Productionai

A Claude Code production workflow where the rollback note is written before the patch

Claude Code needs a rollback note before code

Before Claude Code edits production-adjacent code, ask for the rollback note. If the agent cannot explain how to undo the change, the task contract is not ready yet.

A Claude Code permission workflow where request, grant, and evidence lead to automatic expiry

Claude Code permissions need expiry dates

Claude Code permissions are safest when they are temporary. Treat every extra file, command, MCP tool, and network path as a task-scoped grant that must expire unless a human renews it with evidence.

A Claude Code human review control loop with task contract, agent run, review packet, and human gate

Claude Code human review is a control, not a vibe check

Claude Code can make a change feel review-ready before the risk is understood. Production teams need human review that can reject the run, narrow the scope, or demand better evidence before merge.

A Claude Code flight recorder diagram with task contract, tool calls, evidence, review, and rollback

Claude Code needs a flight recorder

Claude Code can produce a clean patch from a messy run. Production teams need a flight recorder: the task contract, tool calls, permission pressure, tests, assumptions, and rollback notes that explain how the patch was made.

A Claude Code permission boundary diagram showing allowed tools, a closed gate for risky tools, review, and rollback

Claude Code permissions should fail closed

Claude Code permissions are where agent safety becomes concrete. If a run needs production data, billing config, deploy access, or a wider MCP tool, the default should be stop, explain, and wait for a human decision.

A Claude Code review packet diagram with task contract, evidence, boundary pressure, and rollback note

Before you merge Claude Code's work, ask for the receipt

Passing tests are a useful signal, but they are not enough for production Claude Code work. Ask for a review packet that shows scope, evidence, boundary pressure, remaining risk, and rollback before merge.

The model release is not your AI strategy

New models matter. They change what is possible. But a serious AI strategy cannot be rebuilt around every launch. The hard work is deciding what should change in your products, teams, controls, and habits.

Diagram showing a bad Claude Code run becoming a replay case, an eval, a control change, and a safer next run

Claude Code evals should start with the run that scared you

The best Claude Code eval is not a tidy benchmark. It is the uncomfortable run your team does not want to repeat, captured as a replayable production control.

Diagram showing a Claude Code permission budget across scope, tools, spend, and approval

Claude Code needs a permission budget

Before giving Claude Code wider access, define what each run may read, edit, call, spend, and merge. A permission budget keeps agent speed inside a reviewable boundary.

Diagram showing Claude Code MCP blast radius controls with allowed tools, write scope, audit trail, and approval gate

Claude Code MCP tools need a blast radius

MCP tools make Claude Code far more useful, but broad access turns a weak prompt into a production risk. Treat every tool as blast radius, not convenience.