What happens when you trace every system call two AI coding agents make while performing the same simple task? Developer Grit AI did exactly that, monitoring Claude Code and OpenAI's Codex at the operating system level to see how each tool actually behaves when writing code.
System calls (syscalls) are the lowest-level operations a program makes - file reads and writes, network requests, process creation, memory allocation. They reveal what software is actually doing regardless of what it claims to be doing. For AI coding agents that run on your machine and touch your files, this kind of audit matters.
Claude Code and Codex take fundamentally different architectural approaches. Claude Code runs interactively in your terminal, reading files, running commands, and asking for your input at decision points. Codex spins up sandboxed cloud containers for each task and presents finished results. Those design differences should produce very different syscall profiles - different numbers of file operations, different network patterns, different levels of local system access.
This kind of low-level analysis is increasingly relevant as coding agents gain more autonomy. When a tool has permission to read your codebase, execute shell commands, and modify files, knowing exactly what operations it performs isn't just interesting - it's a security and trust question. The gap between "this agent ran 50 file reads" and "this agent ran 5,000 file reads for the same task" tells you something important about efficiency, but also about what data the tool is accessing and why.
For anyone running AI coding agents on proprietary codebases, syscall tracing tools like strace (Linux) or dtruss (macOS) offer a way to verify that these tools are doing what you expect - nothing more, nothing less.