Claude Code Documentation: 2026 Working Guide

Claude Code is the terminal-and-web coding agent from Anthropic that has shifted, in 2026, from "AI autocomplete in your shell" to a full autonomous engineering teammate. It now ships with skills, hooks, MCP servers, parallel agent teams, slash commands like /ultrareview and /recap, a redesigned web app at claude.ai/code, the new Opus 4.7 model with native 1M context, and a CLI that quietly replaces Glob and Grep with embedded bfs and ugrep for faster searches. If you came looking for the official Claude Code documentation, you want code.claude.com/docs. If you want the practical, opinionated working guide written by an engineering team that ships software with it every day, you are in the right place.

At Petronella Technology Group, we use Claude Code as a daily driver across cybersecurity engineering, CMMC documentation, n8n workflow patches, content quality assurance, and the same kind of overnight parallel agent orchestration that produced the page you are reading. The shape of this guide is documentation-first, but every workflow section is backed by patterns we have validated against real production sessions. We are an Anthropic API customer. We are not an Anthropic partner, reseller, or endorsed firm. Treat what follows as field notes, not marketing.

What Claude Code Actually Is in 2026

Claude Code began life as a terminal coding assistant. In 2026 it is a four-surface product: a command-line agent (the original), a desktop application, a web application at claude.ai/code that was redesigned in Week 17 of 2026 with a sessions sidebar and drag-and-drop layout, and an Agent SDK that lets you embed Claude Code style agents in your own applications. All four surfaces share the same skill files, the same MCP server connections, the same hooks, and the same memory hierarchy.

The mental model that matters: Claude Code is an autonomous agent that owns a shell, a filesystem, and a set of tools. You prompt the agent. It plans, edits, runs commands, reads output, decides what to do next, and either ships a result or asks a clarifying question. The chatbot pattern of paste in, fix linter error, paste again is the wrong mental model and burns money. Treat each session as a delegated engineering task, not a conversation.

Cowork is the consumer-facing variant launched in January 2026 for non-developers on macOS and Max plans. It exposes the same agent through a folder-watching UI rather than a terminal. If your knowledge workers want Claude Code without learning bash, that is the door.

Install and First Run

The fastest install in 2026 is the official native installer:

curl -fsSL https://claude.ai/install.sh | bash

This drops a single binary in your path and avoids the Node version churn that bit a lot of teams in 2025. Authenticate with claude login and pick whichever plan covers your usage: Pro, Max, Team, or Enterprise. Max is the plan with Agent Teams and Cowork enabled. Pro is fine for individual use.

First-run sanity check:

claude
> what model am i talking to and what is my plan
> /usage

The /usage command was the merge of the older /cost and /stats commands in v2.1.118. The old names still work as aliases.

Model Selection: Opus 4.7, Sonnet 4.6, Haiku 4.5

Anthropic's current lineup is the Claude 4.x family. Opus 4.6 and Opus 4.5 are reasoning specialists with deep planning capacity. Sonnet 4.6 (and Sonnet 4.5 before it) is the balanced model that most users default to. Haiku 4.5 is the speed-and-cost model for high-volume cheap work. Opus 4.7 with a native 1M-token context window has rolled out for sessions that need to hold entire codebases or hundreds of files at once. As of v2.1.119, Opus 4.7 sessions correctly compute against the model's native 1M context, which fixed inflated /context percentages and premature autocompaction.

Practical guidance: start a new session on Sonnet 4.6 for normal feature work. Switch to Opus when a task is hard, ambiguous, or genuinely architectural. Drop to Haiku for narrow grunt work like renames or doc passes. The default effort level for Pro and Max subscribers on Opus 4.6 and Sonnet 4.6 is now high, which was raised from medium. You can change effort per session in /model or per project in settings.

Switch model mid-session:

> /model opus-4-7
> /model sonnet-4-6
> /model haiku-4-5

Skills: The Most Important 2026 Feature

Skills are directory-based capability bundles. A skill is a folder with a SKILL.md file that describes what the skill does and when Claude should invoke it, plus optional supporting files, scripts, and references. The CLI auto-discovers skills at two paths:

• Global: ~/.claude/skills/<skill-name>/SKILL.md
• Project: .claude/skills/<skill-name>/SKILL.md

Every skill auto-creates a /skill-name slash command. You also install skills from plugins via /plugin install <name> or add a marketplace with /plugin marketplace add <repo>.

Skills matter because they are how you teach Claude Code domain procedures that survive across sessions and across context resets. We maintain a private skill library at Petronella for things like our deploy gate sequence, our CMMC documentation generation patterns, our blog quality checks, our n8n workflow patch idioms, and a /fresh skill that ends a session by saving memory and pushing to GitHub. The skill is the unit of organizational knowledge that the agent can carry into a new context window.

Write your first skill in five minutes:

mkdir -p ~/.claude/skills/format-pr
cat > ~/.claude/skills/format-pr/SKILL.md <<'EOF'
---
description: Format the current branch as a GitHub PR description with summary, test plan, and rollback notes
---

When invoked, read the git log since main, summarize the changes, list every changed file with one-line purpose, write a test plan checklist, and propose a rollback recipe.
EOF

Type /format-pr in any session afterward and the skill is ready.

Slash Commands Reference

Claude Code 2026 ships with a large built-in slash command set, plus auto-generated ones from skills and plugins. The high-value commands to know:

• /model - switch model mid-session.
• /context - show the current context window usage, with the Opus 4.7 1M fix applied.
• /usage - token spend, costs, and plan headroom. Merged /cost and /stats as of v2.1.118.
• /config - interactive settings editor that now persists changes to ~/.claude/settings.json and follows project/local/policy precedence.
• /theme - open the theme picker; build named color themes that override only the tokens you care about, hand-edited at ~/.claude/themes/.
• /resume - resume a prior session. As of v2.1.119 this is up to 67% faster on large sessions and offers to summarize stale ones before re-reading them.
• /recap - one-line recap of what happened while you were away from a session. Useful when you are juggling multiple Claude Code windows.
• /ultrareview - public research preview. Spawns a fleet of bug-hunting agents in the cloud against your branch or a PR and streams findings back. Run it before merging auth changes, data migrations, or anything that touches production credentials.
• /plugin - install, list, and tag plugins. The claude plugin tag CLI subcommand creates release git tags for plugins with version validation.
• /login and /logout - switch between accounts. Useful if you have a personal Pro account and a corporate Team account.

Several Petronella internal skills add their own slash commands: /fresh for end-of-session memory save plus GitHub sync, /loop for recurring task automation, /deploy for our production deploy wrapper, and /compliancearmor for the compliance documentation platform we maintain.

Hooks: Event-Driven Automation

Hooks let you run code in response to Claude Code events without modifying the agent. The available events:

• PreToolUse - fires before a tool is called. Use for permission gating, audit logging, or rewriting tool arguments.
• PostToolUse - fires after a tool completes. Use for after-action logging, derived-state updates, or auto-fixing common failure patterns.
• Notification - fires on notifications, useful for desk lights, Slack pings, or audible cues.
• TeammateIdle - Agent Teams only. Fires when a teammate finishes work and is awaiting the next task.
• TaskCompleted - Agent Teams only. Fires when a shared task is marked complete.

Hooks can now call MCP tools directly via the new type: "mcp_tool" field, so a hook can hit an already-connected server without spawning a separate process. This single change removed a lot of brittle shell-out plumbing we had in 2025.

A common hook recipe: lock down deploy scripts behind a confirmation gate.

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "filter": "command:contains:rsync.*--delete",
        "action": "deny",
        "message": "rsync with --delete is banned by site policy. See CLAUDE.md."
      }
    ]
  }
}

We use exactly this hook in our production deploy gate because our team policy permanently bans rsync --delete against the petronellatech.com production tree, and the hook is more reliable than expecting every contributor to remember.

MCP Servers: External Tools and Data

MCP (Model Context Protocol) is how Claude Code connects to external tools and data sources. An MCP server is a small process that exposes typed tools and resources. Claude Code connects, lists the tools, and routes tool calls through them.

Add an MCP server:

claude mcp add ahrefs --command "npx -y @ahrefs/mcp-server"
claude mcp add postgres --command "uvx mcp-server-postgres" --env "DATABASE_URL=postgres://..."

MCP tools appear as mcp__<server>__<tool> in the agent's tool list. Subagents inherit MCP tools when the tools field is omitted from their agent config, which is the default. The MCP catalog has grown sharply in 2026; commonly useful servers for engineering teams include filesystem, postgres, github, slack, sentry, datadog, and a long tail of vendor-specific servers.

We run roughly a dozen MCP servers in our Petronella Claude Code setup, including Ahrefs for SEO data pulls, Firecrawl for web research, Google Search Console, Postgres for our outreach and lead tables, n8n for workflow inspection, Playwright for browser automation, and Serena for fast cross-file symbol search inside our PHP and Python codebases. Each one is roughly the same setup cost: install the server, add it to settings, restart the session.

Subagents and Agent Teams

Subagents are forked specialist contexts. The Task tool sends a brief and a goal to a subagent, and the parent agent receives the subagent's final report. Built-in subagents include Explore (read-only codebase exploration), Plan (architecture planning without edits), and general-purpose (flexible multi-tool agent). Custom subagents go in .claude/agents/ with their own prompts and tool grants.

The 2026 change worth knowing: forked subagents can be enabled with CLAUDE_CODE_FORK_SUBAGENT=1. A forked subagent inherits the full parent conversation context instead of starting fresh, which is what you want when the task requires the subagent to know what was already discussed.

Agent Teams, launched February 2026, is a separate experimental feature on the Max plan that runs multiple Claude Code instances coordinated as a team. Each teammate has its own context window. Shared task lists with TaskCreate, TaskUpdate, TaskList, and TaskGet tools let teammates pick up and complete each other's work. Inter-agent messaging lets one teammate hand off context to another. Display is either in-process via Shift+Up and Shift+Down, or split panes via tmux or iTerm2.

Enable Agent Teams:

CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1 claude

We have used Agent Teams to debug complex distributed systems where one teammate owns the frontend, one owns the API, and one owns the database. Each can run its own commands and report findings to the shared task list. Token usage scales with teammate count, so plan accordingly.

Settings, Permissions, and Auto Mode

Claude Code settings live at three precedence levels: project (.claude/settings.json), local (.claude/settings.local.json), and user (~/.claude/settings.json). Policy-level admin settings can be layered on top for managed Team and Enterprise deployments.

Auto Mode is the unattended execution mode. Configure what Auto Mode is allowed to do, what it should soft-deny (run but flag), and what environment variables it can read in autoMode.allow, autoMode.soft_deny, and autoMode.environment. As of Week 17 2026, you can include the magic string "$defaults" in any of those arrays to add custom rules alongside the built-in list rather than replacing it. Without this, custom rules silently replaced the safe defaults, which was a common foot-gun.

Memory hierarchy: Claude Code reads CLAUDE.md files from the current directory upward through every parent directory. Global rules live in ~/.claude/rules/. Project rules live in .claude/rules/. Memory frontmatter scopes (user, project, local) control where new memory entries land.

At Petronella our top-level ~/CLAUDE.md defines the playbook router (which playbook applies to which task class), our brand standards, our hard safety rules, and a list of hostname aliases. Each project gets its own CLAUDE.md with project-specific rules. The hierarchy means a single session can pull in global rules plus project rules plus directory-level rules in one pass, without a manual prompt.

IDE and Web App Integrations

Claude Code has first-class extensions for VS Code and JetBrains IDEs, plus the redesigned web app at claude.ai/code. The web app got the Week 17 2026 refresh: sessions sidebar, drag-and-drop layout, refreshed routines view, and rebuilt internals for quicker responses. The web surface and CLI surface share the same skills, MCP servers, and session history, so a session you start on your laptop can be resumed on your phone.

Vim users got native visual mode support in the prompt input: press v for character selection or V for line selection, with operators and visual feedback. This was a top community request for most of 2025.

Native macOS and Linux builds replace the standalone Glob and Grep tools with embedded bfs and ugrep available through Bash, which removes a tool-call round-trip and is noticeably faster on large codebases.

Workflows We Use at Petronella

Documentation is not workflow. The Claude Code docs cover surface area; this section covers patterns that work for a working cybersecurity firm with real production constraints.

1. Overnight Parallel Agent Orchestration

The page you are reading was produced as part of an overnight autonomous sweep. The orchestrator session dispatched roughly a dozen specialist subagents in parallel: blog decay rewriters (one per high-volume lost keyword), Ahrefs health-fix agents, structured data validators, internal linking auditors. Each agent had a hard-scoped file ownership boundary and a finite output target. The orchestrator collected results and ran the deploy gate.

The pattern requires three things. First, a clear scope per subagent so they cannot stomp each other's files. Second, a return-format spec so the orchestrator can parse outcomes. Third, a deploy gate at the end that runs the full pre_deploy_check.py pipeline before anything ships. We have shipped 80,000+ word content runs this way with zero rollbacks.

2. n8n Workflow Patches

Our outbound email infrastructure is a set of n8n workflows running on a Postgres-backed instance. When a workflow breaks, we point Claude Code at the workflow JSON export and the postgres error logs, and it diffs the working version against the broken one, proposes a minimal patch, applies it in n8n via the management MCP server, and runs a smoke test through the workflow's trigger node. The Reply Monitor 5-bug cascade we fixed in S76 was diagnosed and patched this way in roughly two hours of agent work.

3. CMMC Documentation Generation

CMMC Level 2 assessments produce a System Security Plan with up to 110 control implementations. Each control needs a written narrative tied to actual evidence. Claude Code reads our internal evidence library, drafts narratives, cross-checks against the CMMC assessment guide, flags gaps, and produces an SSP that a human auditor can review and stamp. The agent never invents evidence; if evidence is missing, the narrative explicitly says so and the gap is logged. CMMC compliance services details how this integrates with our Registered Provider Organization process.

4. Blog Content Quality Assurance

Every blog draft on this site is read by a Claude Code QA pass before deploy. The pass checks word count, em-dash compliance, brand-name compliance (Petronella Technology Group spelled out in full on first mention), internal link coverage, fabricated stat detection, and JSON-LD schema validity. We have caught roughly forty drafts before publish over the last six months. The QA skill is open-sourced as part of our development tooling notes.

5. SEO Health Sweeps

Weekly, an Ahrefs MCP subagent pulls our open health issues, categorizes them (broken links, 4XX, multi-meta, sitemap drift, orphaned canonicals), and dispatches one parallel agent per category. Each agent fixes its category, commits, and reports back. The orchestrator aggregates results and reruns the audit. The S81 health sweep cleared 19 issues in 13 minutes of wall-clock time, which would have been a half-day of manual work.

6. Test-Driven Development with Subagent Verification

For new features we ship in our internal codebases, the pattern is: write the test first with Opus 4.6, dispatch an Explore subagent to read prior implementations, draft the implementation, dispatch a Sonnet 4.6 subagent as an independent reviewer with the spec but not the implementation, and only accept the patch if both implementations and reviewer agree. This is slower than YOLO mode but it is the only pattern that produces code that survives a security audit. See our governance guide for AI code assistants for the policy framing.

Claude Code vs Cursor vs Cline vs Aider

The agentic coding tool space has consolidated in 2026 but four products still come up in every comparison conversation we have with engineering leaders. Each one is best at a different shape of work.

Claude Code is a terminal-and-web autonomous agent with skills, hooks, MCP servers, subagents, Agent Teams on the Max plan, and a 1M-context Opus 4.7 model. Best for: autonomous multi-step work, parallel agent orchestration, large refactors, compliance-heavy workflows where audit trails matter, and any task that needs to span more than one file at a time. Less ideal for: quick autocomplete inside an IDE where you want every keystroke suggested.

Cursor is a VS Code fork with deep IDE integration and a strong Tab autocomplete model. Cursor's agent mode has caught up significantly in 2026 but the product is fundamentally optimized for the IDE-resident developer who wants a chat panel plus inline edits. Best for: in-flow coding where you want fast inline edits and a familiar editor. Less ideal for: long-running autonomous sessions, terminal-first workflows, or compliance environments where the cloud-edit path is harder to audit. See our Cursor AI IDE setup guide for our internal cursor configuration.

Cline is an open-source VS Code extension that wraps a coding agent around your editor with a strong "approve every action" UX. Best for: teams that want a self-hosted-feeling experience and bring-your-own-model flexibility (Claude, GPT, local models). Less ideal for: terminal-first workflows or unattended autonomous runs.

Aider is an open-source terminal coding assistant with a strong git-commit-per-change discipline and excellent diff-based editing. Best for: tightly scoped edits where you want one well-formed commit per change and explicit control. Less ideal for: multi-file refactors, parallel agents, or skill-based workflow automation.

Our team standardized on Claude Code for autonomous and compliance-adjacent work, and we use Cursor as the IDE-resident editor when an engineer wants tighter inline feedback. We do not run published benchmarks against the others because the comparison shape changes too quickly to publish numbers honestly; we instead pick the tool that fits the shape of the task. If you are evaluating, run the same one-day spike on each and measure your actual cycle time on tasks you actually care about.

Cost Management and Plan Selection

Plans and pricing as of mid-2026:

• Pro includes Claude Code with a usage allotment that suits an individual engineer doing roughly 4-6 hours of agent work per day.
• Max raises the allotment substantially and unlocks Agent Teams and Cowork. This is where most engineering-team users land.
• Team is the multi-seat plan with admin controls, shared billing, and the policy-layer settings.
• Enterprise adds SSO, audit log export, and procurement-friendly contracting.

API access (separate from the subscriptions) is billed per token. Opus 4.6 lists at $5 per million input tokens and $25 per million output tokens. Sonnet 4.5 at $3 input and $15 output. Haiku 4.5 at $1 input and $5 output. The 1M-context Opus 4.7 has its own pricing band; check the Anthropic pricing page for the current rate.

Practical cost controls that move the needle:

• Pick the right model for the task. Most agent steps run fine on Sonnet. Reserve Opus for planning and hard architecture.
• Use /resume aggressively. The v2.1.119 resume speedup means returning to a stale session is cheaper than starting fresh.
• Cap subagent count. Each parallel subagent has its own context window, which means linear token spend. Five parallel agents at $2 per agent is $10 per orchestration.
• Run /usage at the start and end of any unattended session. If a session burned through the budget you set, the hook fires and you find out before the bill does.

Compliance Considerations for CMMC, HIPAA, and SOC 2 Shops

If you work in a regulated environment, Claude Code is not automatically compliant. Three things matter:

Data handling. Anthropic's enterprise terms cover data not being used for training. For sensitive workloads, run Claude Code in a session pinned to your organization's enterprise account and never paste regulated data into a personal Pro account. Block the personal account at the network level if your org policy demands it.

Audit trails. Use hooks to log every tool call to your SIEM. Claude Code does not produce a compliance-grade audit log out of the box; you build one with a PostToolUse hook that ships structured events to your log pipeline. This is mandatory for SOC 2 Type II evidence and useful for CMMC 2.0 AU-2 / AU-3 control evidence.

Tool restriction. The Auto Mode allow and soft-deny lists let you constrain what the agent can do without supervision. For HIPAA covered entities or business associates, our default policy is no Auto Mode in any environment that touches PHI; every tool call gets a human approval.

Petronella's CMMC implementation services include a Claude Code governance package for defense contractors who want the productivity benefits without the policy headaches. Our private AI infrastructure page covers the data-sovereignty alternative for organizations that need on-prem inference.

Frequently Asked Questions

What is the difference between Claude Code and the Claude web chat at claude.ai?

Claude.ai is the consumer chat product. Claude Code is the coding-and-engineering agent that owns a shell and your filesystem. The new claude.ai/code web app is Claude Code with a web UI; it shares skills, MCP servers, and session history with the terminal CLI. The original claude.ai chat does not have shell, filesystem, or MCP access.

Where is the official Claude Code documentation?

At code.claude.com/docs. The What's New section is published weekly and is the best primary source for current feature truth. Anthropic also publishes a Documentation Index at https://code.claude.com/docs/llms.txt intended for LLMs to consume.

Do I need the Max plan to use skills, hooks, or MCP?

No. Skills, hooks, MCP servers, subagents, and custom themes are available on every plan including Pro. The Max plan adds Agent Teams (experimental, requires the CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS environment variable) and Cowork (the macOS folder-watching variant for non-developers).

How do I install a skill someone else wrote?

Either copy their skill directory into ~/.claude/skills/ manually, or, if it is published as a plugin, run /plugin install <name> after adding the marketplace via /plugin marketplace add <repo>. Inspect the SKILL.md and any scripts before installing skills from untrusted sources; skills can declare command capabilities and you do not want surprises.

What is Auto Mode and is it safe?

Auto Mode is the unattended execution mode where Claude Code can run tools without per-call approval. It is safe if you configured the allow, soft_deny, and environment lists tightly and you included "$defaults" so the built-in safe baseline is layered with your custom rules. It is unsafe if you opened the allow list too wide. For regulated workloads we default to no Auto Mode, period.

Can I use Claude Code with a model other than Claude?

The Claude Code agent is built around Anthropic's models. Some community tools wrap Claude Code style agents around other model providers, but the first-party Claude Code product runs against Anthropic's API. If you want vendor diversity, Cline and Aider both support multiple model providers.

How does Claude Code handle long conversations and context limits?

Opus 4.7 has a native 1M-token context window for sessions that need to hold an entire codebase or hundreds of files. Other models use a 200K-token window. When you approach the limit, Claude Code autocompacts older messages by summarizing them. The v2.1.119 fix to the /context percentage on Opus 4.7 removed a common cause of premature autocompaction. If you want manual control, use /resume to start fresh on a summarized version of a prior session.

Where to Go Next

The official docs are at code.claude.com/docs. The weekly What's New page is worth following if you ship with the tool regularly. Our internal patterns are documented across this blog: the Claude Code CLI feature guide covers installation and per-feature setup at deeper length, the Claude SDK guide covers building production agents on the Anthropic API directly, and Claude design principles covers the prompt-engineering and constitutional patterns that the underlying model is trained against.

If you want to talk about deploying Claude Code in a regulated environment, integrating it with your CMMC, HIPAA, or SOC 2 program, or running a private inference stack so you never have to send code to a cloud at all, contact our team. We are happy to share what works, what does not, and what we would do differently if we were starting over.