Claude Code is an agentic coding CLI from Anthropic. It runs inside your terminal, reads your repository, edits files, runs tests, explains code, and automates routine engineering tasks. Use this cheat sheet as a practical reference for daily development in 2026: setup, prompts, slash commands, permissions, memory files, automation, and safe workflows.
1. Installation and First Run
Install Claude Code globally, then start it from the root of a Git repository. Always begin in a clean working tree when you want easy review and rollback.
# Install the Claude Code CLI
npm install -g @anthropic-ai/claude-code
# Move into your project
cd ~/work/my-service
# Start an interactive Claude Code session
claude
# Check available CLI options
claude --helpOn first launch, authenticate with your Anthropic account or supported enterprise login. After login, Claude Code can inspect files, propose edits, run commands, and help with Git workflows.
2. Core Daily Commands
The fastest way to use Claude Code is to ask for outcome-based tasks. Be explicit about scope, constraints, and validation.
# Open the interactive coding assistant
claude
# Ask a one-off question and print the answer
claude -p "Explain the authentication flow in this repository"
# Ask Claude to make a focused change
claude -p "Add input validation to the signup endpoint and update related tests"
# Use Claude in a script-friendly flow
claude -p "Summarize this diff" --output-format text3. Essential Slash Commands
Inside an interactive Claude Code session, slash commands control context, configuration, and workflow.
/help Show available commands
/init Create or update project instructions, often CLAUDE.md
/clear Clear the current conversation context
/compact Summarize and compress long context
/config View or change configuration
/cost Show token and usage cost information
/model Select or inspect the active model
/permissions Review or adjust tool permissions
/review Review code changes
/doctor Diagnose installation, auth, or environment issues4. High-Signal Prompt Patterns
Good prompts reduce back-and-forth. Tell Claude what to change, what not to touch, and how to prove the work is complete.
Feature Implementation
Implement password reset for the existing auth module.
Constraints:
- Reuse the current email service.
- Do not change database table names.
- Add unit tests and one integration test.
- Run the relevant test suite before finishing.
- Show a concise summary of changed files.Bug Fixing
Find and fix the bug causing duplicate invoice emails.
Start by reading the billing job and email dispatch code.
Then explain the root cause.
Make the smallest safe change.
Add a regression test that fails before the fix.Code Review
Review this branch for correctness, security, performance, and maintainability.
Focus on high-impact issues only.
For each issue, include file path, line context, risk, and suggested fix.5. Project Memory with CLAUDE.md
CLAUDE.md is the project instruction file. Use it to document architecture, commands, style rules, and safety constraints. Keep it short and current.
# Project Instructions for Claude
## Build and test
- Install dependencies: `npm ci`
- Run tests: `npm test`
- Run lint: `npm run lint`
- Type-check: `npm run typecheck`
## Architecture
- API routes live in `src/routes`.
- Business logic lives in `src/services`.
- Database access goes through `src/repositories`.
## Rules
- Do not edit generated files in `src/generated`.
- Prefer small, focused commits.
- Add tests for behavior changes.
- Never log secrets, tokens, or PII.Run /init to generate a starter file, then edit it like normal source code. Treat it as shared engineering documentation.
6. Permissions and Safe Tool Use
Claude Code can run shell commands and edit files. That power is useful, but production teams should set clear boundaries. Prefer allowlists for routine commands and explicit approval for destructive actions.
{
"permissions": {
"allow": [
"Bash(npm test)",
"Bash(npm run lint)",
"Bash(npm run typecheck)",
"Edit(src/**)",
"Read(**)"
],
"deny": [
"Bash(rm -rf /**)",
"Bash(git push --force*)",
"Edit(.env*)",
"Edit(secrets/**)"
]
}
}For sensitive repositories, require manual approval for network calls, deployment commands, migration execution, and any command that changes remote state.
7. Common Engineering Workflows
Understand an Unknown Codebase
Map this repository.
Return:
1. Main entry points
2. Core modules
3. Data flow
4. External services
5. Test strategy
6. Risks or confusing areasRefactor Safely
Refactor the payment calculation logic for readability.
Do not change behavior.
First identify current tests.
Add characterization tests if coverage is weak.
Then refactor in small steps and run tests.Generate Tests
Add tests for src/services/pricing.ts.
Cover normal cases, edge cases, invalid input, and rounding behavior.
Use the existing test style.
Do not introduce new test libraries.8. Automation and CI Usage
Use print mode for non-interactive tasks such as summarizing diffs, generating release notes, or checking migration risk. Keep automation read-only unless your team has strong review controls.
# Summarize current changes for a pull request
git diff --staged | claude -p "Write a concise PR summary and test plan"
# Ask for risk analysis before merging
git diff main...HEAD | claude -p "Identify risky changes and missing tests"
# Generate release notes from commits
git log --oneline v2.3.0..HEAD | claude -p "Draft user-facing release notes"9. Custom Slash Commands
Teams can standardize repeated prompts with custom commands. Store them in a repository-level commands directory so everyone uses the same workflow.
.claude/
commands/
pr-review.md
write-tests.md
security-check.md# .claude/commands/security-check.md
Review the current diff for security issues.
Focus on:
- Authentication and authorization
- Injection risks
- Secret exposure
- Unsafe deserialization
- Logging of sensitive data
Return only actionable findings with severity and fix guidance.10. Practical Best Practices
Use Claude Code like a senior pair programmer, not an autopilot. Give it context, inspect its changes, and run the tests yourself when risk is high.
# Recommended loop
claude # ask for a focused change
git diff # inspect edits
npm test # validate behavior
npm run lint # validate style
git add .
git commit -m "Add validation for signup input"Rules of Thumb
Keep tasks small. Ask for a plan before large edits. Require tests for behavior changes. Never allow secret file edits. Do not let the CLI deploy to production without human approval. Refresh context with /clear between unrelated tasks. Use /compact when a long session becomes noisy.
Final Takeaway
Claude Code is most effective when your repository has clear tests, scripts, documentation, and guardrails. In 2026, the winning workflow is simple: document project rules in CLAUDE.md, prompt with precise outcomes, restrict dangerous tools, review every diff, and let Claude handle the repetitive coding work while engineers own design and judgment.