility
- Detect account-based profiles (work, personal) - Priority 2
- Resolve default profile across both types
- Provide error messages with available profiles
Detection Priority:
graph TD
INPUT[Profile name] --> SETTINGS{In config.json?}
SETTINGS -->|Yes| RETURN_SETTINGS[Return: type=settings]
SETTINGS -->|No| ACCOUNT{In profiles.json?}
ACCOUNT -->|Yes| RETURN_ACCOUNT[Return: type=account]
ACCOUNT -->|No| ERROR[Throw: Profile not found]
7. Profile Registry (bin/profile-registry.js) - NEW in
Role: Manages account profile metadata
Key Responsibilities:
- CRUD operations for account profiles in
~/.ccs/profiles.json - Default profile management
- Last-used timestamp tracking
- Atomic file writes for data integrity
Profile Metadata Schema:
{
"version": "2.0.0",
"profiles": {
"work": {
"type": "account",
"vault": "~/.ccs/accounts/work.json.enc",
"subscription": "pro",
"email": "user@work.com",
"created": "2025-11-09T...",
"last_used": "2025-11-09T..."
}
},
"default": "work"
}
Delegation Architecture (v4.0+)
Overview
The delegation system enables headless execution of Claude CLI with real-time tool tracking. Users invoke with -p flag for AI-powered task delegation.
Components
1. Delegation Handler (bin/delegation/delegation-handler.js - ~300 lines)
- Routes
-pcommands to appropriate profile - Validates profile has valid API key
- Detects
:continuesuffix for session resumption - Delegates to HeadlessExecutor for execution
2. Headless Executor (bin/delegation/headless-executor.js - ~400 lines)
- Spawns Claude CLI with
--output-format stream-json --verbose - Parses stream-JSON output in real-time
- Tracks 13+ Claude Code tools (Bash, Read, Write, Edit, Glob, Grep, etc.)
- Handles Ctrl+C signal (kills child processes properly)
- Extracts cost and duration from output
3. Session Manager (bin/delegation/session-manager.js - ~200 lines)
- Saves session IDs for continuation support
- Loads last session for
:continuecommands - Manages session history in
~/.ccs/delegation-sessions/
4. Result Formatter (bin/delegation/result-formatter.js - ~150 lines)
- Formats execution results with cost, duration, exit code
- Color-codes tool names and paths
- Displays summary statistics
5. Settings Parser (bin/delegation/settings-parser.js - ~150 lines)
- Parses profile settings to extract API keys
- Validates settings file format
- Supports both settings-based and account-based profiles
Delegation Execution Flow
sequenceDiagram
participant User
participant Handler as DelegationHandler
participant Executor as HeadlessExecutor
participant Parser as Stream Parser
participant Session as SessionManager
participant Formatter as ResultFormatter
participant Claude as Claude CLI
User->>Handler: ccs glm -p "add tests"
Handler->>Handler: Validate profile, check API key
Handler->>Executor: Execute with stream-JSON
Executor->>Claude: spawn --output-format stream-json --verbose
Claude->>Parser: stdout stream
Parser->>Parser: Extract [Tool] lines
Parser->>User: Display tools in real-time
Claude->>Executor: Exit with code
Executor->>Session: Save session ID
Executor->>Formatter: Format results
Formatter->>User: Display cost, duration, status
Stream-JSON Parsing
Tool Tracking:
// Real-time extraction of tool calls from stream-JSON
const toolRegex = /\[Tool\]\s+(\w+)\((.*?)\)/;
const match = line.match(toolRegex);
if (match) {
const [_, toolName, params] = match;
console.log(` ${formatToolName(toolName)} ${formatParams(params)}`);
}
Supported Tools (13+):
- Bash, BashOutput, KillShell
- Read, Write, Edit, MultiEdit, NotebookEdit
- Glob, Grep
- WebFetch, WebSearch
- SlashCommand, Skill, TodoWrite
Session Continuation
Usage:
# Initial delegation
ccs glm -p "add tests"
# Session saved to ~/.ccs/delegation-sessions/glm-last.json
# Continue session
ccs glm:continue -p "run the tests"
# Loads session ID, continues conversation
Session Storage (~/.ccs/delegation-sessions/):
{
"profile": "glm",
"sessionId": "2a3b4c5d",
"timestamp": "2025-11-21T10:00:00.000Z",
"prompt": "add tests"
}
.claude/ Symlinking Architecture (v4.1+)
Overview
CCS selectively symlinks .claude/ directories to share data (commands, skills, agents) across profiles while keeping profile-specific data isolated (settings, sessions, logs).
Components
1. Claude Directory Installer (bin/utils/claude-dir-installer.js - ~300 lines)
- Creates
~/.ccs/shared/directory structure - Installs shared directories: commands/, skills/, agents/
- Non-invasive: never modifies
~/.claude/settings.json - Idempotent: safe to run multiple times
2. Claude Symlink Manager (bin/utils/claude-symlink-manager.js - ~400 lines)
- Creates symlinks from instance .claude/ to
~/.ccs/shared/ - Windows fallback: copies directories if symlinks unavailable
- Validates symlink integrity
- Repairs broken symlinks via
ccs sync
Symlinking Strategy
Symlinked (Shared):
~/.ccs/instances/work/.claude/commands/→~/.ccs/shared/commands/~/.ccs/instances/work/.claude/skills/→~/.ccs/shared/skills/~/.ccs/instances/work/.claude/agents/→~/.ccs/shared/agents/
Isolated (Profile-Specific):
~/.ccs/instances/work/.claude/settings.json~/.ccs/instances/work/.claude/sessions/~/.ccs/instances/work/.claude/todolists/~/.ccs/instances/work/.claude/logs/
Directory Structure
~/.ccs/
├── shared/ # Shared across all profiles (v4.1+)
│ ├── commands/ # Slash commands
│ ├── skills/ # Agent skills
│ └── agents/ # Agent configs
└── instances/
├── work/
│ └── .claude/
│ ├── commands@ → ~/.ccs/shared/commands/ # Symlink
│ ├── skills@ → ~/.ccs/shared/skills/ # Symlink
│ ├── agents@ → ~/.ccs/shared/agents/ # Symlink
│ ├── settings.json # Isolated
│ ├── sessions/ # Isolated
│ └── logs/ # Isolated
└── personal/
└── .claude/
├── commands@ → ~/.ccs/shared/commands/
├── skills@ → ~/.ccs/shared/skills/
├── agents@ → ~/.ccs/shared/agents/
├── settings.json
├── sessions/
└── logs/
Windows Fallback
When symlinks unavailable on Windows:
- Copy directories instead of symlinking
ccs syncupdates copies from~/.ccs/shared/- Less efficient but maintains functionality
Shell Completion Architecture (v4.1.4+)
Overview
CCS provides comprehensive shell completion for 4 shells (Bash, Zsh, Fish, PowerShell) with color-coded categories and profile-aware completions.
Components
1. Completion Generator (bin/utils/shell-completion.js - ~500 lines)
- Generates completion scripts for each shell
- Color-codes categories: profiles (blue), commands (green), flags (yellow)
- Profile-aware: reads
config.jsonandprofiles.jsondynamically - Easy installation via
ccs --shell-completion <shell>
Supported Shells
| Shell | Completion File | Location |
|---|---|---|
| Bash | ccs-completion.bash |
~/.bashrc |
| Zsh | _ccs |
~/.zshrc or fpath |
| Fish | ccs.fish |
~/.config/fish/completions/ |
| PowerShell | ccs-completion.ps1 |
PowerShell profile |
Color-Coded Categories
Profiles (Blue):
- glm, glmt, kimi (settings-based)
- work, personal (account-based)
Commands (Green):
- auth, doctor, sync, update
Flags (Yellow):
- --version, --help, --shell-completion, -p
Diagnostics Architecture (v4.2+)
Overview
CCS provides comprehensive health diagnostics and maintenance commands.
Components
1. Doctor Command (bin/management/doctor.js - ~300 lines)
- Validates installation
- Checks profiles and API keys
- Verifies symlink integrity
- Displays color-coded status ([OK], [!], [X])
2. Sync Command (bin/management/sync.js - ~200 lines)
- Repairs broken symlinks
- Fixes directory structure
- Updates shared data
3. Update Checker (bin/utils/update-checker.js - ~150 lines)
- Checks for newer CCS versions
- Smart notifications (once per day)
- Displays upgrade instructions
GLMT Architecture (v3.2.0+)
Overview
GLMT (GLM with Thinking) uses an embedded HTTP proxy to enable thinking mode support for GLM 4.6. The proxy converts between Anthropic and OpenAI formats, injecting reasoning parameters and transforming reasoning_content into thinking blocks.
Components
1. GLMT Transformer (bin/glmt-transformer.js)
- Converts Anthropic Messages API → OpenAI Chat Completions format
- Extracts thinking control tags:
<Thinking:On|Off>,<Effort:Low|Medium|High>(effort deprecated) - Injects reasoning parameters:
reasoning: true(binary only - Z.AI constraint) - Transforms OpenAI
reasoning_content→ Anthropic thinking blocks - Generates thinking signatures for Claude Code UI
- Debug logging to
~/.ccs/logs/whenCCS_DEBUG_LOG=1
Control Mechanisms (v3.6):
- Locale enforcer (
bin/locale-enforcer.js): Force English output (prevents Chinese responses) - Budget calculator (
bin/budget-calculator.js): Thinking on/off based on task type + budget - Task classifier (
bin/task-classifier.js): Classify reasoning vs execution tasks - Loop detection (
bin/delta-accumulator.js): Break unbounded planning loops (3 blocks)
2. GLMT Proxy (bin/glmt-proxy.js)
- Embedded HTTP server on
127.0.0.1:random_port - Intercepts Claude CLI → Z.AI requests
- Lifecycle tied to parent process
- Buffered mode only (streaming not supported)
- Request timeout: 120s default
GLMT Execution Flow
sequenceDiagram
participant User
participant CCS as ccs.js
participant Proxy as glmt-proxy.js
participant Transformer as glmt-transformer.js
participant ZAI as Z.AI API
participant Claude as Claude CLI
User->>CCS: ccs glmt "solve problem"
CCS->>CCS: Read GLMT settings (API key, config)
CCS->>Proxy: Spawn proxy with --verbose flag
Proxy->>Proxy: Bind to 127.0.0.1:random_port
Proxy-->>CCS: PROXY_READY:port
CCS->>Claude: Spawn with ANTHROPIC_BASE_URL=http://127.0.0.1:port
Claude->>Proxy: POST /v1/messages (Anthropic format)
Proxy->>Transformer: transformRequest(anthropicRequest)
Transformer->>Transformer: Extract thinking control tags
Transformer->>Transformer: Inject reasoning params
Transformer-->>Proxy: OpenAI format request
Proxy->>ZAI: POST /api/coding/paas/v4/chat/completions
ZAI-->>Proxy: OpenAI response (with reasoning_content)
Proxy->>Transformer: transformResponse(openaiResponse)
Transformer->>Transformer: Convert reasoning_content → thinking blocks
Transformer-->>Proxy: Anthropic format response
Proxy-->>Claude: Return Anthropic response
Claude-->>User: Display with thinking blocks
Claude->>CCS: Exit
CCS->>Proxy: Kill (SIGTERM)
Debug Mode Architecture
Verbose Logging (--verbose flag):
- Console logging with timestamps
- Request/response size tracking
- Transformation validation results
- Proxy lifecycle events
Debug File Logging (CCS_DEBUG_LOG=1):
- Writes to
~/.ccs/logs/ - Files:
{timestamp}-request-anthropic.json,request-openai.json,response-openai.json,response-anthropic.json - Pretty-printed JSON with full request/response data
- [!] Warning: Contains sensitive data (API keys, prompts)
Debug Workflow:
# Enable both verbose and debug logging
export CCS_DEBUG_LOG=1
ccs glmt --verbose "test prompt"
# Check reasoning content
cat ~/.ccs/logs/*response-openai.json | jq '.choices[0].message.reasoning_content'
# Verify transformation
cat ~/.ccs/logs/*response-anthropic.json | jq '.content[] | select(.type=="thinking")'
Configuration Migration (v3.2.0 → v3.3.0)
Automatic Migration (postinstall script):
// Added fields in v3.3.0
{
"env": {
"ANTHROPIC_TEMPERATURE": "0.2", // New
"ANTHROPIC_MAX_TOKENS": "65536", // New
"MAX_THINKING_TOKENS": "32768", // New
"ENABLE_STREAMING": "true", // New
"ANTHROPIC_SAFE_MODE": "false", // New
"API_TIMEOUT_MS": "3000000" // New (50 minutes)
},
"alwaysThinkingEnabled": true // New
}
Removed/Obsolete Fields (from v3.2.0):
BASH_DEFAULT_TIMEOUT_MS- Moved to Claude CLI configBASH_MAX_TIMEOUT_MS- Moved to Claude CLI configDISABLE_TELEMETRY- No longer neededENABLE_THINKING- Replaced byalwaysThinkingEnabled
Proxy Lifecycle Management
Startup:
- CCS spawns
node bin/glmt-proxy.js - Proxy binds to
127.0.0.1:0(random port) - Proxy emits
PROXY_READY:portto stdout - CCS reads port, spawns Claude CLI with proxy URL
- Timeout: 5s (configurable)
Cleanup:
- Claude CLI exits → CCS kills proxy (
SIGTERM) - Parent process dies → Proxy auto-terminates
- Uncaught exception → Proxy logs and exits
Error Handling:
- Proxy startup timeout → Show workaround (use
ccs glm) - Port conflict → Uses random port (unlikely)
- Upstream timeout → 120s default, configurable
Data Flow Architecture
Settings-Based Profile Execution Flow (Backward Compatible)
sequenceDiagram
participant User
participant CCS as ccs.js
participant Detector as profile-detector.js
participant Config as config-manager.js
participant Claude as Claude CLI
User->>CCS: ccs glm "command"
CCS->>CCS: Parse arguments
CCS->>Detector: detectProfileType("glm")
Detector->>Detector: Check config.json
Detector-->>CCS: {type: "settings", settingsPath: ...}
CCS->>Config: getSettingsPath("glm")
Config-->>CCS: Return settings path
CCS->>Claude: execClaude(["--settings", path, "command"])
Claude->>User: Execute with GLM profile
Account-Based Profile Execution Flow (Concurrent Sessions)
sequenceDiagram
participant User
participant CCS as ccs.js
participant Detector as profile-detector.js
participant Instance as instance-manager.js
participant Vault as vault-manager.js
participant Registry as profile-registry.js
participant Claude as Claude CLI
User->>CCS: ccs work "command"
CCS->>Detector: detectProfileType("work")
Detector->>Detector: Check profiles.json
Detector-->>CCS: {type: "account", name: "work"}
CCS->>Instance: activateInstance("work")
Instance->>Instance: Check if instance exists
alt Instance not exists
Instance->>Instance: initializeInstance (create dirs)
end
Instance->>Vault: decryptCredentials("work")
Vault-->>Instance: Return credentials JSON
Instance->>Instance: Write to instance/.credentials.json
Instance->>Instance: validateInstance (check integrity)
Instance-->>CCS: Return instance path
CCS->>Registry: touchProfile("work")
Registry->>Registry: Update last_used timestamp
CCS->>Claude: execClaude(["command"], {CLAUDE_CONFIG_DIR: instancePath})
Claude->>User: Execute with work account
Special Command Flow
sequenceDiagram
participant User
participant CCS as ccs.js
User->>CCS: ccs --version
CCS->>CCS: handleVersionCommand()
CCS->>User: Show version and install location
User->>CCS: ccs --help
CCS->>CCS: handleHelpCommand()
CCS->>Detector: detectClaudeCli()
CCS->>User: Show Claude help
User->>CCS: ccs --install
CCS->>CCS: handleInstallCommand()
CCS->>User: Installation message
Configuration Architecture
File Structure
~/.ccs/
├── config.json # Settings-based profile mappings (glm, glmt, kimi)
├── profiles.json # Account-based profile metadata (work, personal)
├── glm.settings.json # GLM configuration (Anthropic endpoint)
├── glmt.settings.json # GLMT configuration (v3.3.0 with thinking mode)
├── kimi.settings.json # Kimi configuration
├── config.json.backup # Single backup file
├── VERSION # Version information
├── logs/ # Debug logs (CCS_DEBUG_LOG=1)
│ ├── {timestamp}-request-anthropic.json
│ ├── {timestamp}-request-openai.json
│ ├── {timestamp}-response-openai.json
│ └── {timestamp}-response-anthropic.json
├── delegation-sessions/ # Delegation session persistence (v4.0+)
│ ├── glm-last.json
│ ├── kimi-last.json
│ └── work-last.json
├── shared/ # Shared across all profiles (v4.1+)
│ ├── commands/ # Slash commands
│ ├── skills/ # Agent skills
│ └── agents/ # Agent configs
└── instances/ # Isolated Claude instances
├── work/ # Work account instance
│ ├── .claude/
│ │ ├── commands@ → ~/.ccs/shared/commands/ # Symlink (v4.1+)
│ │ ├── skills@ → ~/.ccs/shared/skills/ # Symlink (v4.1+)
│ │ ├── agents@ → ~/.ccs/shared/agents/ # Symlink (v4.1+)
│ │ ├── settings.json # Profile-specific
│ │ ├── sessions/ # Profile-specific
│ │ ├── todolists/ # Profile-specific
│ │ └── logs/ # Profile-specific
│ ├── .anthropic/
│ └── .credentials.json
└── personal/ # Personal account instance
├── .claude/
│ ├── commands@ → ~/.ccs/shared/commands/
│ ├── skills@ → ~/.ccs/shared/skills/
│ ├── agents@ → ~/.ccs/shared/agents/
│ ├── settings.json
│ ├── sessions/
│ └── logs/
├── .anthropic/
└── .credentials.json
bin/ # CCS source files (v4.3.2)
├── ccs.js # Main entry point (~800 lines)
├── auth/ # Auth system (~800 lines)
│ ├── auth-create.js
│ ├── auth-delete.js
│ ├── auth-list.js
│ └── auth-switch.js
├── delegation/ # Delegation system (~1,200 lines)
│ ├── delegation-handler.js
│ ├── headless-executor.js
│ ├── session-manager.js
│ ├── result-formatter.js
│ └── settings-parser.js
├── glmt/ # GLMT system (~700 lines)
│ ├── glmt-proxy.js
│ ├── glmt-transformer.js
│ ├── locale-enforcer.js
│ ├── reasoning-enforcer.js
│ ├── sse-parser.js
│ └── delta-accumulator.js
├── management/ # Management system (~600 lines)
│ ├── config-manager.js
│ ├── instance-manager.js
│ ├── profile-detector.js
│ ├── profile-registry.js
│ ├── shared-manager.js
│ ├── doctor.js
│ ├── sync.js
│ └── recovery-manager.js
├── utils/ # Utilities (~1,500 lines)
│ ├── claude-detector.js
│ ├── claude-dir-installer.js
│ ├── claude-symlink-manager.js
│ ├── delegation-validator.js
│ ├── shell-completion.js
│ ├── update-checker.js
│ ├── helpers.js
│ └── error-manager.js
└── ...
config/
└── base-glmt.settings.json # GLMT template (v3.3.0)
scripts/
└── postinstall.js # Auto-configuration + migration
Configuration Schema
{
"profiles": {
"default": "~/.claude/settings.json",
"glm": "~/.ccs/glm.settings.json"
}
}
Settings File Format
GLM Settings (Anthropic endpoint):
{
"env": {
"ANTHROPIC_BASE_URL": "https://api.z.ai/api/anthropic",
"ANTHROPIC_AUTH_TOKEN": "your_api_key",
"ANTHROPIC_MODEL": "glm-4.6",
"ANTHROPIC_DEFAULT_OPUS_MODEL": "glm-4.6",
"ANTHROPIC_DEFAULT_SONNET_MODEL": "glm-4.6",
"ANTHROPIC_DEFAULT_HAIKU_MODEL": "glm-4.6"
}
}
GLMT Settings (v3.3.0 with thinking mode):
{
"env": {
"ANTHROPIC_BASE_URL": "https://api.z.ai/api/coding/paas/v4/chat/completions",
"ANTHROPIC_AUTH_TOKEN": "your_api_key",
"ANTHROPIC_MODEL": "glm-4.6",
"ANTHROPIC_DEFAULT_OPUS_MODEL": "glm-4.6",
"ANTHROPIC_DEFAULT_SONNET_MODEL": "glm-4.6",
"ANTHROPIC_DEFAULT_HAIKU_MODEL": "glm-4.6",
"ANTHROPIC_TEMPERATURE": "0.2",
"ANTHROPIC_MAX_TOKENS": "65536",
"MAX_THINKING_TOKENS": "32768",
"ENABLE_STREAMING": "true",
"ANTHROPIC_SAFE_MODE": "false",
"API_TIMEOUT_MS": "3000000"
},
"alwaysThinkingEnabled": true
}
[i] Note: All env values are strings (not booleans/numbers) for PowerShell compatibility.
Security Architecture
Inherent Security Model
- No Shell Injection Risk: Uses
spawn()with array arguments - No Arbitrary Code Execution: No
eval()or dynamic code generation - Controlled File Access: Only accesses known configuration locations
- Minimal Dependencies: Reduces attack surface
Removed Security Measures
The simplification removed several "security theater" measures that provided no real security benefit:
- Shell argument escaping: Unnecessary with spawn() arrays
- Path name validation: Redundant with proper file system checks
- Profile name sanitization: Excessive validation for controlled input
Maintained Security Controls
- File existence validation: Essential for preventing errors
- JSON parsing safety: Prevents malformed configuration crashes
- Path traversal protection: Maintained through path normalization
- Executable validation: Ensures found executables are actually executable
Platform Architecture
Cross-Platform Compatibility
graph TD
subgraph "Platform Abstraction"
NODE[Node.js Runtime]
FS[File System API]
PROCESS[Process Management]
end
subgraph "Platform-Specific"
UNIX[Unix/macOS Logic]
WIN[Windows Logic]
COMMON[Common Logic]
end
NODE --> UNIX
NODE --> WIN
NODE --> COMMON
Platform-Specific Behaviors
Unix/macOS:
- Uses
whichcommand for executable detection - POSIX path handling and permissions
- Standard Unix terminal TTY detection
Windows:
- Uses
where.exefor executable detection - Windows path separator handling
- PowerShell compatibility considerations
Common:
- Node.js cross-platform APIs
- Unified error handling
- Consistent configuration format
Performance Architecture
Optimization Strategies
- Reduced Function Call Overhead: Eliminated redundant validation layers
- Simplified Error Handling: Direct error propagation without complex formatting
- Optimized Path Resolution: Cached environment variable lookups
- Minimal Memory Footprint: 35% reduction in code size
Performance Characteristics
- Startup Time: Fast due to minimal module loading
- Execution Time: Direct process spawning without overhead
- Memory Usage: Small footprint with efficient data structures
- I/O Operations: Optimized configuration reading and caching
Testing Architecture
Test Organization
tests/
├── shared/
│ ├── unit/ # Unit tests for individual modules
│ └── fixtures/ # Test data and configurations
├── npm/ # npm package-specific tests
└── edge-cases.sh # Comprehensive scenario testing
Test Coverage Strategy
- Unit Tests: Individual module functionality
- Integration Tests: Cross-module interaction
- Platform Tests: OS-specific behavior validation
- Edge Case Tests: Error conditions and unusual scenarios
Deployment Architecture
npm Package Distribution
graph LR
subgraph "Development"
SRC[Source Code]
TEST[Run Tests]
BUILD[Package Files]
end
subgraph "Distribution"
NPM[npm Registry]
DOWNLOAD[Package Download]
INSTALL[Installation Process]
end
subgraph "Runtime"
POSTINSTALL[Post-install Script]
CONFIG[Auto-configuration]
READY[Ready to Use]
end
SRC --> TEST
TEST --> BUILD
BUILD --> NPM
NPM --> DOWNLOAD
DOWNLOAD --> INSTALL
INSTALL --> POSTINSTALL
POSTINSTALL --> CONFIG
CONFIG --> READY
Installation Process
- Package Download: User installs via npm/yarn/pnpm/bun
- Post-install Script (
scripts/postinstall.js):- Creates
~/.ccs/directory structure - Creates
~/.ccs/shared/(commands, skills, agents) - Migrates from v3.1.1 → v3.2.0 (if needed)
- Migrates GLMT configs from v3.2.0 → v3.3.0 (adds new fields)
- Creates
config.json(glm, glmt, kimi, default) - Creates
glm.settings.json(Anthropic endpoint) - Creates
glmt.settings.json(OpenAI endpoint + thinking mode) - Creates
kimi.settings.json(Kimi endpoint) - Creates
~/.claude/settings.json(if missing) - Validates configuration (checks JSON syntax, file existence)
- Shows API key setup instructions
- Creates
- Path Configuration: npm automatically adds to PATH
- Ready State: System ready for profile switching
Idempotency: Safe to run multiple times, preserves existing configs
Migration Logic (v3.3.0):
// Auto-adds missing fields to existing GLMT configs
const envDefaults = {
ANTHROPIC_TEMPERATURE: '0.2',
ANTHROPIC_MAX_TOKENS: '65536',
MAX_THINKING_TOKENS: '32768',
ENABLE_STREAMING: 'true',
ANTHROPIC_SAFE_MODE: 'false',
API_TIMEOUT_MS: '3000000'
};
Concurrent Sessions Architecture ()
CLAUDE_CONFIG_DIR Mechanism
CCS uses the undocumented CLAUDE_CONFIG_DIR environment variable to isolate Claude CLI instances:
// Settings-based profile (backward compatible)
execClaude(claudeCli, ['--settings', settingsPath, ...args]);
// Account-based profile (concurrent sessions)
const envVars = { CLAUDE_CONFIG_DIR: instancePath };
execClaude(claudeCli, args, envVars);
How it works:
- Claude CLI reads
CLAUDE_CONFIG_DIRenv var - If set, uses that directory instead of
~/.claude/ - All state (sessions, todos, logs) stored in instance directory
- Each profile gets isolated state → concurrent sessions possible
Isolation Guarantees
Isolated per instance:
- Credentials (
.credentials.json) - Chat sessions (
session-env/) - Todo lists (
todos/) - Execution logs (
logs/) - File edit history (
file-history/) - Shell snapshots (
shell-snapshots/)
Shared across instances:
- Claude CLI binary location
- CCS configuration (
~/.ccs/config.json,profiles.json) - Encrypted credential vaults (
~/.ccs/accounts/)
Concurrent Sessions Workflow
graph TD
subgraph "Terminal 1"
T1[ccs work "task1"]
I1[Instance: ~/.ccs/instances/work/]
C1[CLAUDE_CONFIG_DIR=work]
CLI1[Claude CLI Process 1]
end
subgraph "Terminal 2"
T2[ccs personal "task2"]
I2[Instance: ~/.ccs/instances/personal/]
C2[CLAUDE_CONFIG_DIR=personal]
CLI2[Claude CLI Process 2]
end
T1 --> I1 --> C1 --> CLI1
T2 --> I2 --> C2 --> CLI2
Known Limitations ()
-
Same Profile Concurrent Access: Running
ccs workin 2 terminals → file conflicts- Not blocked in
- File locking considered for future versions
-
CLAUDE_CONFIG_DIR Reliability: Undocumented env var
- May not work on all systems
- Claude CLI version dependencies unknown
- No official support from Anthropic
-
Disk Space: Each instance ~200-700 KB
- Sessions accumulate over time
- No automatic cleanup in
Future Extensibility
Extension Points
The architecture provides clean extension points:
- New Profile Types: Easy addition via ProfileDetector
- Additional Commands: Straightforward command handler extension
- Enhanced Isolation: File locking for same-profile concurrent access
- Instance Cleanup: Automatic session/log cleanup policies
- Plugin System: Clean architecture supports future plugins
Architectural Guarantees
- Backward Compatibility: Settings-based profiles (glm, kimi) work unchanged
- Performance: Lazy instance initialization minimizes overhead
- Maintainability: Clear separation between settings-based and account-based paths
- Reliability: Encrypted vaults + isolated instances reduce failure coupling
Summary
The CCS system architecture successfully balances simplicity with enhanced functionality:
Core Architecture Strengths:
- Modular Design: Clear subsystem separation (auth, delegation, glmt, management, utils)
- Unified spawn logic eliminates code duplication
- Dual-path execution supports settings-based and account-based profiles
- Isolated Claude instances enable concurrent sessions via CLAUDE_CONFIG_DIR
- Cross-platform compatibility ensures consistent behavior everywhere
- Clean separation of concerns makes the codebase maintainable and extensible
v4.3.2 Features (Current):
- AI Delegation System: Headless execution with stream-JSON output, real-time tool tracking
- Selective Symlinking: Share .claude/ directories (commands, skills, agents) across profiles
- Shell Completion: 4 shells supported (Bash, Zsh, Fish, PowerShell) with color-coded categories
- Diagnostics: Doctor, sync, update commands for health checks
- Session Persistence:
:continuesupport for follow-up delegation tasks - 13+ Claude Code Tools: Bash, Read, Write, Edit, Glob, Grep, TodoWrite, etc.
v3.3.0 Features (GLMT):
- GLMT thinking mode: Embedded proxy for GLM reasoning support
- Debug logging: File-based logging to
~/.ccs/logs/whenCCS_DEBUG_LOG=1 - Verbose mode: Console logging with
--verboseflag - Configuration migration: Auto-upgrade configs with new fields
- Enhanced settings: Temperature, max tokens, thinking controls, API timeout
v4.3.2 Architecture Highlights:
- Delegation Architecture: Stream-JSON parsing, session management, result formatting
- Symlinking Architecture: Selective sharing with Windows fallback
- Shell Completion: Dynamic profile-aware completions with color-coding
- Diagnostics Infrastructure: Doctor validation, sync repairs, update checking
- Modular Subsystems: 7 clear subsystems (~8,477 LOC total)
Evolution Path:
- v2.x → v3.0: 40% reduction through vault removal, login-per-profile model
- v3.0 → v4.x: Enhanced capabilities with delegation, symlinking, diagnostics (zero breaking changes)
- Future (v5.0+): AI-powered features, enterprise capabilities, ecosystem expansion
The architecture demonstrates how thoughtful design can add sophisticated AI delegation capabilities, shared data management, and comprehensive diagnostics while maintaining simplicity, backward compatibility, and cross-platform support.