TL;DR: Claude Code is not just an autocomplete tool — it is a full development partner. But like any partnership, you get out what you put in. Set it up properly with a strong CLAUDE.md, build your own skills, use plan mode before you build, and maintain the logs that will protect you legally, financially, and technically. These 10 tips are what experienced Claude Code users wish they had known on day one.
Why most developers underuse Claude Code
Most developers open Claude Code, type a request, accept the output, and move on. They use it as a faster way to write boilerplate. That is the 10% version. The teams compounding real productivity gains are doing something different: they are encoding their processes, their standards, and their business context into persistent files that Claude reads at the start of every session — and they are building workflows that would be impractical without an agentic system.
These 10 tips cover the setup, the habits, and the workflows that make the difference.
1. Create a changelog to track progression
Ask Claude Code to maintain a CHANGELOG.md file from day one. Every time a feature is added, a bug is fixed, or a major decision is made, Claude appends a dated, human-readable entry. This gives you a living record of how your project evolved — invaluable for release notes, onboarding new team members, and diagnosing what changed after something breaks.
Try this prompt:
"After each session, update CHANGELOG.md with a summary of everything we built or changed today, organised by date."
2. Create an audit log to track your reviews
An AUDIT_LOG.md creates a transparent record of every code review, security check, and architectural decision. This is particularly important if you are building for clients, operating in a regulated industry, or working toward a security certification. The audit log demonstrates due diligence — that decisions were intentional, reviewed, and documented.
Try this prompt:
"Create an audit log entry for today's session covering what we reviewed, what was changed, and why."
3. Create a time log for R&D tax claims
If your company claims R&D tax credits — a UK government relief worth up to 33p per pound on qualifying activity — you need contemporaneous records of development time. Ask Claude Code to log the start and end of each session in a TIMELOG.md, along with a description of the technical challenge being worked on. This creates precisely the kind of evidence HMRC expects, built automatically as you work.
Try this prompt:
"At the start of each session, log today's date and a one-line description of what we're building. Update with end time when we finish."
For US teams, the same principle applies to the Section 41 R&D tax credit.
4. Set your rules in your CLAUDE.md file
The CLAUDE.md file is your project's standing brief. Claude Code reads it at the start of every session, so anything you write here becomes a persistent rule Claude follows without you repeating yourself. Use it to define your coding standards, preferred frameworks, naming conventions, security rules, and architectural constraints.
Keep it under 200 lines. Concise instructions outperform long ones. Run /init inside Claude Code to auto-generate a starter version from your project structure, then trim and tailor it.
Starter rules to include:
- Preferred language and framework
- Test runner command
- "Never commit secrets to git"
- Coding style guide (ESLint, PEP 8, etc.)
- Accessibility standards
5. Learn and create skills for automation
Skills are one of the most underused features in Claude Code. A skill is a folder inside .claude/skills/ containing a SKILL.md file with instructions, templates, or scripts that Claude loads automatically when relevant. Write the instructions once — how to write a deploy script, generate a README, format a pull request — and Claude applies them consistently every time.
You can invoke a skill explicitly with /skill-name or let Claude recognise when to apply it automatically.
Good starter skills to create:
/commit— writes structured Git commit messages/review— runs a security-focused code quality check/deploy— covers your specific hosting environment steps
6. Ask Claude to pen test your code
Before you ship anything to a live environment, ask Claude Code to review your codebase as a security penetration tester. It can identify common vulnerabilities including SQL injection, cross-site scripting, broken authentication, exposed secrets, and the full OWASP Top 10 list. This is not a substitute for a professional penetration test, but it is an excellent first-pass security review that catches the obvious issues before they become expensive ones.
Try this prompt:
"Review my entire codebase as a security penetration tester. Identify every vulnerability you can find, score each by severity, and suggest a fix for each one."
Make this a habit at the end of every development sprint.
7. Ask Claude to SOC 2 audit your code
SOC 2 covers five Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy. Ask Claude Code to review your application against each criterion — checking encryption, access controls, logging and monitoring, incident response procedures, and data retention policies. Doing this early in development is dramatically cheaper than retrofitting compliance later.
Try this prompt:
"Review my codebase against the SOC 2 Trust Services Criteria. List gaps, flag high-risk areas, and suggest what I need to implement before a formal audit."
8. Make use of plan mode
Plan mode is one of the highest-leverage features in Claude Code. When you activate it, Claude produces a detailed step-by-step implementation plan before writing a single line of code. You can read it, edit it, remove steps, add constraints, and redirect the approach — all before Claude executes anything.
Press Ctrl+G to open the plan in your text editor. The bigger the task, the more valuable plan mode becomes.
To activate: start your message with "Plan:" or include "use plan mode first" to prompt structured thinking before action.
9. Question everything Claude produces
Claude Code is capable but not infallible. It can produce code that works in isolation but fails in your specific context, miss edge cases, or make architectural decisions that are technically correct but wrong for your business. Your job is to be the domain expert in the room. Ask Claude to explain its reasoning. Challenge assumptions.
Power prompts:
- "What are the edge cases in this code that could cause it to fail?"
- "What assumptions have you made that I should verify?"
- "Play devil's advocate — what's wrong with this approach?"
The best AI-assisted developers treat Claude as a brilliant but junior colleague — talented, fast, and worth listening to, but accountable to your final review.
10. Commit to Git on a regular basis
When working fast with Claude Code, it is easy to make dozens of changes in a single session. Committing to Git frequently — after every meaningful feature or fix — gives you a reliable safety net. If Claude takes an unexpected direction, you can revert cleanly.
Create a /commit skill so Claude always writes structured, informative commit messages in a consistent format rather than lazy defaults like "update code."
Suggested commit format: type(scope): short description — for example, feat(auth): add JWT refresh token rotation.
Bonus: Use MCP servers to connect external tools
MCP (Model Context Protocol) servers allow Claude Code to connect directly to external services — databases, APIs, project management tools, cloud infrastructure, Slack, GitHub. Instead of copy-pasting data between tools, Claude can read from and write to your live systems as part of its workflow.
Bonus: Use subagents for parallel workstreams
Claude Code supports subagents — background AI instances that can run tasks in parallel. Use them to explore a large codebase, run tests, or research documentation without filling up your main context window. Launch a subagent and send it to the background with Ctrl+B. When it finishes, it reports back to your main session.
Quick reference: 10 Claude Code power tips
| Tip | What it does | Key file/command |
|---|---|---|
| 1. Changelog | Record every feature and fix | CHANGELOG.md |
| 2. Audit log | Document decisions and reviews | AUDIT_LOG.md |
| 3. Time log | Evidence for R&D tax claims | TIMELOG.md |
| 4. CLAUDE.md | Persistent project rules | CLAUDE.md + /init |
| 5. Skills | Automate repetitive tasks | .claude/skills/ |
| 6. Pen test | Security vulnerability scan | /review skill |
| 7. SOC 2 audit | Compliance gap analysis | Prompt-based |
| 8. Plan mode | Think before executing | Ctrl+G |
| 9. Question everything | Verify Claude's reasoning | Power prompts |
| 10. Git commits | Reliable rollback points | /commit skill |
Frequently asked questions
What is a CLAUDE.md file and why do I need one?
CLAUDE.md is a plain-text markdown file placed at the root of your project. Claude Code reads it at the start of every session, making it the ideal place to store persistent rules, coding standards, architectural decisions, and project conventions — so you never have to repeat yourself.
Can Claude Code help with R&D tax claims?
Yes. By asking Claude Code to maintain a time log file throughout your project, you create an accurate, timestamped record of development activity. This is valuable evidence when preparing R&D tax credit claims, demonstrating qualifying technical work and hours spent on innovation.
What is plan mode in Claude Code?
Plan mode tells Claude to produce a structured, step-by-step plan before writing any code. This lets you review, edit, and approve the approach before execution begins — significantly reducing wasted effort and unexpected changes.
Can Claude Code perform a pen test on my code?
Claude Code can conduct a thorough security review identifying common vulnerabilities including SQL injection, insecure authentication, exposed secrets, and OWASP Top 10 risks. While not a substitute for a professional penetration tester, it provides an excellent first-pass security audit.
What are Claude Code skills?
Skills are reusable instruction sets stored as SKILL.md files inside your .claude/skills/ directory. They package domain-specific knowledge, workflows, and scripts that Claude loads automatically when relevant, turning Claude Code into a specialist for your exact project needs.
Why should I commit to Git regularly when using Claude Code?
Claude Code can make many changes quickly across multiple files. Committing frequently creates reliable checkpoints so you can revert cleanly if something goes wrong, and gives you a granular record of exactly what changed and when — which also supports your changelog and audit log.
Next steps
- Build your complete Claude stack: The Complete Claude AI Stack
- Build GTM skills on top of Claude Code: 15 Top Claude Skills for GTM Teams
- Build a production monorepo: One Codebase, Multiple React Apps
- Learn about Cowork for GTM: How GTM Teams Can Maximise Claude Cowork
About the author
Paul Sullivan is the Founder of ARISE GTM and creator of the ARISE GTM Methodology®. He is the author of Go To Market Uncovered (Wiley, 2025) and host of the GTM Uncovered podcast.
- HubSpot accreditations: HubSpot Platinum Solutions Partner
- Customer.io accreditations: Certified Implementation Partner
- Based: Here East, Queen Elizabeth Olympic Park, London E15 2GW
- Work with ARISE GTM: arisegtm.com/agency-services
- Speak to Paul: arisegtm.com/contact-us
- Podcast: GTM Uncovered on Spotify
- YouTube: @gtmuncovered
Based on ARISE GTM's Claude Code deployment engagements (2024–2026). Current as of April 2026.
%20small.jpg)
