OCDevel Claude Code Podcast

Before you let Claude run unattended, you need three independent enforcement layers, because a prompt injection can change what the agent wants to do but never what the harness allows. This episode wires up the sandbox, the deny rules, and the audit trail into one locked-down headless run. Episode page & show notes Try a walking desk - stay healthy & sharp while you learn & code Act II continues. This is the gate you put up before you let Claude Code run unattended. We build three independent enforcement layers, because they fail differently, and you need all three. The three pillars Sandboxing. The native Bash sandbox (docs) enforced by the OS: Seatbelt on macOS, bubblewrap + socat on Linux/WSL2 (sudo apt-get install bubblewrap socat). Default write is the working dir only; default read is the whole computer except denied dirs, which still includes ~/.aws/credentials and ~/.ssh unless you add denyRead. Network has no domains pre-allowed; the proxy does not inspect TLS, so broad domains like github.com are exfil paths. Key knobs: failIfUnavailable, allowUnsandboxedCommands, excludedCommands, CLAUDE_CODE_SUBPROCESS_ENV_SCRUB. Permissions & modes. Evaluation is deny then ask then allow, first match wins (Permissions). dontAsk is the unattended gem (fully non-interactive). --dangerously-skip-permissions is the anti-pattern: it replaces the prompt with nothing and offers no injection protection (Permission modes). Watch the gitignore-anchor footgun: /Users/alice/file is project-relative, not absolute. Prompt-injection defense. The lethal trifecta (private data + untrusted content + exfil channel). The patched Claude Code GitHub Action attack (Microsoft, oddguan, GMO Flatt): the Read tool bypassed the Bash sandbox and leaked /proc/self/environ. Fixed in claude-code-action v1.0.94. Plus auto mode, Security, and PreToolUse hooks. Audit logs. On-disk JSONL transcripts (.claude directory, unencrypted at rest), headless --output-format json with total_cost_usd (headless), and OpenTelemetry emitting claude_code.tool_decision and claude_code.tool_result out of the box. We close with one copyable locked-down headless workflow and the primary pitfall: the silent success of --dangerously-skip-permissions. Forward pointer: blast-radius engineering, next episode. News: Fable 5 and Mythos 5 pulled under a US export-control directive; Claude Code falls back to Opus 4.8 (switch with /model). Plus the v2.1.172–2.1.176 changelog hardening: enforceAvailableModels, nested sub-agents to 5 levels, and fixed permission-path matching.

A code reviewer who wrote the code is the worst possible reviewer, so wire a cold-context critic against an Edit-capable fixer and an objective test gate. The one pitfall that breaks it: a fixer that games the gate by rewriting the tests instead of the bug. Episode page & show notes Try a walking desk - stay healthy & sharp while you learn & code Act II of the agentic coding ladder: the trust rung. We build a review-and-fix loop where one agent critiques a diff while another repairs it, with a human still approving the result. This is wired entirely out of primitives from earlier episodes: subagents, skills, slash commands, hooks, the orchestrator pattern, headless mode, the Agent SDK, git worktrees, and the @claude GitHub Action. The core idea: a reviewer who wrote the code is the worst reviewer. You want a generator, then a critic in a fresh cold context, then a fixer, then an objective gate. Concepts and sources: Building Effective Agents (evaluator-optimizer, iteration caps) Reflexion and Self-Refine LLMs Cannot Self-Correct Reasoning Yet (intrinsic self-correction degrades without an external anchor) Multi-agent research system (verify high-stakes outputs with a separate pass) Building it in Claude Code today: Custom subagents in the agents folder under dot-claude Code Review and security-review ultrareview cloud fleet Headless mode with json-schema findings Agent SDK for the multi-round loop GitHub Actions for the hosted version The pitfall: the fixer reward-hacks the test gate, documented in ImpossibleBench and EvilGenie. Bound it with tool separation, immutable tests, and a PreToolUse hook. News: Claude Fable 5 lands in Claude Code via v2.1.170, plus v2.1.169 safe mode and the /cd command.

Install the claude-code-action via /install-github-app, then @-mention Claude on any issue or PR to get a committed branch and a ready-to-click PR link. The biggest gotcha: fork PRs on public repos can't read your ANTHROPIC_API_KEY, so the workflow silently does nothing unless you use pull_request_target on the base branch or Workload Identity Federation. Episode page & show notes Try a walking desk - stay healthy & sharp while you learn & code This episode kicks off Act II: moving from power-user-at-the-keyboard toward supervised automation. A human still approves everything here. We set up the Claude Code GitHub Action so you can write @claude on an issue or pull request and have Claude read the repo, make changes, commit to a branch, and hand you a pre-filled PR link. Setup. Fastest path: run /install-github-app from inside the Claude Code CLI. It installs the Claude GitHub App, writes the workflow YAML under .github/workflows/, and creates the repo secrets. Needs repo admin, and works for direct Anthropic API users (cloud providers need manual config). Manual setup: install the App, add ANTHROPIC_API_KEY (or CLAUDE_CODE_OAUTH_TOKEN from claude setup-token for Pro/Max), and copy examples/claude.yml into your workflows folder. Triggers. Default phrase is @claude (word-boundary matched, so not @claude-bot). Default events: issue_comment, pull_request_review_comment, pull_request_review, and issues. Adding a prompt: input flips it into automation mode (runs without a mention). Permissions. Minimal block: contents: write, pull-requests: write, issues: write, id-token: write. Add actions: read for CI log access. Arbitrary Bash is off by default; enable specific commands via --allowedTools. Pitfalls. Fork PRs can't read secrets on public repos (prompt-injection defense). Fix with pull_request_target + checkout of the base branch, Workload Identity Federation, or a same-repo if: guard. Claude's own github-actions[bot] comments can't trigger another run (loop protection). Use a PAT/App token or workflow_run. Branch protection can reject direct pushes; allow claude[bot] to bypass or accept the create-branch-then-PR flow. Every mention is a full agent run on your key. Batch requests, cap with --max-turns. As of 2026-06-06, latest release is v1.0.140. v1.0 replaced v0.x's mode/direct_prompt/max_turns with prompt + claude_args. Builds on the prior Headless Claude Code episode: the Action is essentially headless Claude triggered by a GitHub event.

Take Claude Code out of the terminal and into your scripts. Print mode and structured JSON, the Claude Agent SDK in TypeScript and Python, chaining sessions, and the permission-and-cost discipline that keeps an unattended run from deleting your repo or running up an API bill once the June 15 billing change lands. Episode page & show notes Try a walking desk - stay healthy & sharp while you learn & code The Act II pivot from driving one Claude Code session by hand to calling it from a script: same agent, same loop, but you pre-decide what's allowed in code before the run ever starts. The tutorial. Print mode (claude -p) as a Unix citizen — piping stdin (and the 10MB cap), the --bare flag for deterministic CI runs, and structured output via --output-format json (the result, session_id, total_cost_usd, and subtype fields), stream-json with the init and api_retry events, and --json-schema for typed data instead of prose. The run-bounding flags — --max-turns, --max-budget-usd, --model/--fallback-model, --allowedTools/--permission-mode — and chaining turns with --resume/--session-id/--fork-session. Why a model refusal can't be caught from the exit code. Copyable patterns: a commit-message generator (and the space-before-* permission footgun), a stdin-fed typo linter that needs no Bash permission, and a locked-down CI run. Then the Claude Agent SDK (renamed from the Claude Code SDK in September 2025): query() and the options that mirror the CLI flags, custom in-process tools, the Python ClaudeSDKClient, hooks and subagents in code, and the can_use_tool permission callback. Full reference in the headless docs and the migration guide. The pitfalls. --dangerously-skip-permissions in an unattended run — how to recognize the silent-success failure, and the least-privilege allowlist that replaces it — and the June 15, 2026 billing change that moves Agent SDK and claude -p usage to a separate metered credit pool, plus how to watch total_cost_usd and bound it. News. Claude Code 2.1.166 (June 6): a fallbackModel setting (up to three), thinking-off controls, a "*" deny-all glob, and a cross-session permission-escalation fix; latest is 2.1.167 (changelog). 2.1.163 added additionalContext from Stop hooks, /plugin list, and version-pinning settings. And Claude Opus 4.1 is deprecated, retiring on the API August 5, 2026 (release notes). Earlier episodes referenced: CLAUDE.md and --resume, permissions and plan mode, custom slash commands and hooks, skills, subagents and the orchestrator pattern, MCP servers, cost and rate-limit engineering and evals, ultraplan/ultrareview, and parallel sessions with git worktrees.

Stop hand-wiring parallel sessions and let one Claude become the dispatcher: it spins up waves of subagents that work in parallel and report back. Your first session that runs a team instead of a task, plus how to keep the roughly fifteen-times token bill from running away with you. Episode page & show notes Try a walking desk - stay healthy & sharp while you learn & code The first rung of running a fleet instead of a session: promote one Claude Code session to a lead that dispatches waves of subagents, which work in parallel and report back. The tutorial. The orchestrator-worker pattern, drawn from Anthropic's multi-agent research system writeup (Opus lead plus Sonnet workers beat single-agent Opus by ~90%, at roughly 15x the tokens of a chat, with effort scaled to query complexity). How it maps onto Claude Code today: the Agent tool (renamed from Task in v2.1.63) spawns workers in their own context windows that return only a summary; the two-level limit (subagents can't spawn subagents, so "waves" are batches); foreground vs background workers and Ctrl+B. Writing a custom subagent in your project's agents folder, with the frontmatter that turns earlier episodes' cost levers into per-worker dials: model (Sonnet/Haiku workers under an Opus lead), maxTurns, effort, tools, skills, mcpServers, and isolation: worktree (the callback to last episode's worktrees). A worked fan-out migration: Explore to map files, partition by file ownership, complete delegation prompts, structured returns, and a synthesis-and-test stage, plus the packaged /batch skill (5-30 worktree subagents, a PR each). Where it scales next: agent teams and dynamic workflows. The pitfall: token blowup from over-orchestrating, with the blank-context worker, file collisions, and the lead losing the thread underneath it. How to recognize each on /usage and /context, and how to bound it. The rule: orchestrate for breadth and independence, stay single-agent for depth and coupling. News. Claude Code 2.1.162 (June 3): a waitingFor field in the agents JSON, Read deny rules now hide files from Glob/Grep, and Windows path-matching fixes (changelog). API changes June 2: no billing on zero-output refusals and a max_tokens cap on the advisor tool (release notes). Earlier episodes referenced: subagents, skills, CLAUDE.md, context windows, MCP servers, cost and rate-limit engineering, and parallel sessions with git worktrees.

The two highest-leverage habits in a single Claude Code session: make it interview you and plan the whole change in writing before it touches a file, then make it tear the diff apart, cold, before anything gets committed. Both are free, and they cover each other's blind spots. Episode page & show notes Try a walking desk - stay healthy & sharp while you learn & code The last big habit of driving one Claude Code session by hand well: front-load the thinking, then back-load the review. Two workflows, not commands, built from primitives you already have. Ultraplan. Plan mode as the substrate (shift-tab into the read-only state, the approval gate you can edit and send back), then the moves that turn it into a workflow: let Claude interview you to lock requirements before it guesses, write the plan to a file so it survives a context reset, and have it critique its own riskiest assumptions before you approve. Spend a large thinking budget where being wrong is costly, skip the ceremony on trivial changes, and remember thinking tokens bill as output (callback to the cost episode). Codify the ritual as a custom slash command with read-only allowed-tools. Sources: Claude Code common workflows, best practices, slash commands, and managing cost. Ultrareview. Review the diff, not your memory of watching it happen: git diff against main, automated gates first (typecheck, lint, tests, build), then human-and-model judgment on the logic and security bugs no check sees, the untenanted query and the secret in a log line. Use the built-in /security-review and the claude-code-security-review action (mind the prompt-injection caveat on fork PRs). Wire the mechanical floor into hooks so a failing typecheck can't be committed, and write the "before every commit" list into your CLAUDE.md. The pitfall: review theater. A session that wrote the code rubber-stamps its own work with vague praise and zero findings. Recognize it by the absence of specifics; fix it by reviewing the diff cold, in a cleared context or a subagent that never saw the code written, and by forcing a why-is-this-correct justification per change. That cold-diff reviewer is the doorway to the next episode's review-and-fix loop. News. Opus 4.8 fast mode reportedly got around 2.5x faster at roughly a third the old price (announcement); Claude Code 2.1.161 (June 2) now carries OpenTelemetry resource attributes through as labels and adds a done/total counter to the agents view (changelog); and a Strava MCP connector lands as the connector list keeps filling in. Earlier episodes referenced: permissions and plan mode, custom slash commands and hooks, skills, subagents, MCP servers, context windows and CLAUDE.md, cost and rate-limit engineering, and parallel sessions with git worktrees.

One repo, several Claudes, zero stepped-on edits. Learn to give each Claude Code session its own git worktree, an isolated working directory on its own branch, plus the port, dependency, and database collisions to dodge, and the rule for when fanning out actually beats one focused session. Episode page & show notes Try a walking desk - stay healthy & sharp while you learn & code The first rung of Act two: stop driving one Claude Code session by hand and start running several in parallel without them colliding. The mechanism is git worktrees, multiple working directories backed by one repository, each on its own branch. The tutorial. What a git worktree actually is (shared history and object store, but isolated working files, HEAD, and index) and the one rule underneath everything: a branch can only be checked out in one worktree at a time, so each parallel session needs its own branch. The small command surface (git worktree add, list, remove, prune) and the nesting trap that pollutes your main checkout. Then Claude Code's built-in worktree support: the --worktree/-w flag, where it puts worktrees and how it names branches, basing each off origin/HEAD, the worktree.baseRef setting, branching straight off a PR number, the workspace-trust gotcha, the .worktreeinclude file for carrying your gitignored .env across, and isolation: worktree for the subagents we built back in Act one. The three collisions you'll actually hit, dependencies, ports (and why PORT in .env.local is silently ignored by the Next.js dev server), and the database, plus integration by pull request and partitioning work by file ownership. Finally, when NOT to fan out: the review bottleneck (roughly four to eight worktrees per developer before you're the constraint), coordination overhead, and the per-session token cost, drawing on Anthropic's best practices and cost guidance. News. Claude Code 2.1.160 and 2.1.161 (June 2): parallel tool calls are now fault-isolated, the Dynamic Workflows trigger keyword changed from "workflow" to "ultracode," and claude mcp stops printing your secrets, per the changelog. And the June 15 billing change: programmatic usage (the Agent SDK, claude -p, Claude Code GitHub Actions) moves to a separate metered credit pool billed at API rates, while interactive Claude Code stays unaffected, via The New Stack. Earlier episodes referenced: subagents, skills, CLAUDE.md, context windows, and cost and rate-limit engineering.

The two skills most Claude Code power users skip: keeping token spend and rate limits predictable, and regression-testing the prompts, skills, and commands you depend on so they can't quietly get worse. What the cost command actually measures, the model and caching levers that really move the bill, reading your usage with ccusage and OpenTelemetry, and a small eval suite built on headless print mode and promptfoo. Episode page & show notes Try a walking desk - stay healthy & sharp while you learn & code The last rung of doing everything by hand: spend less, and keep what you've built from quietly getting worse. Cost and rate-limit engineering. Why the /cost command is meaningful only on a pay-as-you-go API key and misleading on a subscription (use /status and /usage instead), and the gotcha where a stray ANTHROPIC_API_KEY bills you through the API while your Max plan sits unused. The two stacked limit windows (the five-hour rolling window and the seven-day weekly caps, including the separate cap on the top model), drawn from Anthropic's usage and limits docs and the Pro/Max plan guide. Current per-token pricing and the clean five-times pattern (output is 5x input; each model tier is ~5x cheaper than the one above), prompt caching at a 90% read discount and why a stable CLAUDE.md keeps the cache hot, and the batch path at 50% off. Reading your real usage with ccusage and exporting OpenTelemetry metrics to a dashboard. The levers that move the bill most: /model, /compact and /clear, subagents that return summaries, --max-turns, and the thinking-budget setting (thinking tokens bill as output). More in Manage costs effectively. Evaluating your own prompts, skills, and agents. Why your setup drifts (model updates, CLAUDE.md edits, accumulating instructions) and how regressions stay silent. Building a tiny eval suite with headless print mode: a fixtures folder, a pinned model, and code-based checks (does it compile, do tests pass, does it contain the required clause) before reaching for an LLM-as-judge rubric. promptfoo for assertions and judging, Anthropic's evals guidance that code-based grading wins when feasible, and four ways evals lie to you: tiny overfit sets, judging style over correctness, eval cost, and non-determinism. News up top: Opus 4.8 as the new Claude Code default with extra-high effort and Dynamic Workflows (docs), and today's 2.1.160 write-guard prompts (changelog). Earlier episodes referenced: permissions and plan mode, custom slash commands, skills, subagents, MCP servers, and context windows.

Two hours into a session, Claude starts re-reading files and forgetting the conventions you set at the start. That's a full context window, not a smarter assistant. Learn to read the /context meter, when to /compact versus /clear, how to push noisy work into a subagent, and how to structure a multi-file CLAUDE.md hierarchy so the right instructions load at the right depth instead of silently eating your token budget. Episode page & show notes Try a walking desk - stay healthy & sharp while you learn & code The context window is the scarce resource Claude Code thinks inside of, and managing it turns out to be the same skill as managing your CLAUDE.md files. This episode covers both halves and the one idea underneath them: a fuller window is a slower, more forgetful, more expensive Claude, not a smarter one. Anthropic frames the whole craft in Effective context engineering for AI agents as finding the smallest set of high-signal tokens that does the job, and we build practical habits around that. First, the mechanics. What's already loaded before you type (system prompt, tools, skills, MCP servers, and your CLAUDE.md), and why long sessions degrade: context rot, the attention budget, the quadratic cost of attention, and lost in the middle. The context-window docs ship an interactive walkthrough and the load order we use throughout. Then the workflow. Reading the /context meter (including the autocompact buffer it reserves), /compact with focus instructions, what survives a compaction versus what silently vanishes, and the /clear-versus-/compact-versus-fresh-session decision rule. Plus offloading noisy work to a subagent (the docs' own example reads 6,100 tokens and returns 400), and quick memory with the # shortcut and /memory. Sources: Manage costs effectively. The second half is the memory hierarchy: managed policy, user, project, and local CLAUDE.md files, how they concatenate rather than override, and how Claude discovers them by walking up the directory tree at launch and loading nested subdirectory files on demand. We cover @-imports (and why they don't save context), the monorepo pattern with path-scoped rules in .claude/rules/, and what belongs in CLAUDE.md versus a skill or a hook. The pitfall: a bloated, stale CLAUDE.md silently eats your window on every turn and you can't see it in the terminal. How to catch it with /context and /memory, and how to fix it by moving instructions to where they load on demand. Earlier episodes referenced: subagents, skills, hooks, and MCP servers.

Wire external tools into Claude Code through the Model Context Protocol: a real browser, your Postgres database, your GitHub repos, your error tracker in production. We add a server from scratch, sort out the three config scopes and which file gets committed, and fix the mistake that quietly floods your context window and dulls the model. Episode page & show notes Try a walking desk - stay healthy & sharp while you learn & code A subagent keeps work out of your context; an MCP server does the opposite job, it reaches out of Claude Code to systems you didn't build. This episode is the rung where Claude Code stops being a smart thing in your terminal and starts touching your real database, a real browser, your GitHub repos, and your error tracker. We cover what the Model Context Protocol is (Anthropic's open "USB-C for AI," the N-by-M integration problem, the host/client/server roles, and the three things a server exposes: tools, resources, and prompts), plus the adoption wave through OpenAI, Google, and Microsoft. Then the hands-on part: the two transports you actually use (local stdio and remote HTTP, with SSE deprecated), the claude mcp add command and the load-bearing double-dash rule, and the three config scopes, local, project, and user, including which file gets committed to git and why project-scoped servers trigger an approval prompt. Worked examples a web dev wires up: the official Playwright browser server, a read-only Postgres/Supabase server, the remote GitHub server, Sentry over OAuth, and Context7 for live docs. We cover OAuth versus header auth and the environment-variable expansion pattern that keeps secrets out of a committed config. The pitfall gets real time: tool-surface bloat. Real numbers on how MCP tool definitions eat the context window (GitHub's server alone is ~17.6k tokens), how tool-selection accuracy collapses when the menu is too long, how to recognize it, and the deferred tool-loading fix that went GA in 2026. Plus the security half, Simon Willison's lethal trifecta and why least privilege and that approval prompt matter. Closing contrast: MCP adds capabilities, skills add knowledge, subagents add workers, hooks add guardrails. Docs: Claude Code MCP.

A subagent is a fresh Claude instance that does a noisy, self-contained job in its own context window and hands back only the summary. Learn to delegate codebase searches and code reviews, restrict each agent's tools and model, and avoid the blank-context pitfall that produces confident wrong answers. Episode page & show notes Try a walking desk - stay healthy & sharp while you learn & code A subagent is a fresh Claude instance that does a self-contained job in its own context window and hands back only a summary. This episode covers using them the Act I way: one-off delegation to keep your main session's context clean. Why isolation matters. The context window fills fast and Claude's performance degrades as it does. From Anthropic's context-window walkthrough: a research subagent read ~6,100 tokens of files and returned a 420-token result. The reading never touched your main thread. The best-practices guide calls subagents one of the most powerful tools available because context is your fundamental constraint. The Agent tool. As of Claude Code 2.1.63 the Task tool was renamed to Agent (old Task(...) references still work as aliases). Subagents cannot spawn other subagents, which is why the orchestrator pattern needs agent teams later. Built-in subagents. Explore (read-only, Haiku, codebase search), Plan (read-only, used in plan mode), general-purpose (all tools, inherits your model), plus helpers statusline-setup and claude-code-guide. Explore and Plan skip CLAUDE.md and git status to stay fast. Custom subagents. Markdown files with YAML frontmatter in .claude/agents/ (project, checked into git) or ~/.claude/agents/ (user). The fields that matter: name, description (drives automatic delegation), tools (allowlist; omit to inherit all), and model (sonnet/opus/haiku/full ID/inherit). Manage them with the /agents command. See Create custom subagents. Proactive delegation. Put "use proactively" in the description field so Claude reaches for the agent on its own. Worked examples. A codebase-search delegation that keeps file reads out of your window, and the official read-only code-reviewer (restricted to Read, Grep, Glob, Bash) that judges your diff with fresh eyes. Subagent vs skill vs slash command. A skill runs in your main context; a subagent runs isolated and returns a summary; a slash command is a typed entry point. Offload noisy, self-contained work to a subagent. The pitfall. Subagents start blank, with no conversation history. Vague delegation produces confident, wrong answers. Scope tightly and restate load-bearing constraints. Plus the costs: tokens still get spent, cold-start latency, and no mid-task steering (a subagent can't even ask you a clarifying question).

You keep pasting the same procedure into chat. Package it once as a skill, a folder with a SKILL.md, and Claude loads it on demand when the task matches, deep when you need it and nearly free when you don't. We build one from scratch, wire live shell output straight into it, and fix the number one reason a good skill silently never fires. Episode page & show notes Try a walking desk - stay healthy & sharp while you learn & code Episode 5 of Act I. Custom slash commands turned a repeated prompt into one word. Skills are the next rung: a folder of reusable expertise Claude pulls in on its own when the task matches, plus supporting files and scripts that ride along. The core idea: progressive disclosure. Three loading levels. The name and description are always loaded (~100 tokens each). The SKILL.md body loads only when the skill is triggered. Reference files and scripts load only when referenced, and scripts execute without their code ever entering context. That's why a 2,000-line skill costs almost nothing on the days you don't use it. See Claude Code's skills documentation and the Agent Skills overview. The copyable workflow. Build a summarize-changes skill: YAML frontmatter with a trigger-shaped description, plus a body that injects live git diff output using the !`command` dynamic-context syntax. Where skills live (personal in ~/.claude/skills/, project in .claude/skills/ committed to git so the team inherits them, plus plugin and managed scope), name-collision precedence, and live reload with no restart. A worked second example: a Postgres migrations skill with a bundled template and a type-generation step. The knobs that matter. disable-model-invocation and user-invocable to control who triggers a skill, allowed-tools and disallowed-tools tying back to the permissions episode, named arguments, and a peek at context: fork. When to use what. Facts that are always true go in CLAUDE.md; a prompt you retype becomes a command; a procedure with depth becomes a skill; a task you want quarantined becomes a subagent (coming up next). The pitfall: the skill that never fires. Almost always a vague description, the only thing Claude sees before invoking. How to diagnose it with "what skills are available?" and /doctor, the description-budget truncation that bites once you have many skills, and the opposite fix when a skill triggers too eagerly. Plus bundled skills, treating untrusted skills like untrusted software, and letting Claude author and refine the skill for you. From Anthropic's skill-authoring best practices.

You've been using the slash commands Claude Code ships with. Now write your own, and wire the hooks that fire on their own. Bundle a repeatable workflow into a command you trigger with a slash, then back it with hooks that enforce the rules a command can only ask for: build a /commit command, auto-lint after every edit, block writes to your migrations folder, and force the tests to pass before a turn can end. Episode page & show notes Try a walking desk - stay healthy & sharp while you learn & code Episode 3 covered the slash commands Claude Code ships with. This one is about writing your own, plus the automation that fires whether Claude remembers it or not. Two primitives, one rule for choosing between them: a custom slash command is a shortcut you trigger; a hook is a guarantee that runs on its own. Custom slash commands. Where they live (a per-command folder under your project's .claude or your home .claude, with the folder name becoming the command), the SKILL.md file and its YAML frontmatter, and the fields that matter: description, argument-hint, allowed-tools, model, and disable-model-invocation. Passing arguments with $ARGUMENTS and positional $1/$2, injecting live shell output into the prompt with the !`...` prefix, and pre-approving tools so a workflow runs without permission prompts. Worked example: a /commit command that stages, writes a real message, pushes, and opens a PR. From the skills documentation. Hooks. The lifecycle events (PreToolUse, PostToolUse, UserPromptSubmit, Stop, SessionStart/End, compaction, notifications, subagent events), how they're configured under the hooks key in settings.json, the matcher syntax, the JSON a hook receives on stdin, and how it answers back through exit codes (0 success, 2 blocks) and a decision JSON that can allow, deny, ask, modify tool input, or add context. Three hooks worth stealing: auto-lint and format after every edit, block writes to the migrations folder, and a Stop hook that forces tests to pass before a turn can end. From the hooks documentation. The pitfall. Putting an "always" or "never" rule inside a command's prose and trusting it. Command instructions are advice, like CLAUDE.md; if the cost of the model forgetting is real, that rule belongs in a hook. Plus quick traps: hook timeouts, unquoted arguments, and vague descriptions that never auto-invoke. Browse what you've built with /hooks, /skills, and /help.

A tour of the commands that ship in the box, the four steering keys you will use every run, and the decision you make constantly: clear versus compact, plus how to spot when compaction silently drops the context you were relying on. Episode page & show notes Try a walking desk - stay healthy & sharp while you learn & code Episode three of the OCDevel Claude Code arc, and the first one that's purely about speed. You can already drive a session from episodes one and two. This one makes you fast: the commands that ship in the box, and the keyboard moves you stop thinking about. What we cover: The reframe. On the 2.1 line, custom slash commands have been merged into skills, so the / menu is now one surface mixing built-in commands, bundled skills and workflows, your own skills, plugin commands, and MCP prompts. Type / to see exactly what your install has, since a command is only recognized at the start of a message and availability varies by plan and platform. See the commands reference. The catalog, grouped by when you reach for it — setup (/init, /memory, /config), steering (/model, /effort, /plan, /context), review (/diff, /code-review, /review, /security-review, /simplify), the between-sessions family (/clear, /resume and its alias /continue, /branch, /rename, /export), recovery (/rewind, /doctor), and cost (/usage, aka /cost). The everyday decision: /clear vs /compact. Clear starts a fresh conversation (the old one parks in /resume); compact keeps the thread and replaces verbatim history with a steerable summary. The rule: clear for unrelated work, compact to keep going. Details in exploring the context window and managing costs. The pitfall: silent context loss. Auto-compaction keeps intent and key snippets but drops full tool outputs and intermediate reasoning, and path-scoped rules are lost until a matching file is read again. How to recognize the drift and stay ahead of it with /context and focused compaction. The safety net and its blind spots. /rewind (or double-Escape) restores code and conversation, but bash side effects aren't tracked. Checkpoints are local undo; git is permanent history. See checkpointing. The keyboard. The four steering keys (Escape to interrupt, double-Escape to rewind, Shift+Tab for modes, Ctrl+C), history recall with Ctrl+R, the fast-input symbols (@ files, ! shell, # memory, / commands), plus /btw for a tool-less side question. Reference: interactive mode. Recency note for mid-2026: /vim moved into /config → Editor mode (removed in 2.1.92), /cost is now an alias for /usage, and the auto-compact threshold is version-dependent. Verify against /help in your own install. Next episode: writing your own custom slash commands.

You can't automate a tool you don't trust. This episode is the control surface: where settings live and which file wins, how to write tight allow/ask/deny permission rules (the real fence, not CLAUDE.md), the permission modes and the Shift+Tab plan-to-act toggle, and the slash commands a power user reaches for first, including the /rewind safety net. Plus the one pitfall everyone hits: the overly broad Bash(*) allow rule. Episode page & show notes Try a walking desk - stay healthy & sharp while you learn & code Episode 1 got a session running. This one makes it safe to leave running. We cover the control surfaces that turn Claude Code from a sharp tool you babysit into one you actually trust. Settings files and precedence. The four scopes you touch (~/.claude/settings.json, .claude/settings.json, .claude/settings.local.json, and enterprise-managed settings), which file wins when they collide, and the catch that permission rules merge across layers instead of overriding, with deny always winning. See the settings reference. The permission grammar. Why rules are enforced by Claude Code, not the model, so CLAUDE.md is advice and permission rules are the fence. The allow/ask/deny lists and their deny-first evaluation order. Bash glob patterns and the space-before-star word boundary, compound-command parsing, wrapper stripping (and the devbox run footgun), and gitignore-style path anchors for Read/Edit/Write. From the permissions reference. Modes and the plan-to-act toggle. default, acceptEdits, plan, plus auto, dontAsk, and the genuinely dangerous bypassPermissions (--dangerously-skip-permissions). The Shift+Tab cycle, the plan-mode workflow, and editing a proposed plan with Ctrl+G. See the permission modes reference. Slash commands a power user hits early. /clear vs /compact, /context, /config (where the removed /vim moved), /model, /permissions, /cost (now an alias for /usage), /review and /code-review, and the safety net of the episode: /rewind and double-Esc, plus the checkpointing gotcha that bash-modified files aren't tracked. The pitfall: the overly broad Bash(*) allow rule, why argument-constraining Bash patterns are fragile, and the deny-curl-use-WebFetch pattern instead. If you've stopped seeing prompts but never wrote specific allow rules, that's your cue to open /permissions and find what's too wide.

How the gather-act-verify loop actually works and how to steer it without starting over. What belongs in your CLAUDE.md project memory and what to keep out, generating a first draft with /init, and resuming yesterday's session instead of re-explaining everything. Plus the pitfall every beginner hits, context going stale, and the habits that fix it. Episode page & show notes Try a walking desk - stay healthy & sharp while you learn & code The first episode of the OCDevel Claude Code arc, the show that climbs from driving one session by hand all the way to a pipeline that ships to production while you're on the beach. This one is the on-ramp: everything you need to be genuinely productive in your first session, with no single primitive over-explained. What we cover: The core agentic loop — gather context, take action, verify, repeat — and the part most people miss: you're inside the loop. How to steer mid-run with the escape key and with typed corrections, how the tiered permission prompts gate shell commands and file edits, and how checkpoints let you rewind a bad edit by tapping escape twice. See How Claude Code works and Configure permissions. CLAUDE.md, your project memory — what it is, where the user / project / local files live, what to put in (specific build and test commands, conventions, "always/never" rules) and what to leave out, why you keep it under ~200 lines, and the newer auto-memory system Claude maintains alongside it. Reference: Memory. /init — generate a starter memory file from your codebase, why it's safe to re-run, the opt-in guided flow, and why the draft is a starting point you refine, not a finished file. Sessions and resume — work is saved continuously; pick up exactly where you left off with claude --continue or the --resume picker, and the difference between resuming, forking, and starting fresh. Reference: Manage sessions. The day-one pitfall — context degradation, in both forms (the never-ending session and the bloated CLAUDE.md), how to recognize it, and the habits that fix it: clear between tasks, compact with focus, keep memory lean. Recency notes for mid-2026: Claude Code is on the 2.1 line with the native installer now recommended over npm, and your default model depends on your plan (Opus 4.8 on Max/API, Sonnet 4.6 on Pro). See Model configuration. Next episode: settings.json, permissions, and plan mode in depth.