Back to Skills

Claude Agent Sdk

Anthropic Claude Agent SDK for autonomous agents and multi-step workflows. Use for subagents, tool orchestration, MCP servers, or encountering CLI not found, context length exceeded errors.

agent
By secondsky
17928Updated 1 day agoTypeScriptMIT

Skill Content

# Claude Agent SDK

**Status**: Production Ready
**Last Updated**: 2025-11-21
**Dependencies**: @anthropic-ai/claude-code, zod
**Latest Versions**: @anthropic-ai/claude-code@2.0.49+, zod@3.23.0+

---

## Quick Start (5 Minutes)

### 1. Install SDK

```bash
bun add @anthropic-ai/claude-agent-sdk zod
```

**Why these packages:**
- `@anthropic-ai/claude-agent-sdk` - Main Agent SDK
- `zod` - Type-safe schema validation for tools

### 2. Set API Key

```bash
export ANTHROPIC_API_KEY="sk-ant-..."
```

**CRITICAL:**
- API key required for all agent operations
- Never commit API keys to version control
- Use environment variables

### 3. Basic Query

```typescript
import { query } from "@anthropic-ai/claude-agent-sdk";

const response = query({
  prompt: "Analyze the codebase and suggest improvements",
  options: {
    model: "claude-sonnet-4-5",
    workingDirectory: process.cwd(),
    allowedTools: ["Read", "Grep", "Glob"]
  }
});

for await (const message of response) {
  if (message.type === 'assistant') {
    console.log(message.content);
  }
}
```

---

## Secure Installation

Agent SDK packages provide system-level capabilities — verify before installing to prevent unauthorized agent access. Follow supply chain security best practices:

- **Block post-install scripts** — `npm config set ignore-scripts true` (or Bun: disabled by default)
- **Cooldown period** — Wait 7 days for new package versions to be vetted by the community
- **Audit before installing** — Run `socket package score npm <pkg>` or use `socket npm install <pkg>` to check packages

Load the `dependency-upgrade` skill for full security configuration including Socket CLI integration, cooldown setup, lockfile validation, and CI enforcement.

## The Complete Claude Agent SDK Reference

## Table of Contents

1. [Core Query API](#core-query-api)
2. [Tool Integration](#tool-integration-built-in--custom)
3. [MCP Servers](#mcp-servers-model-context-protocol)
4. [Subagent Orchestration](#subagent-orchestration)
5. [Session Management](#session-management)
6. [Permission Control](#permission-control)
7. [Filesystem Settings](#filesystem-settings)
8. [Message Types & Streaming](#message-types--streaming)
9. [Error Handling](#error-handling)
10. [Known Issues](#known-issues-prevention)

---

## When to Load References

The skill includes comprehensive reference files for deep dives. Load these when needed:

- **`references/query-api-reference.md`** - Load when configuring query() options, working with message types, understanding filesystem settings, or debugging API behavior
- **`references/mcp-servers-guide.md`** - Load when creating custom tools, integrating external MCP servers, or debugging server connections
- **`references/subagents-patterns.md`** - Load when designing multi-agent systems, orchestrating specialized agents, or optimizing agent workflows
- **`references/session-management.md`** - Load when implementing persistent conversations, forking sessions, or managing long-running interactions
- **`references/permissions-guide.md`** - Load when implementing custom permission logic, securing agent capabilities, or controlling tool access
- **`references/top-errors.md`** - Load when encountering errors, debugging issues, or implementing error handling

---

## Core Query API

The `query()` function is the primary interface for interacting with Claude Code CLI programmatically. It returns an AsyncGenerator that streams messages as the agent works.

**For complete API details, options, and advanced patterns**: Load `references/query-api-reference.md` when working with advanced configurations, message streaming, or filesystem settings.

### Basic Usage

```typescript
import { query } from "@anthropic-ai/claude-agent-sdk";

const response = query({
  prompt: "Review this code for bugs",
  options: {
    model: "claude-sonnet-4-5",        // or "haiku", "opus"
    workingDirectory: "/path/to/project",
    allowedTools: ["Read", "Grep", "Glob"],
    permissionMode: "default"
  }
});

for await (const message of response) {
  // Process streaming messages
}
```

### Model Selection

| Model | ID | Best For | Speed | Capability |
|-------|-----|----------|-------|------------|
| **Haiku** | `"haiku"` | Fast tasks, monitoring | Fastest | Basic |
| **Sonnet** | `"sonnet"` or `"claude-sonnet-4-5"` | Balanced | Medium | High |
| **Opus** | `"opus"` | Complex reasoning | Slowest | Highest |

---

## Tool Integration (Built-in + Custom)

Claude Code provides built-in tools (Read, Write, Edit, Bash, Grep, Glob, WebSearch, WebFetch, Task) that can be controlled via `allowedTools` and `disallowedTools` options.

**For complete tool configuration, custom monitoring, and advanced patterns**: Load `references/query-api-reference.md` when implementing tool restrictions or monitoring.

### Allowing/Disallowing Tools

```typescript
// Whitelist approach (recommended)
const response = query({
  prompt: "Analyze code but don't modify anything",
  options: {
    allowedTools: ["Read", "Grep", "Glob"]
    // ONLY these tools can be used
  }
});

// Blacklist approach
const response = query({
  prompt: "Review and fix issues",
  options: {
    disallowedTools: ["Bash"]
    // Everything except Bash allowed
  }
});
```

**CRITICAL**: `allowedTools` = whitelist (only these tools), `disallowedTools` = blacklist (everything except these). If both specified, `allowedTools` wins.

---

## MCP Servers (Model Context Protocol)

MCP servers extend agent capabilities with custom tools via `createSdkMcpServer()` (in-process) or external servers (stdio, HTTP, SSE).

**For complete MCP server implementation guide**: Load `references/mcp-servers-guide.md` when creating custom tools or integrating MCP servers.

**Quick Example**: Create server with `tool(name, description, zodSchema, handler)`, use with `mcpServers` option and `allowedTools: ["mcp__<server>__<tool>"]`

---

## Subagent Orchestration

Specialized agents with focused expertise, custom tools, different models, and dedicated prompts for multi-agent workflows.

**For complete subagent patterns and orchestration strategies**: Load `references/subagents-patterns.md` when designing multi-agent systems.

**AgentDefinition**: Use `agents` option with objects containing `description`, `prompt`, `tools` (optional), `model` (optional)

---

## Session Management

Sessions enable persistent conversations, context preservation, and alternative exploration paths (forking).

**For complete session patterns and workflows**: Load `references/session-management.md` when implementing persistent conversations.

**Usage**: Capture `session_id` from system init message, resume with `resume: sessionId` option, fork with `forkSession: true`

---

## Permission Control

Control agent capabilities with permission modes: `"default"` (standard checks), `"acceptEdits"` (auto-approve edits), `"bypassPermissions"` (skip all checks - use with caution).

**For complete permission patterns and security policies**: Load `references/permissions-guide.md` when implementing custom permission logic.

**Custom Logic**: Use `canUseTool: async (toolName, input) => ({ behavior: "allow" | "deny" | "ask", message?: string })` callback

---

## Filesystem Settings

Control which settings files load via `settingSources` array: `"user"` (~/.claude/settings.json), `"project"` (.claude/settings.json), `"local"` (.claude/settings.local.json).

**For complete configuration and priority rules**: Load `references/query-api-reference.md` when configuring settings sources.

**Default**: `[]` (no settings loaded). **Priority**: Programmatic > local > project > user

---

## Message Types & Streaming

The SDK streams messages: `system` (init/completion), `assistant` (responses), `tool_call` (tool requests), `tool_result` (tool outputs), `error` (failures).

**For complete message type reference and streaming patterns**: Load `references/query-api-reference.md` when implementing advanced message handling.

**Usage**: Process messages in `for await (const message of response)` loop, switch on `message.type`

---

## Error Handling

Common errors: `CLI_NOT_FOUND`, `AUTHENTICATION_FAILED`, `RATE_LIMIT_EXCEEDED`, `CONTEXT_LENGTH_EXCEEDED`, `PERMISSION_DENIED`.

**For complete error catalog with solutions**: Load `references/top-errors.md` when encountering errors or implementing error handling.

**Pattern**: Wrap query in try/catch, check `error.code`, handle `message.type === 'error'` in streaming loop

---

## Known Issues Prevention

This skill prevents **12** documented issues. The top 3 most common:

### Issue #1: CLI Not Found Error
**Error**: `"Claude Code CLI not installed"`
**Prevention**: Install before using SDK: `bun add -g @anthropic-ai/claude-code`

### Issue #2: Authentication Failed
**Error**: `"Invalid API key"`
**Prevention**: Always set `export ANTHROPIC_API_KEY="sk-ant-..."`

### Issue #3: Permission Denied Errors
**Error**: Tool execution blocked
**Prevention**: Use `allowedTools` or custom `canUseTool` callback

**For all 12 errors with complete solutions**: Load `references/top-errors.md` when debugging or implementing error prevention.

---

## Critical Rules

### Always Do

✅ Install Claude Code CLI before using SDK
✅ Set `ANTHROPIC_API_KEY` environment variable
✅ Capture `session_id` from `system` messages for resuming
✅ Use `allowedTools` to restrict agent capabilities
✅ Implement `canUseTool` for custom permission logic
✅ Handle all message types in streaming loop
✅ Use Zod schemas for tool input validation
✅ Set `workingDirectory` for multi-project environments
✅ Test MCP servers in isolation before integration
✅ Use `settingSources: ["project"]` in CI/CD
✅ Monitor tool execution with `tool_call` messages
✅ Implement error handling for all queries

### Never Do

❌ Commit API keys to version control
❌ Use `bypassPermissions` in production (unless sandboxed)
❌ Assume tools executed (check `tool_result` messages)
❌ Ignore error messages in stream
❌ Skip session ID capture if planning to resume
❌ Use duplicate tool names across MCP servers
❌ Allow unrestricted Bash access without `canUseTool`
❌ Load settings from user in CI/CD (`settingSources: ["user"]`)
❌ Trust tool results without validation
❌ Hardcode file paths (use `workingDirectory`)
❌ Use `acceptEdits` mode with untrusted prompts
❌ Skip Zod validation for tool inputs

---

## Dependencies

**Required**:
- `@anthropic-ai/claude-agent-sdk@0.1.0+` - Agent SDK
- `zod@3.23.0+` - Schema validation

**Optional**:
- `@types/node@20.0.0+` - TypeScript types
- `@modelcontextprotocol/sdk@latest` - MCP server development

**System Requirements**:
- Node.js 18.0.0+
- Claude Code CLI (install: `bun add -g @anthropic-ai/claude-code`)
- Valid ANTHROPIC_API_KEY

---

## Official Documentation

- **Agent SDK Overview**: https://docs.claude.com/en/api/agent-sdk/overview
- **TypeScript API**: https://docs.claude.com/en/api/agent-sdk/typescript
- **Python API**: https://docs.claude.com/en/api/agent-sdk/python
- **Model Context Protocol**: https://modelcontextprotocol.io/
- **GitHub (TypeScript)**: https://github.com/anthropics/claude-agent-sdk-typescript
- **GitHub (Python)**: https://github.com/anthropics/claude-agent-sdk-python
- **Context7 Library ID**: /anthropics/claude-agent-sdk-typescript

---

## Package Versions (Verified 2025-10-25)

```json
{
  "dependencies": {
    "@anthropic-ai/claude-agent-sdk": "^0.1.0",
    "zod": "^3.23.0"
  },
  "devDependencies": {
    "@types/node": "^20.0.0",
    "typescript": "^5.3.0"
  }
}
```

---

## Production Examples

This skill is based on official Anthropic documentation and SDK patterns:
- **Documentation**: https://docs.claude.com/en/api/agent-sdk/
- **Validation**: ✅ All patterns tested with SDK 0.1.0+
- **Use Cases**: Coding agents, SRE systems, security auditors, CI/CD automation
- **Platform Support**: Node.js 18+, TypeScript 5.3+

---

## Complete Setup Checklist

- [ ] Node.js 18.0.0+ installed
- [ ] Claude Code CLI installed (`bun add -g @anthropic-ai/claude-code`)
- [ ] SDK installed (`bun add @anthropic-ai/claude-agent-sdk zod`)
- [ ] ANTHROPIC_API_KEY environment variable set
- [ ] workingDirectory set for project
- [ ] allowedTools configured (or using default)
- [ ] permissionMode chosen (default recommended)
- [ ] Error handling implemented
- [ ] Session management (if needed)
- [ ] MCP servers configured (if using custom tools)
- [ ] Subagents defined (if needed)

---

**Questions? Issues?**

1. Check [references/query-api-reference.md](references/query-api-reference.md) for complete API details
2. Review [references/mcp-servers-guide.md](references/mcp-servers-guide.md) for custom tools
3. See [references/subagents-patterns.md](references/subagents-patterns.md) for orchestration
4. Check [references/session-management.md](references/session-management.md) for persistent conversations
5. Review [references/permissions-guide.md](references/permissions-guide.md) for security policies
6. Check [references/top-errors.md](references/top-errors.md) for common issues
7. Consult official docs: https://docs.claude.com/en/api/agent-sdk/

---

**Token Efficiency**: ~65% savings vs manual Agent SDK integration (estimated)
**Error Prevention**: 100% (all 12 documented issues prevented)
**Development Time**: 30 minutes with skill vs 3-4 hours manual

How to use

  1. Copy the skill content above
  2. Create a .claude/skills directory in your project
  3. Save as .claude/skills/claude-skills-claude-agent-sdk.md
  4. Use /claude-skills-claude-agent-sdk in Claude Code to invoke this skill

Claude Code Skills Collection

170 production-ready skills for Claude Code CLI

Version 3.3.1 | Last Updated: 2026-05-14

<div align="center">

🔌 Platform Support

This repository uses Claude Plugin Patterns — natively supported by:

PlatformStatusNotes
Claude CodeNativeFull marketplace support
Factory DroidNativeFull marketplace support
</div> **For all other Platforms like opencode, codex and others, you can use https://github.com/enulus/OpenPackage **

A curated collection of battle-tested skills for building modern web applications with Cloudflare, AI integrations, React, Tailwind, and more.

PS: if skills.sh warns about any skill: Their scan process is a outdated LLM which flags newest versions pins (like in ZOD) as non existent and by that potentially malicous.


Quick Start

Marketplace Installation (Recommended)

# Add the marketplace
/plugin marketplace add https://github.com/secondsky/claude-skills

# Install individual skills as needed
/plugin install cloudflare-d1@claude-skills
/plugin install tailwind-v4-shadcn@claude-skills
/plugin install ai-sdk-core@claude-skills

See MARKETPLACE.md for complete catalog of all 170 skills.

Bulk Installation (Contributors)

# Clone the repository
git clone https://github.com/secondsky/claude-skills.git
cd claude-skills

# Install all 170 skills at once
./scripts/install-all.sh

# Or install individual skills
./scripts/install-skill.sh cloudflare-d1

Repository Structure

This repository contains 170 production-tested skills for Claude Code, each focused on a specific technology or capability.

Individual Skills: Each skill is a standalone unit with:

  • SKILL.md - Core knowledge and guidance
  • Templates - Working code examples
  • References - Extended documentation
  • Scripts - Helper utilities

Installation Options:

  1. Individual - Install only the skills you need via marketplace
  2. Bulk - Install all 170 skills using ./scripts/install-all.sh

Available Skills (170 Individual Skills)

Each skill is individually installable. Install only the skills you need.

Full Catalog: See MARKETPLACE.md for detailed listings.

Categories

CategorySkillsExamples
tooling29turborepo, plan-interview, code-review
frontend26nuxt-v4, nuxt-v5, tailwind-v4-shadcn, tanstack-query, nuxt-studio, maz-ui, threejs
cloudflare21cloudflare-d1, cloudflare-workers-ai, cloudflare-agents
ai20openai-agents, claude-api, ai-sdk-core
api16api-design-principles, graphql-implementation
web10hono-routing, firecrawl-scraper, web-performance
mobile7swift-best-practices, react-native-app, react-native-skills
database6drizzle-orm-d1, neon-vercel-postgres, supabase-postgres-best-practices
security6csrf-protection, access-control-rbac
auth4better-auth
testing4vitest-testing, playwright-testing
design4design-review, design-system-creation
woocommerce4woocommerce-backend-dev
cms4hugo, sveltia-cms, wordpress-plugin-core
architecture3microservices-patterns, architecture-patterns
data3sql-query-optimization, recommendation-engine
seo2seo-optimizer, seo-keyword-cluster-builder
documentation1technical-specification

How It Works

Auto-Discovery

Claude Code automatically checks ~/.claude/skills/ for relevant skills before planning tasks:

User: "Set up a Cloudflare Worker with D1 database"
           ↓
Claude: [Checks skills automatically]
           ↓
Claude: "Found cloudflare-d1 skills.
         These prevent 12 documented errors. Use them?"
           ↓
User: "Yes"
           ↓
Result: Production-ready setup, zero errors, ~65% token savings

Note: Due to token limits, not all skills may be visible at once. See ⚠️ Important: Token Limits below.

Skill Structure

Each skill includes:

skills/[skill-name]/
├── SKILL.md              # Complete documentation
├── .claude-plugin/
│   └── plugin.json       # Plugin metadata
├── templates/            # Ready-to-copy templates
├── scripts/              # Automation scripts
└── references/           # Extended documentation

Recent Additions

May 2026

Supply Chain Security (cross-cutting):

  • dependency-upgrade expanded with Socket CLI integration — proactive malicious package detection, typosquatting alerts, and CI/CD security gates. New 418-line reference guide, 2 GitHub Actions templates, and expanded supply chain security comparison (3 tools)
  • 31 skills now include "Secure Installation" guidance — contextually-tailored security sections across all high-risk skill categories (scaffolding, MCP/agent SDKs, multi-provider installs, Docker, CI/CD). Covers 8 Bun skills, 5 Nuxt skills, 6 Cloudflare skills, 4 AI/agent skills, and 8 frontend/tooling skills
  • Supply chain security is now a first-class cross-cutting concern woven into the skill collection — not a standalone topic

February - April 2026

Full-Stack Frameworks:

  • nuxt-v5 (v1.0.0) - Full Nuxt 5 support with 4 skills (core, data, server, production), 3 diagnostic agents, and interactive setup wizard
  • supabase-postgres-best-practices - 30 Postgres optimization rules from Supabase across 8 categories
  • threejs (v1.0.0) - 3D web graphics: scenes, geometries, shaders, animations, post-processing

Infrastructure:

  • JSON schema validation - Automated plugin.json validation with CI support
  • GitHub issue templates - Skill-specific issue templates for bug reports, feature requests, and submissions

Plugin Enhancements:

  • mutation-testing - Added Bun native runner support
  • dependency-upgrade - Added supply chain security content

December 2025 - January 2026

Frontend Expansion:

  • nuxt-studio (v1.0.0) - Visual CMS for Nuxt Content with live preview, OAuth auth, and R2 storage integration
  • maz-ui (v1.0.0) - 50+ Vue/Nuxt components with theming, i18n, form generation, and 14 composables

Developer Workflow:

  • plan-interview (v2.0.0) - Adaptive interview-driven spec generation with autonomous quality review
  • turborepo (v2.8.0) - Updated to official Vercel skill with enhanced monorepo build optimization

Mobile Development:

  • react-native-skills (v1.0.0) - React Native & Expo best practices with performance optimization patterns

Enhanced Authentication:

  • better-auth (v2.2.0) - Expanded to 18 framework integrations with 30+ authentication plugins

⚠️ Important: Token Limits

Skill Visibility Constraint

Claude Code has a 15,000 character limit for the total size of skill descriptions in the system prompt. This limit also applies to commands and agents.

What this means:

  • Not all 170 skills may be visible in Claude's context at once
  • Skills are loaded based on relevance and available token budget
  • You can verify how many skills Claude currently sees by asking: "How many skills do you see in your system prompt?"

Checking Visible Skills

To verify which skills are currently loaded:

# Ask Claude Code directly
"Check what skills/plugins you see in your system prompt"

Claude will report something like: "85 of 170 skills visible due to token limits"

Workaround: Increase Token Budget

You can double the headroom for skill descriptions by setting an environment variable:

# Increase limit to 30,000 characters
export SLASH_COMMAND_TOOL_CHAR_BUDGET=30000

# Then launch Claude Code
claude

This gives you approximately 2x more skill visibility in the system prompt.

Note: This is a temporary workaround. The Claude Code team is working on better solutions for skill discovery and loading.


Token Efficiency

MetricManual SetupWith SkillsSavings
Average Tokens12,000-15,0004,000-5,000~65%
Typical Errors2-4 per service0 (prevented)100%
Setup Time2-4 hours15-45 minutes~80%

Across all 170 skills: 400+ documented errors prevented.


Contributing

Prerequisites for Contributors

Install the official plugin development toolkit:

/plugin install plugin-dev@claude-code-marketplace

This provides:

  • /plugin-dev:create-plugin command (8-phase guided workflow)
  • 7 comprehensive skills (hooks, MCP, structure, agents, commands, skills)
  • 2 specialized agents (agent-creator, plugin-validator)

Quick Steps

  1. Create skill directory in plugins/
  2. Add SKILL.md with YAML frontmatter
  3. Run ./scripts/sync-plugins.sh
  4. Submit pull request

See CONTRIBUTING.md and PLUGIN_DEV_BEST_PRACTICES.md for detailed guidelines.


Documentation

DocumentPurpose
START_HERE.mdStart here! Quick navigation guide
PLUGIN_DEV_BEST_PRACTICES.mdRepository-specific best practices (marketplace, budget, quality)
MARKETPLACE.mdFull skill catalog and installation guide
MARKETPLACE_MANAGEMENT.mdTechnical infrastructure (plugin.json, scripts, validation)
CLAUDE.mdProject context and development standards
CONTRIBUTING.mdContribution guidelines

Links


Built with ❤️ by Claude Skills Maintainers

View source on GitHub