Search anything — agent, harness, session, tool, memory. Definitions are short, citation-backed, and written in the same voice as the book.
agent_toolset_20260401The identifier for Claude Managed Agents' built-in toolset. Include it in the tools array of your agent configuration to enable the eight built-in tools (bash, read, write, edit, glob, grep, web_fetch, web_search). All eight are enabled by default when you use this identifier. (Tools docs)
A reusable, versioned configuration that defines how Claude behaves in sessions. It bundles a model, system prompt, tools, MCP servers, and skills. You create an agent once and reference it by ID each time you start a session. (Agent setup)
The iterative process where Claude decides what to do, executes a tool, receives the result, and decides what to do next — repeating until the task is complete. Managed Agents handles this loop automatically; you don't have to build it yourself. (Overview)
always_allowA permission policy that lets a tool execute automatically without any human confirmation. The default for the built-in agent toolset. (Permission policies)
always_askA permission policy that pauses the session and waits for a user.tool_confirmation event before executing a tool. The default for MCP toolsets. Use this for high-stakes tools you want to review before they run. (Permission policies)
ant CLIThe official command-line tool for Claude Managed Agents. Lets you create and manage agents, environments, sessions, and events from the terminal without writing full application code. Commands follow the pattern ant beta:<resource> <action>. (Quickstart)
The fundamental property of the session event log: events are added but never deleted or modified. This makes the session history a reliable, auditable record of everything that happened. (Engineering blog)
The process of summarizing or condensing the event history so it fits within Claude's context window during long-running sessions. The Managed Agents harness handles compaction automatically. (Overview)
The isolated cloud execution environment where each session runs. It's an Ubuntu 22.04 Linux environment with up to 8 GB RAM and 10 GB disk, pre-installed with Python, Node.js, Go, and other runtimes. Each session gets its own container instance. (Container reference)
The maximum amount of text Claude can "see" at once during a single model call. Claude Opus 4.7 and Sonnet 4.6 have 1M token context windows; Haiku 4.5 has 200k tokens. Long sessions may exceed this; the harness handles context management via caching and compaction. (Models overview)
A stored secret (OAuth token, API key) associated with a specific MCP server URL inside a vault. When the agent connects to that MCP server, the credential is automatically injected. Credential secret fields are write-only — they are never returned in API responses. (Vaults)
deny_messageAn optional string you include when denying a tool call via user.tool_confirmation. Claude receives this message and uses it to adjust its approach. Write constructive redirects, not just rejections. (Permission policies)
A configured container template specifying pre-installed packages, networking rules, and other container setup. Create an environment once; multiple sessions can reference the same environment, each getting its own isolated instance. (Environments)
A structured message exchanged between your application and a session. User events flow from your code to the session; agent and session events flow back. All events are stored in the session's append-only log. (Session event stream)
The real-time feed of events from a running session, delivered via Server-Sent Events (SSE). Open it with client.beta.sessions.events.stream(session.id) before sending messages. (Session event stream)
The loop that calls Claude, routes Claude's tool requests to the execution environment, and feeds results back. In Managed Agents, the harness runs outside the container — decoupled from the sandbox so container failures don't destroy sessions. (Engineering blog)
A standardized protocol for connecting agents to external tools and services via HTTP endpoints. Claude Managed Agents supports connecting MCP servers to agents, giving Claude access to third-party capabilities through a consistent interface. (MCP connector)
The collection of tools provided by a connected MCP server. Referenced in the agent's tools array as type: mcp_toolset with the server name. Defaults to always_ask permission policy. (MCP connector)
A workspace-scoped collection of text documents that persists across sessions. When attached to a session, Claude automatically reads relevant memories before starting work and writes learnings when done. Maximum 8 stores per session. (Memory)
An immutable snapshot created every time a memory is written, modified, or deleted. The version history lets you audit changes, roll back to previous content, or redact sensitive information. (Memory)
memory_precondition_failedThe 409 HTTP error returned when a memory write or edit fails due to a precondition violation — either not_exists (the memory already existed) or content_sha256 (the content changed since you read it). (Memory)
The direct model prompting interface — send a prompt, get a response. The alternative to Managed Agents for fine-grained control and single-turn interactions. Choose Managed Agents for multi-step, long-running, stateful work. (Overview)
The Claude model that powers an agent. Managed Agents supports all Claude 4.5 and later models. Current options: claude-opus-4-7, claude-sonnet-4-6, claude-haiku-4-5-20251001. (Agent setup)
A setting that controls whether a tool runs automatically or waits for human confirmation. Two values: always_allow (auto-execute) and always_ask (wait for user.tool_confirmation). Set at the toolset level or overridden per individual tool. (Permission policies)
An optional constraint on memory write or edit operations to prevent race conditions. not_exists only writes if no memory exists at that path. content_sha256 only writes if the current content's hash matches what you provide. (Memory)
Reusing computed token representations across multiple model calls to reduce cost and latency. The Managed Agents harness handles caching automatically. Cache entries use a 5-minute TTL. (Session event stream)
Features available only to approved users, beyond the standard public beta. Memory, Multi-agent sessions, and Outcomes are all Research Preview features. Standard public beta features are available to all API accounts. (Memory)
Files, memory stores, and GitHub repositories attached to a session at creation via the resources[] array. Resources provide the agent with data and persistent context for its work. (Sessions)
requires_actionThe stop_reason on a session.status_idle event indicating the session is paused waiting for your input — either a tool confirmation or a custom tool result. Blocking event IDs are listed in stop_reason.requires_action.event_ids. (Session event stream)
The execution environment (container) where Claude's code runs. In the decoupled Managed Agents architecture, the sandbox is separate from the harness — it's called by the harness as a tool, not colocated with it. Credentials are never exposed in the sandbox. (Engineering blog)
A running agent instance within an environment. Sessions maintain conversation history and file system state across multiple interactions. They persist until archived or deleted. Create one per task or per user interaction. (Sessions)
session.status_idleThe event emitted when a session has stopped running, either because work is done (end_turn) or because it needs your input (requires_action). The most important event to handle in any event loop. (Session event stream)
In multi-agent sessions, each agent runs in its own thread — a context-isolated event stream with its own conversation history. The primary thread is the coordinator's view; individual threads can be streamed for detailed debugging. (Research Preview feature.) (Multi-agent)
A reusable, filesystem-based resource providing domain-specific expertise to an agent. Skills load on demand via progressive disclosure — only consuming context window when actually needed. Anthropic provides pre-built skills (Excel, PowerPoint, Word, PDF) and organizations can create custom ones. (Agent Skills overview)
The protocol used to stream events from a session to your application in real time. A persistent HTTP connection where the server pushes events as they happen. The Managed Agents event stream is delivered via SSE. (Session event stream)
The configuration-level instructions that define the agent's persona and behavior. Written once into the agent definition, not per session. Distinct from user messages, which describe the specific work to do. (Agent setup)
The latency between requesting a session and receiving the first response token. Managed Agents' brain/hands decoupling reduced p50 TTFT by roughly 60% and p95 by over 90%, because containers are only provisioned when actually needed. (Engineering blog)
user.interruptAn event you send to stop a running session. The session transitions to idle status after processing the interrupt. Use when you need to redirect a session that's heading in the wrong direction. (Session event stream)
A secure store for MCP credentials — OAuth tokens and API keys for third-party services. Vaults are referenced at session creation; the harness injects credentials into MCP calls without exposing them to the agent or the sandbox. (Vaults)
An incremental snapshot of an agent's configuration. Created automatically on each meaningful update. Sessions can be pinned to specific agent versions for controlled rollouts. The version counter starts at 1. (Agent setup)
The organizational scope that resources (agents, environments, sessions, memory stores, files, vaults) belong to. Determined by the API key used. Resources scoped to a workspace are accessible to anyone with API key access for that workspace. (Vaults)