Opinionated defaults, documentation, and workflows for Claude Code at Trail of Bits - trailofbits/claude-code-config
dangerously-skip-permissions makes Claude Code autonomous—no more prompt fatigue. But real devs have lost home directories. Here's what you actually need to know.
The context window is a budget, not a feature. Auto-compaction hides the bill until the agent starts hallucinating. Practical tactics for staying under budget: scope per session, offload to disk, dispatch subagents for research, and clear aggressively between phases. The goal isn't a bigger window; it's needing less of it.
Load 84 MCP tools and 15,540 tokens are gone before you ask a question; after thirty minutes you've burned 40% of your context on tool definitions you didn't use. Holmes and Yilmaz make the case for CLI-first, and I've mostly come round: CLIs are debuggable, composable, and 92-98% cheaper in tokens. MCP still earns its keep for a few tools, but the default should flip.
Skills are Standard Operating Procedures the agent loads only when needed — progressive disclosure applied to AI context. Without a forced-eval hook they activate 55% of the time; with one, 100%. That gap is the difference between skills working and skills being decoration. Plus why hooks are the enforcement layer that makes any of it reliable.
We had 5% buy-in and 95% resistance. A year later, AI-augmented auditors are finding 200 bugs a week on the right engagements. Here’s the six-part operating system we built, open sourced, and are giving away.
An AI tool like Claude Code gives you solid general-purpose capabilities out of the box. To make it truly indispensable, add the layers that teach it who you are, how you work, and what you do.
A quickstart to Claude Code, Anthropic’s agentic coding command-line interface (CLI) tool, and roadmap to being an expert.
Extensive guide on being a Claude Code power user, tracking threat actors on GitHub, open source AI-powered pentesting tools
We had 5% buy-in and 95% resistance. A year later, AI-augmented auditors are finding 200 bugs a week on the right engagements. Here's the six-part operating system we built, open sourced, and are giving away.