Claude Code CLI Guide: Install, Configure, and Use in 2026

Posted: April 14, 2026 to Technology.

Claude Code is Anthropic's official command-line interface that brings Claude AI directly into your terminal as an agentic coding assistant. It reads your entire codebase, writes and edits code across multiple files, runs terminal commands, manages Git operations, and connects to external tools through the Model Context Protocol (MCP). For developers who live in the terminal, it is the most capable AI coding tool available as of 2026.

At Petronella Technology Group, we run Claude Code across our entire engineering and cybersecurity practice. This guide covers the full feature set as of April 2026, including the skills system, hooks, subagents, worktrees, MCP servers, and how to configure Claude Code effectively for real production workflows. If you have used earlier tutorials that feel out of date, this is the one to read now.

What Claude Code Is

Claude Code is not a chat interface with a code block. It is a fully agentic tool that runs autonomously in your terminal, reading files, making edits, running shell commands, committing to Git, and calling external APIs. You give it a goal; it figures out how to accomplish it across whatever files and tools are needed.

The key properties that distinguish Claude Code from other AI coding tools:

Full codebase awareness: Claude Code reads your project files on request. It does not rely on an embedding index or a context window limited to what you paste. It can read dozens of files within a single task.
Git-native: Claude Code understands Git state, branch history, diffs, and commit messages. It follows your project's commit conventions and will not skip pre-commit hooks unless you explicitly instruct it to.
Tool-calling by design: Every operation Claude Code performs (reading a file, running a command, editing code) happens through explicit tool calls that you can see and audit. You know what it did and why.
MCP-extensible: Any MCP server you configure appears as additional tools. This covers database queries, web search, API calls, Kubernetes, Stripe, Ahrefs, Playwright, and anything else with an MCP server.
Long context: Opus 4.7 supports a 1 million token context window. For large codebases, this means Claude Code can hold your entire project in context when needed.

Installation and First Run

Claude Code requires Node.js 18 or later. Install it globally:

npm install -g @anthropic-ai/claude-code

Once installed, run:

claude

On first run, Claude Code prompts you to authenticate with your Anthropic account or API key. If you have an API key, you can set it in your environment before launching:

export ANTHROPIC_API_KEY=sk-ant-...
claude

Claude Code opens an interactive session in your current directory. It reads your CLAUDE.md file if one exists. Type your first task and press Enter. You can also pass a task directly from the command line for non-interactive use:

claude -p "Write unit tests for all functions in src/utils.py"

System requirements: macOS 10.15+, Linux (most distributions), Windows via WSL2. Direct Windows support is available through the desktop app (see below).

Models: Opus 4.7, Sonnet 4.6, Haiku 4.5

As of 2026, Claude Code supports three model tiers. The choice matters for cost, speed, and capability on complex reasoning tasks.

Claude Opus 4.7 (claude-opus-4-7)

Opus 4.7 is Anthropic's most capable model and the default for complex agentic tasks. It has a 1 million token context window, which means it can hold an entire large codebase in context simultaneously. Use Opus 4.7 when:

The task requires reasoning across many files simultaneously
You are doing architecture-level refactoring or security audits
The task has ambiguous requirements that need careful interpretation
You need the highest accuracy on code generation or transformation

Opus 4.7 is more expensive per token. For tasks where you send the same context many times (iterative editing, repeated reviews), prompt caching significantly reduces effective cost.

Claude Sonnet 4.6 (claude-sonnet-4-6)

Sonnet 4.6 is the practical workhorse. It handles the vast majority of coding tasks well -- feature implementation, bug fixing, test writing, documentation -- at lower cost than Opus. If you are running Claude Code all day on routine development work, Sonnet 4.6 is the right default. It supports 200K token context.

Claude Haiku 4.5 (claude-haiku-4-5)

Haiku 4.5 is fast and inexpensive. Use it for tasks that do not require deep reasoning: simple file edits, boilerplate generation, quick lookups, or when you are dispatching many subagents in parallel and need to keep costs low. It supports 200K token context.

Switching Models

# Set model for the session via environment variable
export ANTHROPIC_MODEL=claude-sonnet-4-6
claude

# Or pass model flag directly
claude --model claude-haiku-4-5 -p "Add type hints to all functions in src/config.py"

You can also set a default model in settings.json (covered below) so you do not have to specify it each time.

Where Claude Code Runs

Claude Code is available in several interfaces beyond the terminal:

Terminal CLI: The core claude command. Works over SSH, in tmux, in CI pipelines, anywhere you have a shell.
VS Code extension: Installs as an extension that adds a Claude Code panel to VS Code. You can interact with Claude Code while viewing your editor, and it applies changes directly to files open in the editor.
JetBrains plugin: Available for IntelliJ IDEA, PyCharm, WebStorm, and other JetBrains IDEs. Provides the same agentic capabilities with JetBrains-native UI integration.
Claude.ai web app: The browser-based interface at claude.ai includes Claude Code capabilities for users on Pro and higher plans.
Desktop apps: Native Mac and Windows apps that embed the Claude Code CLI with a GUI wrapper, removing the Node.js installation requirement for non-technical users.

The terminal CLI is the most capable interface because it has full access to your shell environment, Git, system commands, and the complete MCP server ecosystem. IDE extensions run within the editor's permission model, which limits some operations.

Slash Commands

Slash commands are built-in instructions you can invoke at any point in a Claude Code session. They provide quick access to common operations without writing out a full prompt.

Command	What it does
`/help`	Shows all available slash commands and keybindings
`/clear`	Clears the current context window, starting fresh while keeping your CLAUDE.md and settings
`/review`	Triggers a code review of recent changes, looking for bugs, security issues, and style problems
`/fresh`	Runs a fresh session start: reads current CLAUDE.md, checks project state, reports what it sees
`/fast`	Switches the session to a faster, lighter model for the next task
`/compact`	Compresses the current context to reduce token usage while preserving key information
`/status`	Shows current model, context usage, session cost so far, and active MCP connections

Skills (covered below) can also be invoked as slash commands once installed. For example, /deploy, /security-review, or /code-review are all skills invokable with a slash prefix.

CLAUDE.md Configuration

The CLAUDE.md file is what transforms Claude Code from a general AI assistant into a project-aware development partner. It is a markdown file at your repository root (and optionally in subdirectories) that Claude Code reads at the start of every session. Everything in CLAUDE.md becomes part of Claude Code's standing instructions for your project.

What to Include in CLAUDE.md

Project overview: What the project does, its architecture, and key design decisions
Code conventions: Naming patterns, file organization, import ordering, formatting rules
Build and test commands: How to build, test, lint, and deploy
Safety rules: Commands that should never be run, files that should never be edited, patterns to avoid
Infrastructure details: Database schemas, API endpoints, deployment targets
Team conventions: Commit message format, PR process, branch naming

Example CLAUDE.md for a Python Web Application

# CLAUDE.md

## Project
FastAPI application for inventory management. PostgreSQL database, Redis caching,
deployed on Kubernetes.

## Architecture
- `src/api/` - FastAPI route handlers
- `src/models/` - SQLAlchemy ORM models
- `src/services/` - Business logic layer
- `src/core/` - Config, database, dependencies

## Commands
- Test: `pytest tests/ -v`
- Lint: `ruff check src/`
- Format: `ruff format src/`
- Type check: `mypy src/`
- Run locally: `uvicorn src.main:app --reload`

## Rules
- All API endpoints must have type hints for request and response models
- NEVER commit secrets or API keys to the repo
- ALWAYS run the test suite before committing
- Commit message format: "type(scope): description" (conventional commits)
- NEVER skip pre-commit hooks with --no-verify

Hierarchical CLAUDE.md Files

You can place CLAUDE.md files in subdirectories. When Claude Code operates in a subdirectory, it reads both the root CLAUDE.md and any subdirectory CLAUDE.md files, merging the instructions. This is useful for monorepos where different packages have different conventions.

User-Level CLAUDE.md

A global CLAUDE.md at ~/.claude/CLAUDE.md applies to all projects. Use it for personal preferences (editor keybindings, commit message style, preferred test patterns) that should carry across every project you work on.

settings.json

Claude Code uses a settings.json file for configuration that goes beyond CLAUDE.md instructions. There are two levels:

User-level: ~/.claude/settings.json -- applies to all projects
Project-level: .claude/settings.json in your repo -- overrides user settings for that project

{
  "model": "claude-sonnet-4-6",
  "theme": "dark",
  "autoAcceptEdits": false,
  "verbose": false,
  "mcpServers": {
    "firecrawl": {
      "command": "npx",
      "args": ["-y", "@firecrawl/mcp"]
    }
  },
  "permissions": {
    "allow": [
      "Bash(git *)",
      "Bash(npm test)",
      "Bash(pytest *)",
      "Bash(ruff *)"
    ],
    "deny": [
      "Bash(rm -rf *)"
    ]
  }
}

The permissions section lets you pre-authorize or block specific tool calls so Claude Code does not prompt for approval on every safe operation. Glob patterns work: Bash(git *) allows all git commands, while Bash(git push --force *) would allow only force pushes (which you would not want in this list).

Status Line Customization

The Claude Code terminal status line (the line at the bottom of the interactive session) can be customized to show information relevant to your workflow. In settings.json:

{
  "statusLine": {
    "showModel": true,
    "showCost": true,
    "showTokens": true,
    "showMcpConnections": true
  }
}

Showing cost and token counts in real time is useful when you are iterating quickly and want to know when a session is getting expensive or when the context window is filling up.

Hooks System

Hooks are shell commands or scripts that Claude Code executes automatically at specific points in a session or tool-call lifecycle. They give you automation that runs without any prompt -- for example, running linters before every file save, notifying a Slack channel when a session ends, or blocking certain operations based on custom logic.

Hooks are configured in settings.json under the hooks key:

{
  "hooks": {
    "SessionStart": [
      {
        "matcher": "",
        "hooks": [
          {
            "type": "command",
            "command": "echo 'Session started on $(hostname) at $(date)' >> ~/.claude/session.log"
          }
        ]
      }
    ],
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [
          {
            "type": "command",
            "command": "echo 'Running bash command' >> ~/.claude/tool.log"
          }
        ]
      }
    ],
    "PostToolUse": [
      {
        "matcher": "Edit",
        "hooks": [
          {
            "type": "command",
            "command": "ruff check --fix $CLAUDE_TOOL_RESULT_FILE 2>/dev/null || true"
          }
        ]
      }
    ],
    "UserPromptSubmit": [
      {
        "matcher": "",
        "hooks": [
          {
            "type": "command",
            "command": "date >> ~/.claude/prompt-times.log"
          }
        ]
      }
    ]
  }
}

Hook Event Types

SessionStart: Fires when Claude Code starts a new session. Good for environment checks, loading project state, or sending notifications.
PreToolUse: Fires before any tool call. You can use the matcher field to target specific tools (e.g., only run before Bash calls). If a PreToolUse hook exits with a non-zero status, Claude Code blocks the tool call.
PostToolUse: Fires after a tool call completes. Useful for follow-up actions like running a linter after a file edit, or logging tool output.
UserPromptSubmit: Fires when you submit a prompt but before Claude Code processes it. Can be used to log prompts, inject additional context, or pre-validate requests.

Practical Hook Examples

Auto-lint after file edits:

{
  "hooks": {
    "PostToolUse": [
      {
        "matcher": "Edit|Write",
        "hooks": [{"type": "command", "command": "cd $CLAUDE_PROJECT_ROOT && ruff check --fix . 2>/dev/null; mypy src/ 2>/dev/null || true"}]
      }
    ]
  }
}

Block pushes to main (safety guard):

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [{"type": "command", "command": "if echo \"$CLAUDE_TOOL_INPUT\" | grep -q 'push.*main\\|push.*master'; then echo 'Direct push to main blocked' >&2; exit 1; fi"}]
      }
    ]
  }
}

Skills

Skills are reusable, shareable instruction sets that extend what Claude Code can do. A skill is a markdown file (stored in ~/.claude/skills/ or your project's .claude/skills/ directory) that Claude Code loads on demand. Skills can define a new slash command, a specialized workflow, or a domain-specific capability.

Using a Skill

You invoke a skill using the Skill tool or as a slash command:

# As a slash command
/deploy

# Via the Skill tool in a prompt
Use the /security-review skill on this diff

Skills are triggered by name. When you type /deploy, Claude Code finds the corresponding skill file and follows its instructions for the current task.

Writing a Skill

A skill file is a markdown file with a description and instructions. Here is an example security review skill:

# security-review

Review the provided code or diff for security vulnerabilities.

## What to check
- Injection: SQL, command, LDAP, XPath
- Authentication and authorization gaps
- Hardcoded credentials or secrets
- Insecure deserialization
- Missing input validation
- OWASP Top 10 patterns

## Output format
List each finding with: severity (Critical/High/Medium/Low), file and line,
description of the issue, and a specific remediation suggestion.

## Rules
- Do not suggest changes unrelated to security
- Flag hardcoded keys immediately as Critical regardless of context

Save this as ~/.claude/skills/security-review.md and it is available in every Claude Code session as /security-review.

Project-Level Skills

Skills in .claude/skills/ within your repo are project-specific. Anyone who clones the repo gets the same skills, enforcing consistent workflows across the team. This is how you standardize code review criteria, deployment checklists, or testing requirements across multiple developers.

MCP Servers

The Model Context Protocol (MCP) is an open standard for connecting AI models to external data sources and tools. Claude Code supports MCP natively. Each MCP server you configure appears as additional tools Claude Code can call during a task.

Adding an MCP Server

Add MCP servers in settings.json under the mcpServers key:

{
  "mcpServers": {
    "postgresql": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-postgres", "postgresql://localhost/mydb"]
    },
    "playwright": {
      "command": "npx",
      "args": ["-y", "@playwright/mcp"]
    },
    "github": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-github"],
      "env": {
        "GITHUB_TOKEN": "${GITHUB_TOKEN}"
      }
    }
  }
}

After adding servers, restart Claude Code. Run /status to confirm they connected.

Commonly Useful MCP Servers

PostgreSQL / SQLite: Query your database directly during a task without leaving Claude Code
Playwright / Puppeteer: Browser automation for testing, scraping, or checking deployed pages
GitHub: Read issues, PRs, and repository metadata; create comments and labels
Firecrawl: Web scraping and crawling with structured output
Tavily: Web search with LLM-optimized result summaries
Filesystem: Extended filesystem operations beyond Claude Code's built-in file tools
Stripe: Query customers, subscriptions, and payment events during billing-related development
Kubernetes: Read pod states, logs, and deployments without switching terminal windows

The MCP ecosystem grows continuously. The Claude Code documentation and the MCP community registry list available servers by category.

Subagents and Parallel Work

Subagents are the most powerful feature for large-scale tasks. When you dispatch a subagent, Claude Code spawns a new Claude Code instance that works on a specific subtask in parallel with other agents or the main session. You can run many subagents simultaneously.

When to Use Subagents

Rewriting many files at once (each agent handles a batch)
Running independent audits in parallel (security agent, performance agent, test coverage agent)
Generating content at scale (each subagent handles a different topic or page)
Multi-step pipelines where each step is independent of the others

How Subagents Work

The orchestrator Claude Code session uses the Agent tool to dispatch subtasks with specific instructions and context. Each subagent gets its own context window, can read files, make edits, and call tools. Results come back to the orchestrator when the subagent completes.

Orchestrator: "I need to audit all 50 service files in src/services/.
               Dispatch 5 subagents, each handling 10 files."

Subagent 1: Audits src/services/auth.py through src/services/billing.py
Subagent 2: Audits src/services/cache.py through src/services/database.py
...
Orchestrator: Collects results, synthesizes findings, writes summary report

Tasks that would take two hours sequentially finish in twenty minutes with parallel subagents. The cost scales with the number of agents, so use Haiku 4.5 for subagents on mechanical tasks and save Opus 4.7 for the orchestrator doing synthesis.

For a real-world example of complex multi-agent AI orchestration patterns, see our guide on OpenClaw and multi-agent AI systems.

Worktrees

Worktrees let you run multiple Claude Code sessions on different branches of the same repository simultaneously, with each session working in an isolated directory. This is the native solution for "I want to try two different approaches at the same time" or "I need to work on a hotfix while another agent builds the feature."

Setting Up a Worktree

# Create a new worktree on a new branch
git worktree add ../myproject-feature-auth feature/auth-refactor

# Open Claude Code in the worktree
cd ../myproject-feature-auth
claude

Each worktree directory is a fully functional working copy of the repo. Claude Code running in the worktree reads the files there, not the files in your main checkout. Changes in one worktree do not affect the other.

Worktrees with Subagents

The recommended pattern for large refactoring tasks is to create a worktree for each major change stream and dispatch a subagent into each:

git worktree add ../myproject-auth feature/auth
git worktree add ../myproject-perf feature/perf-improvements
git worktree add ../myproject-tests feature/test-coverage

Then dispatch subagents pointed at each worktree directory. The agents work in isolation. You merge the results through normal Git processes when each agent completes.

Permissions and Plan Mode

Claude Code has a layered permission system that determines what it can do without asking for confirmation.

Auto-Accept Mode

In auto-accept mode, Claude Code applies all edits and runs all allowed commands without prompting. Enable it with the --dangerously-skip-permissions flag or by setting permissions in settings.json. Use this in CI/CD pipelines where no human is present to approve actions, or in sandboxed environments where mistakes are cheap.

Plan Mode

Plan mode is the conservative opposite. Claude Code produces a full plan of what it intends to do -- every file it will edit, every command it will run -- and presents it to you for review before doing anything. You approve, reject, or modify the plan, then execution proceeds against your approved plan.

claude --plan

Plan mode is appropriate for production systems, security-sensitive repositories, or any task where you want to fully understand the scope of changes before committing to them.

Granular Permissions

The permissions.allow and permissions.deny lists in settings.json give you fine-grained control. You can allow all git commands but deny git push --force. You can allow all npm commands except npm publish. Denied patterns always take precedence over allowed ones.

Cost Management and Caching

Claude Code uses prompt caching to reduce token costs when the same context appears across multiple requests. Understanding how caching works helps you structure your sessions to minimize cost without reducing quality.

How Prompt Caching Works

When Claude Code sends a request, any prefix of the prompt that matches a recent cached version is served from cache at a significantly reduced price (roughly 90% cheaper than full tokens). Long, stable content -- your CLAUDE.md, large files read at session start, system prompts -- gets cached after the first read. Subsequent requests in the same session that include the same prefix hit the cache.

Structuring Sessions for Cache Efficiency

Keep CLAUDE.md stable: Edits to CLAUDE.md invalidate the cache prefix. Write it once, iterate carefully.
Read large files at session start: If you will reference a large file repeatedly, have Claude Code read it early. The cached copy is reused across later requests.
Avoid unnecessary context clears: /clear resets your context, which means you lose cache benefit on the next request. Only clear when you genuinely need a fresh start.
Batch related tasks: Multiple small tasks in one session share the cached context. Launching a new session for each small task burns cache re-warming costs each time.

Model Routing for Cost Control

Use Haiku 4.5 for subagents doing mechanical work (adding type hints, reformatting, generating boilerplate). Use Sonnet 4.6 as your daily driver for feature development and bug fixes. Reserve Opus 4.7 for high-stakes reasoning: security audits, architecture decisions, complex debugging.

Security Considerations

Claude Code has direct access to your filesystem, your shell, and any tools you have configured via MCP. That makes security hygiene important.

Auth Token Safety

Your Anthropic API key is stored in your shell environment or keychain. Never check it into a repository. Use ~/.config/anthropic/api-key.txt or a secrets manager rather than putting it in .env files that might get committed. Claude Code itself never logs or exfiltrates your API key, but your terminal history and environment exports can expose it.

File Access Scope

Claude Code can read any file your user account can read. In production environments, run Claude Code under a service account with the minimum filesystem access needed for the task. On developer workstations, be aware that Claude Code can read your SSH keys, ~/.aws/, and other sensitive directories if a task causes it to look there.

Git Safety Rules

The default CLAUDE.md templates and Claude Code's built-in safety rules include a key principle: never skip pre-commit hooks with --no-verify. Pre-commit hooks exist to catch secrets, malformed commits, and failing tests. If a hook fails, Claude Code investigates the cause rather than bypassing it.

Similarly, Claude Code will warn you before force-pushing to main or master. Force pushes on shared branches destroy history and are almost never correct. The right answer is almost always a revert commit or a merge strategy adjustment.

MCP Server Trust

MCP servers run as processes on your machine with the permissions of your user account. Before adding an MCP server from a third party, review what it does. A malicious MCP server could read files, exfiltrate data, or make unauthorized API calls. Stick to official Anthropic-maintained servers and well-audited community servers.

Teams and Shared Skills

For teams using Claude Code across multiple developers, the most valuable setup investment is a shared skills library and a standardized project CLAUDE.md.

Org-Wide Skills Distribution

Check your skills into a shared repository and have engineers add them to ~/.claude/skills/ as part of their onboarding. This means every developer on the team invokes the same /code-review, /security-review, and /deploy workflows. Consistent AI-assisted workflows produce more uniform code quality than each developer prompting ad hoc.

Project CLAUDE.md as the Source of Truth

The project CLAUDE.md checked into the repo is the single source of truth for how Claude Code should behave in that project. Any developer who clones the repo gets the same instructions. Update CLAUDE.md through normal code review -- treat it as part of the codebase, not a personal config file.

Permission Standardization

Use a project-level .claude/settings.json to enforce team-wide permission rules. For example: block direct pushes to main, require plan mode for production deploys, pre-authorize common safe commands so developers are not prompted repeatedly. Check this file into the repo alongside CLAUDE.md.

Claude Code vs Alternatives

The AI coding tool market has multiple strong options as of 2026. Here is an objective comparison of where each tool fits.

Claude Code vs Cursor

Cursor is an IDE built on VS Code with deep AI integration. It is the right choice if you prefer working primarily in a GUI editor with AI assistance woven into autocomplete, inline edit, and chat panels. Cursor excels at within-file editing and short-range multi-file changes.

Claude Code is stronger for tasks that cross many files simultaneously, require running arbitrary shell commands, orchestrate subagents in parallel, or need to integrate with custom tooling via MCP. Claude Code is not an IDE -- it is a terminal-first agentic tool. Many developers use both: Cursor for editor-level interaction, Claude Code for large-scale tasks.

Claude Code vs Aider

Aider is a well-established open-source AI coding assistant that runs in the terminal and supports multiple model backends (GPT-4, Claude, local models). It has a mature feature set and strong Git integration.

Claude Code is deeper on the Anthropic model stack, with native support for Anthropic's caching, extended thinking, and the full Claude feature set. Aider's multi-model flexibility is an advantage if you want to run local models or use multiple providers. If you are committed to Claude as your model provider, Claude Code's native integration produces better results.

Claude Code vs OpenAI Codex CLI

OpenAI's Codex CLI is the terminal-based equivalent from the OpenAI side. It integrates with GPT-4o and offers similar terminal-native agentic capabilities. The main differentiator is model quality: as of mid-2026, Claude's models generally outperform GPT-4o on complex multi-file reasoning and instruction following, though both are capable tools. If your organization is deeply integrated with the OpenAI ecosystem, Codex CLI slots in naturally. If not, Claude Code is the stronger starting point.

Claude Code vs Cline

Cline (formerly Claude Dev) is a VS Code extension that provides an agentic AI coding assistant within the editor, with support for multiple model backends including Claude. Cline is a good choice if you want Claude-powered agentic assistance integrated directly into VS Code without switching to a terminal session. Claude Code's native IDE extensions (VS Code and JetBrains) now cover much of the same ground with tighter Anthropic integration.

Claude Code vs GitHub Copilot CLI

GitHub Copilot CLI is focused on command-line assistance: explaining commands, suggesting commands from natural language, and translating between shell syntaxes. It is not a general-purpose agentic coding tool. If you need help with git, gh, and shell commands, Copilot CLI is useful. For writing, reviewing, and refactoring code across a codebase, Claude Code is the more appropriate tool.

Claude Code for Cybersecurity Workflows

Claude Code has specific capabilities that make it valuable for security-focused development and compliance work.

Security Code Auditing

Claude Code can perform targeted security audits across entire codebases. A typical audit prompt:

Audit this Flask application for OWASP Top 10 vulnerabilities. Check for
SQL injection, XSS, CSRF, broken authentication, security misconfiguration,
and insecure deserialization. Focus on the route handlers in app/views/ and
the authentication module in app/auth/.

Claude Code traces data flow from user input through processing to output, identifying points where unsanitized input reaches a dangerous sink. It understands framework-specific patterns: Django's ORM parameterizes queries but raw SQL does not; Flask's Jinja2 auto-escapes HTML in templates but |safe disables it.

Infrastructure Configuration Review

Review these Terraform files for security issues. Check IAM policies for
overly permissive access, S3 buckets for public access, security groups
for unrestricted ingress, and encryption settings for all data stores.

For organizations preparing for CMMC assessments or HIPAA compliance, Claude Code can cross-reference configurations against specific control requirements and identify gaps.

Compliance Documentation

Claude Code generates accurate compliance documentation because it reads the actual implementation rather than relying on what things are supposed to do:

Generate a System Security Plan section documenting our access control
implementation based on the IAM policies in terraform/iam/ and the
authentication code in src/auth/. Map to NIST 800-53 AC controls.

This reduces the gap between documented controls and implemented controls that auditors frequently find during assessments.

Pre-Commit Security Hooks

Write a pre-commit hook that checks for hardcoded credentials, API keys,
and secrets in staged files. Use patterns from our .gitignore and the list
of sensitive file patterns in security/patterns.txt.

Claude Code writes the hook script, makes it executable, and integrates it into .pre-commit-config.yaml if you are using pre-commit.

For more on AI in enterprise security and development contexts, see our related guides on Hermes AI agent architecture and AI consulting for businesses in the Raleigh area.

Getting Started

The fastest path from zero to productive with Claude Code:

Install: npm install -g @anthropic-ai/claude-code
Create a CLAUDE.md in your project root with your build commands, code conventions, and safety rules
Start with a bounded, low-risk task: writing tests for an existing function, or fixing a known bug. This lets you see how Claude Code reads your codebase before trusting it with larger changes.
Add one MCP server that connects to a tool you use daily (your database, GitHub, or a web search provider)
Write your first skill for a workflow you repeat often (code review, deploy checklist, security audit)
Configure hooks for your most common follow-up actions (linting after edits, logging session starts)

As you build familiarity, move to feature development, large-scale refactoring, and subagent orchestration for parallel tasks. The tool's effectiveness scales directly with how well you configure your CLAUDE.md and how precisely you state your goals in each prompt.

If your organization needs help adopting AI development tooling alongside cybersecurity and compliance requirements, Petronella Technology Group's AI consulting practice works with businesses in Raleigh and nationwide on exactly this. Our team holds CMMC-RP, CCNA, CWNE, and DFE credentials and uses Claude Code daily in our own security and infrastructure work. Call (919) 348-4912 or visit our AI services page for more details.

Craig Petronella is the CEO of Petronella Technology Group, a cybersecurity and IT infrastructure firm based in Raleigh, NC. His team holds CMMC-RP, CCNA, CWNE, and DFE #604180 certifications and uses Claude Code daily across security automation, infrastructure management, and AI development work.

Related Resources

Need help implementing these strategies? Our cybersecurity experts can assess your environment and build a tailored plan.

Get Free Assessment

Explore Our Services

Cybersecurity AI Services Compliance HIPAA CMMC Managed IT

About the Author

Craig Petronella

CEO, Founder & AI Architect, Petronella Technology Group

Craig Petronella founded Petronella Technology Group in 2002 and has spent more than 30 years working at the intersection of cybersecurity, AI, compliance, and digital forensics. He holds the CMMC Registered Practitioner credential (RP-1372) issued by the Cyber AB, is an NC Licensed Digital Forensics Examiner (License #604180-DFE), and completed MIT Professional Education programs in AI, Blockchain, and Cybersecurity. Craig also holds CompTIA Security+, CCNA, and Hyperledger certifications.

He is an Amazon #1 Best-Selling Author of 15+ books on cybersecurity and compliance, host of the Encrypted Ambition podcast (95+ episodes on Apple Podcasts, Spotify, and Amazon), and a cybersecurity keynote speaker with 200+ engagements at conferences, law firms, and corporate boardrooms. Craig serves as Contributing Editor for Cybersecurity at NC Triangle Attorney at Law Magazine and is a guest lecturer at NCCU School of Law. He has served as a digital forensics expert witness in federal and state court cases involving cybercrime, cryptocurrency fraud, SIM-swap attacks, and data breaches.

Under his leadership, Petronella Technology Group has served 2,500+ clients, maintained a zero-breach record among compliant clients, earned a BBB A+ rating every year since 2003, and been featured as a cybersecurity authority on CBS, ABC, NBC, FOX, and WRAL. The company leverages SOC 2 Type II certified platforms and specializes in AI implementation, managed cybersecurity, CMMC/HIPAA/SOC 2 compliance, and digital forensics for businesses across the United States.

CMMC-RP NC Licensed DFE MIT Certified CompTIA Security+ Expert Witness 15+ Books

Related Service

Enterprise IT Solutions & AI Integration

From AI implementation to cloud infrastructure, PTG helps businesses deploy technology securely and at scale.

Explore AI & IT Services

Free cybersecurity consultation available Schedule Now