Softwareengineering

Diagram showing a Claude Code permission budget across scope, tools, spend, and approval

Claude Code permissions should have a budget

Claude Code gets safer when permissions are treated like a budget: scoped files, allowed tools, spend limits, stop rules, review packets, and rollback notes before wider autonomy.

Diagram showing the operating gap between an AI POC and production AI

From AI POC to production: the part teams keep skipping

The AI POC is not the hard part anymore. The hard part is turning a promising demo into a service with ownership, evals, traces, cost controls, and a rollback path.

Diagram showing green tests as one signal beside a Claude Code review packet with scope, command log, tool log, rollback note, and human approval

Claude Code green tests are not a review packet

A Claude Code run can make tests pass and still leave a reviewer with no usable evidence. Treat green tests as one signal, then require scope, command logs, tool use, assumptions, and rollback notes before merging agent work.

Diagram showing a Claude Code run stopping after repeated failures and producing a review packet instead of looping blindly

Claude Code needs a stop rule before more autonomy

Claude Code gets risky when a failed run keeps retrying without a stop rule. Use failure budgets, review packets, evals, and rollback notes before giving agents more autonomy.

Diagram showing a Claude Code team adoption runbook with task contract, scoped permissions, review packet, evals, and rollback

Claude Code team adoption needs a seatbelt runbook

Claude Code gets risky when teams roll it out through enthusiasm instead of a runbook. Start with task contracts, scoped permissions, review packets, evals, and rollback before widening autonomy.

Diagram showing how MCP tools widen Claude Code blast radius from local repository access to external systems unless boundaries, approval, logs, and rollback are added

Claude Code MCP tools need a blast radius, not a vibe check

MCP makes Claude Code more useful, but every server also widens the blast radius. Treat MCP tools as production access paths with allowlists, approval gates, call logs, and rollback notes.

Diagram showing the boundary where AI code generation moves from suggestion mode to action mode with files, commands, tools, and services

AI code generation gets risky when it becomes action

AI code generation is manageable when it suggests code. The risk changes when agents can edit files, run commands, call tools, and open pull requests.

A Claude Code review packet showing objective, permission boundary, tool trace, tests, cost, and rollback path before human approval

The Claude Code review packet I want before approving agent work

A Claude Code diff is not enough evidence for production review. Ask for the objective, permission boundary, tool trace, tests, failures, cost, and rollback path before approving agent work.

Cover of Claude Code: Building Production Agents That Actually Scale by Thomas De Vos

Claude Code book is live on Amazon Kindle

Claude Code: Building Production Agents That Actually Scale is now live on Amazon Kindle. Here is who it is for and why I wrote it.

Claude Code rollback envelope diagram showing scope, agent change, and rollback path

Claude Code Rollback Plans Belong in the Prompt

If a Claude Code agent can change production-shaped code, the prompt should say how to undo the work. Rollback is not paperwork after the diff. It is part of the task boundary.