Domain 3 20% of exam

Claude Code Configuration & Workflows — Complete Lesson

Domain progress
Domain 3 20% of exam · 6 Task Statements

Claude Code Configuration
& Workflows

Domain 3 is the hands-on configuration domain. It tests whether you know exactly where to put a CLAUDE.md file so team members receive it, which frontmatter keys control skill isolation, and which CLI flag prevents CI pipeline hangs. The exam rewards precision — knowing the right answer often means knowing the exact file path or the exact flag name.

This domain maps primarily to Scenario 2 (Code Generation with Claude Code) and Scenario 5 (CI/CD Integration). Both appear in all four scenario slots the exam presents, making Domain 3 knowledge reliably tested.

Task Statement 3.1
Task Statement 3.1

Configure CLAUDE.md files with appropriate hierarchy, scoping, and modular organisation

Three levels of configuration, each with different scope and shareability. Getting them wrong means teammates don't receive instructions — or personal preferences leak into team workflows.

The Core Concept

Claude Code reads CLAUDE.md files from multiple locations and merges them into a single instruction set. The level at which you place a file determines who receives it — and whether it travels with the codebase via version control.

The Exam Principle: If a new team member clones the repo and doesn't receive certain instructions, those instructions are in ~/.claude/CLAUDE.md (user-level) instead of the project-level file. User-level config is never committed to version control — it exists only on the original developer's machine.

Configuration Hierarchy

👤

User-Level — ~/.claude/CLAUDE.md

Personal preferences. Never committed to version control. Applies only on that developer's machine. Use for personal shortcuts, preferred styles not enforced team-wide.

📁

Project-Level — .claude/CLAUDE.md or root CLAUDE.md

Shared team standards. Committed to version control. Received by every developer who clones the repo. This is where coding conventions, testing standards, and architecture rules belong.

📂

Directory-Level — src/payments/CLAUDE.md

Subdirectory-specific instructions. Applies when Claude is working in that directory. Use for package-specific conventions that don't apply to the whole project.

🔍

/memory Command

Verify which memory files are currently loaded. Use to diagnose why instructions are inconsistent across sessions — check which CLAUDE.md files Claude actually sees.

Project structure — correct config placement TEAM-SHARED 
my-project/
├── CLAUDE.md                   # ← project-level, committed to git
├── .claude/
│   ├── CLAUDE.md               # ← alternative project-level location
│   ├── rules/
│   │   ├── testing.md          # ← topic-specific rules
│   │   ├── api-conventions.md
│   │   └── deployment.md
│   ├── commands/               # ← project-scoped slash commands
│   └── skills/                 # ← project-scoped skills
└── src/
    └── payments/
        └── CLAUDE.md           # ← directory-level, payments only

~/.claude/CLAUDE.md             # ← user-level, NEVER committed

Modular Organisation with @import

Large CLAUDE.md files become hard to maintain. The @import syntax lets you split into focused topic files and include only what's relevant per package.

CLAUDE.md — using @import for modular organisation MODULAR PATTERN 
# Project Root CLAUDE.md

## Universal Standards
All code must be TypeScript strict mode.
All API endpoints require input validation.

## Imported Standards
@import .claude/rules/testing.md
@import .claude/rules/api-conventions.md

---
# src/payments/CLAUDE.md  (directory-level, payments team)

## Payment Service Standards
Always use idempotency keys for payment calls.
Never log raw card numbers or CVV values.

## Payment-Specific Imports
@import ../../.claude/rules/pci-compliance.md
  • Use .claude/rules/ directory for topic-specific files as an alternative to a single large CLAUDE.md
  • Use @import to selectively include relevant standards per package — a payments package imports PCI rules, a frontend package imports UI conventions
  • Diagnose "teammate not receiving instructions" by checking whether the file is at user-level vs project-level
  • Use /memory command to verify exactly which CLAUDE.md files are loaded in the current session

Exam Traps for Task 3.1

The TrapWhy It FailsCorrect Pattern
New team member not receiving instructions → check project CLAUDE.md If teammates don't receive instructions that work on your machine, the instructions are in ~/.claude/CLAUDE.md, not version-controlled project-level Move shared instructions to .claude/CLAUDE.md or root CLAUDE.md and commit
Use a single monolithic CLAUDE.md for all rules Becomes unmaintainable; loads irrelevant rules into every session context; harder for maintainers to own their sections Split into .claude/rules/*.md files; use @import to compose per-context
Place personal API key preference rules in project CLAUDE.md Personal preferences leak to all teammates via version control — conflicts with team standards Personal preferences go in ~/.claude/CLAUDE.md; team standards go in project-level

🔨 Implementation Task

T1

Build and Verify a Complete CLAUDE.md Hierarchy

Create all three config levels, verify inheritance, and deliberately break sharing to confirm the diagnostic path.

  • Create project-level CLAUDE.md with 3 universal rules; commit to git
  • Create ~/.claude/CLAUDE.md with 2 personal rules; verify only you see them
  • Create src/payments/CLAUDE.md with payment-specific rules; verify they load only when working in that directory
  • Split the project CLAUDE.md into 3 .claude/rules/*.md files using @import — test that all rules still load
  • Run /memory command; verify the output matches exactly which files you expect to be loaded

Exam Simulation — Task 3.1

Question 1 — Task 3.1 Code Generation with Claude Code
A senior developer configures Claude Code with detailed TypeScript conventions and test coverage requirements. When a new team member joins and starts using Claude Code on the same project, they report that Claude is not following any of the configured conventions. What is the most likely cause?
  • AThe new team member's Claude Code installation has a different version that doesn't support CLAUDE.md
  • BThe developer placed the configuration in ~/.claude/CLAUDE.md (user-level), which is not committed to version control and does not exist on the new team member's machine
  • CThe CLAUDE.md file uses @import syntax which requires a special Claude Code extension to work
  • DDirectory-level CLAUDE.md files are not inherited by subdirectories — the new member must create one in each folder they work in
Correct: B
B is correct. User-level configuration (~/.claude/CLAUDE.md) lives only on the developer's own machine and is never committed to version control. The fix: move the instructions to project-level (.claude/CLAUDE.md or root CLAUDE.md) and commit. A is wrong: CLAUDE.md support is universal across Claude Code versions. C is wrong: @import is a native CLAUDE.md feature. D is wrong on two counts: first, it misidentifies the root cause — the problem is that the file lives at user-level and was never committed, not a subdirectory inheritance issue. Second, D's premise is itself false: a project-level CLAUDE.md does apply across all subdirectories within the project — there is no need to create one in each folder.
Question 2 — Task 3.1 Code Generation with Claude Code
A team has a single CLAUDE.md with 800 lines covering TypeScript standards, testing conventions, PCI compliance rules, infrastructure deployment guidelines, and frontend UI patterns. Different team members own different sections but regularly overwrite each other's changes. What is the best restructuring approach?
  • ACreate a separate CLAUDE.md in each subdirectory so each team owns their own file independently
  • BSplit the monolithic file into focused topic files in .claude/rules/ (e.g., testing.md, pci-compliance.md, deployment.md) and use @import in the root CLAUDE.md to compose them
  • CUse Git branch protection so only designated owners can edit the CLAUDE.md file
  • DMove non-critical conventions to user-level ~/.claude/CLAUDE.md files to reduce the shared file size
Correct: B
B is correct. Splitting into .claude/rules/*.md files with @import gives each team ownership of their file while keeping everything version-controlled and composable. A would work for directory-scoped rules but doesn't help when conventions span multiple directories (e.g., PCI rules apply to multiple packages). C addresses access control, not maintainability — conflicts still occur. D is wrong: Moving shared conventions to user-level means they won't reach teammates at all.
Question 3 — Task 3.1 Code Generation with Claude Code
A company deploys Claude Code with three configuration layers: user-level (~/.claude/CLAUDE.md), project-level (root CLAUDE.md), and src/payments/CLAUDE.md with PCI-DSS rules. A developer working in src/payments/ reports the PCI-DSS rules are active, but their personal preferences from ~/.claude/CLAUDE.md are absent. What is the most accurate diagnosis?
  • AThis is a bug — all three CLAUDE.md layers should always be active simultaneously regardless of working directory
  • BThe project-level CLAUDE.md is blocking the user-level file through an override mechanism
  • CAll three layers should be active simultaneously (user + project + directory-specific all stack), so if user preferences are absent while the directory-specific file works, the user-level file itself has an issue — likely a syntax error or misconfigured path
  • DDirectory-specific CLAUDE.md files replace parent-level configurations — the src/payments/CLAUDE.md is replacing both the project and user levels
Correct: C
C is correct. The CLAUDE.md hierarchy stacks: user-level + project-level + directory-specific all apply simultaneously. If PCI-DSS rules work but user preferences don't, the hierarchy itself is functioning correctly — the user-level file has a problem (syntax error, wrong path, empty file). The debugging focus should be on the user-level config, not the hierarchy. A is wrong: The behavior isn't a bug — it's pointing to an issue with the user-level file. B is wrong: CLAUDE.md files have no override mechanism; all layers are additive. D is wrong: Directory-specific files add to the configuration stack, they don't replace parent levels.
Task Statement 3.2
Task Statement 3.2

Create and configure custom slash commands and skills

Commands and skills extend Claude Code with on-demand workflows. Skills support YAML frontmatter that controls isolation, tool access, and argument prompting — and the exam tests which frontmatter key does what.

The Core Concept

Custom slash commands are Markdown templates stored as files — they can be shared team-wide or kept personal. Skills are more powerful: they run in their own context and support frontmatter configuration that controls isolation, tool access, and how they prompt for arguments.

The Exam Principle: context: fork is the key that prevents skill output from polluting the main conversation. When a skill does verbose exploration or generates a lot of intermediate reasoning, it runs in an isolated sub-agent context and returns only the summary. Without it, all that output becomes part of the main session's context window.

Slash Commands: Scoping

Project-Scoped (Team)
Location: .claude/commands/review.md Scope: shared via version control All team members get the command Invoke: /project:review Best for: standard team workflows, code review templates, release checklists, deployment commands
User-Scoped (Personal)
Location: ~/.claude/commands/my-review.md Scope: personal only Not in version control Invoke: /user:my-review Best for: personal shortcuts, experimental workflows, commands not ready for team use

Skills: Frontmatter Configuration

Skills use YAML frontmatter at the top of the SKILL.md file. Four frontmatter keys the exam tests:

.claude/skills/architecture-review/SKILL.md — full frontmatter SKILL CONFIG 
---
name: architecture-review
description: Reviews system architecture and returns a focused summary
context: fork          # ← runs in isolated subagent context
allowed-tools:           # ← restricts which tools can run
  - read_file
  - search_code
  - Grep
argument-hint: "path/to/module"  # ← prompts for arg if missing
---

Review the architecture of the module at {{args}}.

Analyse:
1. Dependency structure and circular imports
2. Public API surface — is it minimal?
3. Separation of concerns violations

Return a concise summary with top 3 findings.
🔀

context: fork

Runs the skill in an isolated sub-agent. Verbose output stays in the fork and doesn't accumulate in the main conversation. The skill returns only a summary to the main session. Use for: exploration, brainstorming, verbose analysis.

🔒

allowed-tools

Restricts which tools the skill can invoke. A write-only skill can be locked to Write and Edit only — preventing it from running destructive Bash commands accidentally. Principle of least privilege for skills.

💬

argument-hint

When a developer invokes the skill without providing arguments, Claude Code shows this hint and asks for the missing parameter. Prevents skills from running against the wrong target.

👤

Personal Variants

Create personal skill variants in ~/.claude/skills/ with different names. They won't conflict with or affect team skills — teammates see only what's in .claude/skills/.

💡
Skills vs CLAUDE.md: CLAUDE.md is always loaded and applies universally to every interaction. Skills are invoked on-demand for specific task types. Use CLAUDE.md for universal standards (coding style, testing requirements). Use skills for on-demand workflows (architecture review, migration planning, performance audit).

Exam Traps for Task 3.2

The TrapWhy It FailsCorrect Pattern
Use a skill without context: fork for verbose codebase exploration All exploration output accumulates in the main conversation's context window — quickly exhausting available tokens and degrading subsequent responses Add context: fork so verbose discovery runs in isolation; only the summary returns to the main session
Share a personal experimental slash command by putting it in .claude/commands/ Anything in .claude/commands/ is committed to version control and shared with all teammates Personal/experimental commands go in ~/.claude/commands/; team-ready commands go in .claude/commands/
Omit allowed-tools from a skill that should only write files Without tool restrictions, the skill can invoke any available tool — including destructive Bash commands Specify allowed-tools: [Write, Edit] to restrict to safe file operations

🔨 Implementation Task

T2

Build 3 Skills with Different Frontmatter Configurations

Demonstrate each key frontmatter option and verify its effect.

  • Create a project slash command at .claude/commands/pr-review.md; verify it appears for all team members via git
  • Create a skill with context: fork for codebase analysis; run it and confirm that verbose exploration output does NOT appear in main conversation history
  • Create a skill with allowed-tools: [Write, Edit]; attempt to call Bash from within the skill and confirm it is blocked
  • Create a skill with argument-hint: "path/to/target"; invoke it without arguments and verify the hint prompt appears
  • Create a personal variant of a team skill in ~/.claude/skills/ with a different name; confirm teammates cannot see it

Exam Simulation — Task 3.2

Question 1 — Task 3.2 Code Generation with Claude Code
A developer creates a codebase-audit skill that reads all source files, generates detailed intermediate analysis for each, and produces a final summary. After running it, they notice that all the intermediate file-by-file analysis has been added to the main conversation and subsequent Claude responses are much slower and less focused. What single frontmatter change would fix this?
  • AAdd allowed-tools: [Read] to restrict which files the skill can access
  • BAdd context: fork so the skill runs in an isolated sub-agent context, keeping verbose output out of the main conversation
  • CMove the skill to ~/.claude/skills/ so it runs in user scope rather than project scope
  • DAdd argument-hint: "compact" to tell the skill to produce more concise output
Correct: B
B is correct. context: fork is the exact mechanism for isolating verbose skill output. The skill runs in a sub-agent context — all intermediate output stays there — and only the final summary is returned to the main conversation. A restricts tool access, not output verbosity. C changes sharing scope, not execution context. D is inventedargument-hint prompts for missing arguments, it has no effect on output verbosity.
Question 2 — Task 3.2 Code Generation with Claude Code
A team wants to create a generate-migration skill that should write SQL migration files but must never execute them via Bash. How should they configure the skill frontmatter?
  • AAdd to the skill's Markdown body: "Do not run any Bash commands. Only write files."
  • BAdd allowed-tools: [Write, Edit] to the SKILL.md frontmatter to restrict execution to file write operations only
  • CAdd context: fork so that any Bash commands run in isolation and cannot affect the main project
  • DPlace the skill in ~/.claude/skills/ so it runs with reduced permissions by default
Correct: B
B is correct. allowed-tools is the frontmatter key for tool restriction. Specifying only [Write, Edit] prevents the skill from invoking Bash regardless of any instructions in the skill body. A is probabilistic — a prompt instruction can be bypassed. C is wrong: context: fork isolates context accumulation, not tool permissions — Bash would still run if allowed. D is wrong: User-scoped vs project-scoped affects sharing, not tool permissions.
Question 3 — Task 3.2 Code Generation with Claude Code
A team creates a /deploy skill that reads infrastructure config, generates a deployment plan, and executes it via Bash. A junior developer accidentally deployed to production (the config file referenced the wrong target). The team wants to add a structural safeguard that prevents execution without explicit plan review. Which approach provides the most reliable safeguard?
  • AAdd to the skill's Markdown body: "Always confirm the target environment with the user before executing any deployment commands"
  • BSplit into two skills: /deploy-plan (uses allowed-tools: [Read, Glob] — generates and displays the plan, no execution) and /deploy-execute (uses allowed-tools: [Bash] — runs the approved plan). The developer must explicitly invoke both and review the plan between steps
  • CAdd context: fork to the skill so deployment commands run in an isolated subagent context that cannot affect the main environment
  • DAdd argument-hint: "environment" to require the developer to specify the target environment explicitly before the skill runs
Correct: B
B is correct. Splitting into two skills creates a structural gate: /deploy-plan physically cannot execute (no Bash access), and /deploy-execute requires an explicit second invocation after review. The developer is forced by the tool design to pause and review. A is wrong: A prompt-based confirmation is what already exists implicitly — the developer who ran /deploy presumably intended to deploy; a confirmation prompt doesn't prevent a wrong config file being used. C is wrong: context: fork isolates conversation context, but the Bash commands still execute and affect the actual infrastructure. D is wrong: An environment argument doesn't prevent the junior developer from passing the wrong environment name — the config file was already selecting the wrong target.
Task Statement 3.3
Task Statement 3.3

Apply path-specific rules for conditional convention loading

Rules that only load when needed. Path-specific rules eliminate token waste from loading frontend conventions when editing backend files — and they solve the cross-directory convention problem that directory-level CLAUDE.md files can't.

The Core Concept

Files in .claude/rules/ support YAML frontmatter with a paths field. When a paths field is present, the rules load only when Claude is editing files matching those glob patterns. This conditional loading reduces irrelevant context and token usage.

The Key Advantage: Test conventions apply to test files regardless of which directory they live in. If your test files are spread across src/, lib/, and packages/, a single path-specific rule with pattern **/*.test.tsx covers all of them. A subdirectory CLAUDE.md can only cover files in its own directory.

Glob Patterns and Rule Files

.claude/rules/testing.md — path-specific rule with YAML frontmatter PATH-SCOPED RULE 
---
paths:
  - "**/*.test.tsx"       # all test files, any directory
  - "**/*.spec.ts"        # all spec files, any directory
  - "tests/**/*"          # anything in a tests/ directory
---

## Testing Standards
Always use React Testing Library, not Enzyme.
Test user behaviour, not implementation details.
Mock external API calls using msw.
Each test file must have at least one edge-case test.
Snapshot tests require an inline comment explaining intent.
.claude/rules/terraform.md — infrastructure rules PATH-SCOPED RULE 
---
paths:
  - "terraform/**/*"     # all terraform files
  - "**/*.tf"             # any .tf file anywhere
---

## Terraform Standards
All resources require name, environment, and team tags.
Never hardcode AWS account IDs — use data sources.
Remote state must use S3 backend with DynamoDB lock table.
✗ Directory-Level CLAUDE.md (Limited)
src/components/CLAUDE.md → applies to src/components/ only Problem: test files are in: src/components/__tests__/ src/hooks/__tests__/ packages/ui/tests/ Need 3 separate CLAUDE.md files. Conventions drift between locations.
✓ Path-Specific Rule (Universal)
.claude/rules/testing.md paths: ["**/*.test.tsx"] Applies to ALL test files: src/components/__tests__/ src/hooks/__tests__/ packages/ui/tests/ One rule. Zero drift. Consistent.
  • Use path-specific rules for conventions that apply to a file type across directories (test files, migration files, infrastructure files)
  • Use directory-level CLAUDE.md for conventions that apply to a domain or service (payments service, admin panel) regardless of file type
  • Path rules reduce token usage by loading only when editing matching files — infrastructure rules don't load during frontend work

Exam Traps for Task 3.3

The TrapWhy It FailsCorrect Pattern
Use directory CLAUDE.md to enforce test conventions spread across multiple directories A directory-level file only covers its own directory — test files in sibling or parent directories won't receive the rules Use a path-specific rule with **/*.test.tsx glob — applies everywhere the pattern matches
Load all rules in the root CLAUDE.md regardless of what file is being edited Infrastructure, payment, and frontend conventions all load for every file — wastes tokens and introduces irrelevant instructions Use path-scoped rules with paths: frontmatter — each rule loads only when relevant

🔨 Implementation Task

T3

Create Path-Scoped Rules and Verify Conditional Loading

  • Create .claude/rules/testing.md with paths: ["**/*.test.tsx", "**/*.spec.ts"] and 3 testing conventions
  • Create .claude/rules/terraform.md with paths: ["terraform/**/*", "**/*.tf"] and 2 Terraform rules
  • Open a regular TypeScript source file — verify neither testing nor terraform rules are loaded
  • Open a test file — verify testing rules load; verify terraform rules do NOT load
  • Open a .tf file — verify terraform rules load; verify testing rules do NOT load

Exam Simulation — Task 3.3

Question 1 — Task 3.3 Code Generation with Claude Code
A team wants to enforce React Testing Library conventions for all test files. Test files are scattered across src/, packages/, and lib/. Which configuration approach correctly applies the conventions to all test files regardless of location?
  • ACreate a CLAUDE.md in src/ covering all test conventions — the conventions will cascade to subdirectories and sibling packages
  • BCreate a separate CLAUDE.md in each directory that contains test files: src/, packages/, and lib/
  • CCreate .claude/rules/testing.md with paths: ["**/*.test.tsx", "**/*.spec.ts"] — the rule loads for all matching files regardless of directory
  • DAdd testing conventions to the root CLAUDE.md so they are always available in every file context
Correct: C
C is correct. Path-specific rules with glob patterns apply to all matching files across the entire codebase — regardless of directory. This is the explicit advantage of path-scoped rules over directory-level CLAUDE.md files. A is wrong: CLAUDE.md files don't cascade to sibling or parent directories. B works but creates drift — three copies of the same rules that can diverge over time. D works but wastes tokens — testing conventions load even when editing backend files with no tests.
Question 2 — Task 3.3 Code Generation with Claude Code
A team manages a monorepo with 3 services: a Node.js API (src/api/), a Python ML pipeline (src/ml/), and a React frontend (src/frontend/). Each service has conflicting conventions (Python uses snake_case, JS uses camelCase). A single root CLAUDE.md with all conventions causes Claude to apply Python conventions to TypeScript files. What is the cleanest solution?
  • ACreate a CLAUDE.md in each service directory that redefines all conventions for that service, replacing the root CLAUDE.md for those paths
  • BCreate service-specific rules files in .claude/rules/ with paths: arrays (e.g., paths: ["src/api/**", "src/api/**/*.ts"]) so each convention set activates only for matching file paths
  • CAdd explicit scope markers to the root CLAUDE.md using headings like "For files in src/api/: use these rules" and "For files in src/ml/: use these rules"
  • DRemove the root CLAUDE.md and rely only on per-directory CLAUDE.md files in each service subdirectory
Correct: B
B is correct. Path-scoped rules in .claude/rules/ are the designed mechanism for exactly this use case — each convention set loads only when Claude is editing files in the matching path, keeping shared conventions in the root CLAUDE.md and service-specific ones scoped. A would work technically but requires duplicating any shared conventions (git commit format, security guidelines) across 3 files and becomes a maintenance burden as services change. C is wrong: Plain text headings in CLAUDE.md are not a real scoping syntax — Claude reads the entire file for context regardless of headings, applying all conventions to all files. D loses all shared conventions — project-wide rules that apply everywhere (security policies, commit standards) have no home without a root CLAUDE.md.
Question 3 — Task 3.3 Code Generation with Claude Code
A security team wants OWASP input validation rules to apply when Claude edits files handling user input, but not when editing utility functions, tests, or configuration files. The security rules currently live in the root CLAUDE.md and apply everywhere, causing false alarms when editing test files. Which configuration change correctly scopes the security rules?
  • AMove the security rules from root CLAUDE.md to a CLAUDE.md placed in each directory that handles user input
  • BAdd a comment block in root CLAUDE.md: "The following rules apply only to files handling user input — use judgment to determine applicability"
  • CMove the security rules out of CLAUDE.md entirely and inject them via a custom slash command that developers invoke only when working on user-facing code
  • DCreate .claude/rules/security-validation.md with paths: ["src/handlers/**", "src/controllers/**", "src/api/**"] — the security rules load only when Claude is editing files in user-input-handling paths
Correct: D
D is correct. Path-scoped rules in .claude/rules/ activate exactly when editing matching files and are silent otherwise — this is the mechanism designed for conditional convention loading. A requires maintenance work: adding a new handler directory means creating another CLAUDE.md in that directory, and any shared conventions must be duplicated. B doesn't scope the rules — the security rules still load for all files; only the model is being asked to apply judgment, which was already failing (test file false alarms). C breaks discoverability — rules that require manual invocation are easily forgotten and create inconsistent application. Path-scoped rules are automatic and reliable.
Task Statement 3.4
Task Statement 3.4

Determine when to use plan mode vs direct execution

Plan mode is not for every task — it's for tasks where the cost of wrong assumptions is high. The exam tests whether you can classify tasks correctly and whether you know what the Explore subagent is for.

The Core Concept

Plan mode lets Claude explore a codebase and propose an approach before making any changes. It prevents costly rework on complex tasks where choosing the wrong implementation approach means undoing a lot of work. Direct execution is appropriate when the task is well-scoped, the correct approach is clear, and the change is small.

The Decision Rule: If the task involves multiple valid approaches with different architecture implications, or touches many files, or requires discovering unknown dependencies first — use plan mode. If the task has a clear correct solution and touches one or two files — use direct execution.

Decision Framework

✓ Plan Mode — Use When:
Architectural implications → microservice restructuring → library migration (45+ files) → database schema redesign Multiple valid approaches exist → choosing between 2 integration patterns with different infra needs → picking testing strategy Unknown scope → "add comprehensive tests" → "refactor auth module" → open-ended investigations
✓ Direct Execution — Use When:
Clear, scoped change → single-file bug fix with clear stack trace → add a date validation check → fix a typo in error message One correct approach → add null check before access → rename a variable → update a dependency version Well-understood change → add rate limiting to one endpoint → update one config value
  • Use plan mode for exploration, then switch to direct execution once the approach is confirmed — the combination is more powerful than either alone
  • Plan mode prevents "costly rework" — the exam phrase for situations where the wrong initial approach would require undoing many changes
  • Direct execution is fine for well-understood, single-file, clearly-scoped tasks — plan mode would add overhead without benefit

The Explore Subagent

During a multi-phase task, the Explore subagent isolates verbose discovery output. Rather than flooding the main session with file-by-file analysis, the Explore subagent does the discovery and returns a structured summary. This preserves context window space for the implementation phase.

🔍

What It Solves

Multi-phase tasks (explore → plan → implement) generate huge amounts of discovery output. Without isolation, the exploration phase exhausts the context window before implementation begins.

📋

What It Returns

A structured summary of findings — not the raw exploration. The implementation phase starts with a clean context containing only what matters: the summary and the implementation plan.

When to Use It

Any task with a discovery phase that generates more than a few pages of intermediate output: codebase mapping, dependency tracing, test gap analysis, legacy system exploration.

🔗

Relationship to context: fork

The Explore subagent is the same isolation concept as context: fork in skills — both run in a separate context and return summaries. Explore is the plan mode variant; fork is the skill variant.

Exam Traps for Task 3.4

The TrapWhy It FailsCorrect Pattern
Use plan mode for a single-file bug fix with a clear stack trace Adds unnecessary overhead — exploration and planning phases add latency for a task where the correct fix is already clear Direct execution; plan mode is for architectural decisions and multi-file changes with multiple valid approaches
Use direct execution for a library migration affecting 45+ files Without planning, Claude may choose an incompatible migration path — discovering the incompatibility after making 30 changes that must be reverted Plan mode first: explore affected files, identify approach options, confirm the plan before any changes are made
Run exploration and implementation in the same session without Explore subagent Verbose discovery output fills the context window — implementation phase has reduced capacity and may produce lower-quality output Use Explore subagent for discovery; implementation phase starts with a clean context plus the exploration summary

🔨 Implementation Task

T4

Classify and Execute 4 Tasks with Appropriate Mode

  • Task A: "Fix null pointer exception in payment processor — stack trace shows line 47 of payments.ts" → Direct execution. Do it. Note time taken.
  • Task B: "Migrate from axios to fetch across the entire codebase" → Plan mode. Observe the exploration output and proposed approach before approving.
  • Task C: "Add comprehensive integration tests to the authentication module" → Plan mode with Explore subagent. Note that context is clean for implementation.
  • Task D: "Add input validation to the createUser endpoint" → Direct execution. Note that planning would add overhead with no benefit.
  • Reflect: what signals in the task description indicate plan mode vs direct execution? Write 3 heuristics.

Exam Simulation — Task 3.4

Question 1 — Task 3.4 Code Generation with Claude Code
A developer asks Claude Code to migrate a legacy monolith to microservices. The codebase has 12 interconnected modules, and there are three valid decomposition strategies with different infrastructure implications. Which workflow approach is correct?
  • ADirect execution — start with the most commonly used module and extract it first; iterate from there
  • BDirect execution with a system prompt rule: "Prefer domain-driven decomposition patterns"
  • CPlan mode — explore dependencies, present the three strategy options with their trade-offs, and wait for the developer to confirm the approach before making changes
  • DDirect execution using a skill with allowed-tools: [Read] to prevent accidental writes during exploration
Correct: C
C is correct. Multiple valid approaches with different infrastructure implications is the canonical signal for plan mode. The developer needs to see the options and trade-offs before Claude commits to a strategy — choosing wrong means undoing many changes. A is risky: starting without a plan may lock in a decomposition that conflicts with infrastructure constraints discovered later. B adds a preference but doesn't prevent costly rework from the wrong architectural choice. D is a creative workaround but doesn't provide the planning and approval workflow that plan mode is designed for.
Question 2 — Task 3.4 Code Generation with Claude Code
During a large codebase analysis task, the context window is being exhausted by file-by-file discovery output before implementation even begins. What is the correct fix?
  • AUse a model with a larger context window to accommodate the full exploration output
  • BUse the Explore subagent to isolate verbose discovery output and have it return a structured summary to the main session, preserving context for implementation
  • CRun /compact after the exploration phase to compress the conversation before implementation
  • DSplit the task into two separate Claude Code sessions: one for exploration, one for implementation
Correct: B
B is correct. The Explore subagent is the designed solution for this exact problem. It runs discovery in isolation, keeps verbose output out of the main context, and returns only a structured summary. A delays the problem but doesn't solve it — larger context windows still fill up on large codebases. C uses /compact which compresses existing context but loses precision in the process; the Explore pattern prevents accumulation rather than compressing after. D would work but is manual and error-prone — the Explore subagent automates the isolation pattern.
Question 3 — Task 3.4 Code Generation with Claude Code
A developer is refactoring a payment processing service: modifying 3 core transaction functions, updating 2 database query patterns, adjusting error handling in 6 edge cases, and adding new logging. They ask Claude Code to start immediately. Claude writes 40 lines into transaction.ts, then asks which error handling pattern to use. The developer realizes this foundational choice affects all previous edits. What workflow would have prevented the rework?
  • ADirect execution with a more specific initial prompt enumerating all 40+ changes so Claude has full context before starting
  • BPlan mode: explore the codebase, identify error handling style as a foundational decision, present the approach options to the developer, and execute only after foundational choices are confirmed
  • CDirect execution with a rollback strategy — use git to undo changes if the foundational decision turns out to be wrong
  • DDirect execution with smaller incremental commits so mistakes are easier to identify and revert individually
Correct: B
B is correct. Plan mode exists for exactly this scenario: identifying foundational decisions (like error handling patterns) that must be resolved before any code is written, because they constrain all subsequent work. Plan mode surfaces the dependency — Claude asks about error handling before writing any code, not after 40 lines. A makes the same mistake: even with a 200-line detailed prompt, Claude would write the 40 lines before encountering the error handling choice — the dependency only becomes visible during exploration. C and D are recovery strategies, not prevention strategies — they accept that rework will happen and try to minimize its cost rather than eliminating it.
Task Statement 3.5
Task Statement 3.5

Apply iterative refinement techniques for progressive improvement

Knowing how to communicate expected transformations precisely, how to guide Claude with failing tests rather than prose, and when to provide all issues at once vs sequentially — these are the precision skills that separate production-grade outputs from first drafts.

The Core Concept

When Claude's output is inconsistent with what you want, the problem is often underspecified expectations. Iterative refinement is about progressive specification: start with what you have, identify exactly where the gap is, and communicate the correction with enough precision that Claude can generalise it to novel cases.

Refinement Techniques

📐

Concrete Input/Output Examples

When prose descriptions produce inconsistent transformations, provide 2–3 concrete input/output pairs. Shows the shape of the expected transformation rather than describing it in words. Most effective for format and structure.

🧪

Test-Driven Iteration

Write test suites first covering expected behaviour, edge cases, and performance. Then iterate by sharing failing tests — Claude has an unambiguous signal about what needs to change. Eliminates interpretation gaps.

🎤

Interview Pattern

Ask Claude to surface design considerations before implementing. Claude asks questions about cache invalidation strategies, failure modes, and unknown edge cases. Use for unfamiliar domains where you may not know what you don't know.

📦

Batch vs Sequential Fixes

When issues interact (fixing one changes what another should be), provide all fixes in a single message. When issues are independent, fix them sequentially so each fix can be validated before the next.

Concrete input/output example — clarifying transformation requirements EFFECTIVE SPECIFICATION 
# Instead of: "Format the dates consistently"
# → Too vague. Claude will pick a format arbitrarily.

# Do this: provide concrete input/output pairs
"""
The transformation should work like this:

Input:  { "created": "2024-01-15T14:30:00Z" }
Output: { "created": "Jan 15, 2024 at 2:30 PM UTC" }

Input:  { "created": 1705329000 }
Output: { "created": "Jan 15, 2024 at 2:30 PM UTC" }

Input:  { "created": null }
Output: { "created": "Unknown" }

Apply this transformation to all date fields in the response.
"""
✗ Interacting Issues → Wrong Approach
Fix 1 message: "Change the return type from string to number" Fix 2 message: "Update the error handler to match the new return type" Problem: Fix 2 depends on Fix 1. Sending them separately may produce a contradictory intermediate state that confuses Claude.
✓ Interacting Issues → Batch Fix
Single message: "Make two related changes: 1. Change return type: string → number 2. Update error handler to return -1 instead of empty string on failure Both changes interact — the error handler must match the new type."

Exam Traps for Task 3.5

The TrapWhy It FailsCorrect Pattern
Describe transformation requirements in prose when they produce inconsistent results Prose descriptions are interpreted differently in different contexts — Claude generalises based on examples, not instructions Provide 2–3 concrete input/output pairs that demonstrate the exact transformation including edge cases
Send interacting bugs one at a time for sequential fixing Each fix changes the codebase state — the second bug's fix may be invalidated by the first, or the intermediate state may cause new errors Provide all interacting issues in a single message; sequential iteration is correct only for independent issues
Implement first, then write tests to verify Tests written after implementation often over-fit to the implementation rather than specifying the intended behaviour; edge cases are missed Write test suite first covering expected behaviour and edge cases; iterate by sharing failing tests

🔨 Implementation Task

T5

Practice All Four Refinement Techniques

  • Find a transformation task where prose produces inconsistent output; replace with 3 concrete input/output examples; measure consistency improvement
  • Write a test suite for a feature before implementing; share failing tests with Claude iteratively until all pass
  • Use the interview pattern for an unfamiliar domain (e.g., "implement a distributed lock"); observe which design questions Claude surfaces that you hadn't considered
  • Identify 2 interacting bugs in a codebase; fix them in a single message; compare to fixing sequentially and observe the intermediate state problem
  • Document your personal refinement heuristics: when would you reach for each of the four techniques?

Exam Simulation — Task 3.5

Question 1 — Task 3.5 Code Generation with Claude Code
A developer asks Claude to "format all API responses consistently." Claude produces different formats on different files — sometimes camelCase, sometimes snake_case, sometimes nested, sometimes flat. What is the most effective way to communicate the expected transformation?
  • AAdd to CLAUDE.md: "Always use camelCase for API responses with flat structure"
  • BAsk Claude to review the inconsistent outputs and self-critique before producing the next response
  • CProvide 2–3 concrete before/after examples showing the exact input structure and the expected output structure, including how edge cases like null values should be handled
  • DRun the transformation three times and use majority-voting to determine the correct format
Correct: C
C is correct. Concrete input/output examples are the most effective specification technique when prose produces inconsistent results. They show the exact shape of the expected transformation and enable Claude to generalise correctly to novel inputs. A may help for new sessions but doesn't address the ambiguity — "flat" and "camelCase" are still underspecified. B (self-critique) is a useful multi-pass technique but doesn't solve underspecified requirements — Claude still doesn't know the exact format. D is never a correct approach — three inconsistent outputs don't produce one correct one.
Question 2 — Task 3.5 Code Generation with Claude Code
A team uses Claude Code to refactor an authentication module. After the first attempt, the output has the right structure but uses a deprecated JWT library. After being told "use jose instead of jsonwebtoken," the second attempt uses jose but loses the multi-tenant tenant_id claim. By the third attempt, a different required field is missing. Each iteration fixes one issue and introduces another. What is the fundamental problem and correct fix?
  • AThe task is too complex for Claude Code — split it into smaller individual sub-tasks for each function
  • BEach correction prompt is too narrow and doesn't define what "correct" looks like holistically. Define a complete acceptance checklist before any iteration (required library, all JWT claims, error handling patterns, test coverage) and validate each attempt against the full checklist, not just the most recent correction
  • CSwitch to a model with stronger memory to retain all previous corrections across iterations without losing context
  • DRun the refactor 3 times in parallel with different prompts and use the version that passes the most automated tests
Correct: B
B is correct. The iterative regression pattern — fix one thing, break another — happens when success criteria are partial. Each narrow correction creates a new blind spot. A complete acceptance checklist defined before iteration begins means each attempt is evaluated against all requirements, not just the latest complaint. A is wrong: The problem isn't task complexity but incomplete success criteria — even smaller sub-tasks will regress without a full definition of done. C is wrong: All corrections were provided in the conversation history; the model has access to them. The issue is synthesizing them into a complete picture, not memory loss. D is wrong: Parallel runs with different prompts may all produce the same regressions if none of them has a complete specification.
Question 3 — Task 3.5 Code Generation with Claude Code
A developer asks Claude Code to generate a REST API endpoint. After the first draft (good happy path, no input validation), 6 sequential correction prompts later the endpoint is no longer clearly better than the original draft. Which iterative refinement approach would have been most efficient?
  • AWrite the complete specification in the initial prompt to eliminate the need for iterative correction entirely
  • BAccept the first draft and manually fix the known issues — treat Claude's output as a starting point, not a finished product
  • CAfter the first draft, evaluate it against a pre-defined rubric (input validation, error codes, response schema, auth, logging), identify all gaps simultaneously, and issue one comprehensive correction prompt rather than 6 sequential single-issue corrections
  • DUse /compact after each iteration to prevent context accumulation from degrading response quality in later rounds
Correct: C
C is correct. Evaluating the draft against a complete rubric and issuing one comprehensive correction prevents the regression cycle: fixing validation doesn't disturb error codes when both are specified simultaneously. Sequential single-issue corrections introduce blind spots with each pass. A is ideal but often not possible — many specification details only become clear once you see a draft. Complete upfront specification is good practice but doesn't help when you're already iterating. B discards the iterative benefit — Claude can produce correct code with the right guidance, so abandoning to manual editing throws away that capability. D addresses context management, not correction quality — /compact doesn't change what you ask for, only how much history is retained.
Task Statement 3.6
Task Statement 3.6

Integrate Claude Code into CI/CD pipelines

CI/CD is non-interactive by definition. One missing flag causes an infinite hang. The exam tests the exact CLI flag for non-interactive mode, the correct output format for inline PR comments, and the important trade-off between real-time and batch processing APIs.

The Core Concept

Claude Code is designed for interactive use by default — it waits for user input when it needs clarification. In CI pipelines, there is no user. Without the correct flag, the pipeline hangs indefinitely waiting for input that will never come.

The -p Flag: The -p (or --print) flag runs Claude Code in non-interactive mode — it processes the prompt, outputs to stdout, and exits without waiting for user input. This is the exam answer whenever a CI/CD pipeline hangs. No other flag, environment variable, or Unix workaround is correct.

CI/CD CLI Flags

bash — correct Claude Code CI/CD invocation CI PATTERN 
# ✓ Non-interactive: process and exit
claude -p "Analyze this pull request for security issues"

# ✓ Structured JSON output for automated parsing
claude -p "Review for security issues" \
  --output-format json \
  --json-schema review-schema.json

# Result: machine-parseable JSON for inline PR comments
# {
#   "findings": [
#     {"file": "auth.ts", "line": 42, "severity": "high", "message": "..."},
#   ]
# }

# ✗ WRONG — hangs waiting for interactive input
claude "Analyze this pull request for security issues"
🚀

-p / --print

Non-interactive mode. Processes the prompt, writes output to stdout, and exits. Required for all CI/CD usage. Without it, the pipeline hangs indefinitely.

📊

--output-format json

Forces structured JSON output. Combine with --json-schema to enforce a specific schema. Enables automated posting as inline PR comments without text parsing.

🔄

Re-run Deduplication

When re-running a review after new commits, include prior review findings in context and instruct Claude to report only new or still-unaddressed issues. Prevents duplicate comments on the same PR.

🧪

Test Generation Context

Provide existing test files in context so generated tests don't duplicate existing scenarios. Document available fixtures in CLAUDE.md to improve test quality and avoid low-value test output.

Batch API vs Real-Time: The Critical Trade-off

The Message Batches API offers 50% cost savings but with up to 24-hour processing time and no guaranteed latency SLA. The exam tests whether you know which workflows can tolerate async processing and which cannot.

⚠️
The Exam Scenario (Official Q11): A team wants to switch both (1) a blocking pre-merge check and (2) an overnight technical debt report to the Batch API for cost savings. The correct answer: Batch only for the overnight report. Pre-merge checks block developers and require real-time completion — the Batch API's non-deterministic latency makes it unsuitable for blocking workflows.
✓ Batch API — Appropriate Uses
Overnight technical debt reports Weekly codebase quality analysis Bulk document processing Non-blocking background analysis Reports reviewed the next morning Processing time: up to 24 hours Cost saving: 50% SLA: none Results: correlate by custom_id
✗ Batch API — Wrong Uses
Pre-merge checks (developer waits) Real-time review feedback Any blocking pipeline gate Latency-sensitive workflows SLA-bound operations Why: "often faster" is not acceptable for blocking workflows. No guaranteed completion time.
💡
Session Context Isolation: The same Claude session that generated code is less effective at reviewing its own changes. For code review in CI, use an independent review instance — it brings fresh perspective without the bias of having written the code.

Exam Traps for Task 3.6

The TrapWhy It FailsCorrect Pattern
Pipeline hangs → set CLAUDE_HEADLESS=true This environment variable does not exist. It's a plausible-sounding distractor. Use -p flag: claude -p "prompt"
Pipeline hangs → redirect stdin from /dev/null A Unix workaround that doesn't address Claude Code's interactive mode design — behaviour is undefined and unreliable Use -p flag — the documented, supported non-interactive mode
Switch blocking pre-merge checks to Batch API for cost savings Batch API has up to 24h processing time with no SLA — developers cannot wait for pre-merge feedback to complete Keep pre-merge real-time; use Batch only for non-blocking workflows like overnight reports
Re-run code review without prior findings in context Claude re-flags the same issues as new, creating duplicate PR comments on issues already identified Include prior review findings in context; instruct Claude to report only new or still-unaddressed issues

🔨 Implementation Task

T6

Build a Complete CI/CD Review Pipeline

  • Write a CI pipeline step that invokes Claude Code with -p flag — verify the job exits automatically without hanging
  • Add --output-format json --json-schema flags; parse the JSON output and post findings as inline PR comments
  • Implement deduplication: include prior findings in context on re-runs; verify only new issues are posted
  • Implement test generation: provide existing test files in context; verify no duplicate test scenarios are suggested
  • Design the cost split: identify which pipeline steps can use Batch API (overnight) vs which must stay real-time (blocking gates)

Exam Simulation — Task 3.6

Question 1 — Task 3.6 Claude Code for CI/CD
A pipeline script runs claude "Analyze this pull request for security issues" but the CI job hangs indefinitely. Logs indicate Claude Code is waiting for interactive input. What is the correct fix?
  • AAdd the -p flag: claude -p "Analyze this pull request for security issues"
  • BSet the environment variable CLAUDE_HEADLESS=true before running the command
  • CRedirect stdin from /dev/null: claude "..." < /dev/null
  • DAdd the --batch flag: claude --batch "..."
Correct: A
A is correct. This is the official exam question Q10. The -p (or --print) flag is the documented, supported mechanism for non-interactive CI/CD usage. It processes the prompt, outputs to stdout, and exits cleanly. B is wrong: CLAUDE_HEADLESS is not a real environment variable — it's a plausible-sounding distractor. C is wrong: stdin redirection is a Unix workaround that doesn't properly address Claude Code's interactive mode — behaviour is unreliable. D is wrong: --batch is not a valid Claude Code flag.
Question 2 — Task 3.6 Claude Code for CI/CD
A team has two automated Claude workflows: (1) a blocking pre-merge security check that developers wait for before merging, and (2) a technical debt report generated overnight for the next morning's standup. Their manager proposes switching both to the Message Batches API for 50% cost savings. How should you respond?
  • AUse batch processing only for the overnight technical debt report; keep real-time calls for pre-merge checks — batch has up to 24h latency with no SLA, which is incompatible with blocking developer workflows
  • BSwitch both to batch processing with status polling to check for completion every few minutes
  • CKeep real-time calls for both — batch results cannot be correlated to their original requests
  • DSwitch both to batch with a 30-minute timeout fallback to real-time if batches don't complete in time
Correct: A
A is correct. This is the official exam question Q11. Match each API to its appropriate use case: batch for non-blocking async workloads, real-time for latency-sensitive blocking workflows. B is wrong: status polling doesn't change the up-to-24h completion time — developers cannot wait that long to merge. C is wrong for two reasons: its claim that batch results cannot be correlated is false — the Batch API uses custom_id fields for exactly that purpose. More importantly, its conclusion to "keep real-time for both" is unnecessarily conservative: the overnight report has no latency requirement and is a textbook batch use case. D adds unnecessary complexity — the simpler correct solution is not switching the blocking workflow to batch at all.
Question 3 — Task 3.6 Claude Code for CI/CD
A team runs a nightly security audit: claude -p "Audit $(git diff HEAD~7) for security issues". After a library update introduces 14 new files, the diff exceeds 80,000 tokens and the audit begins timing out. The team wants to maintain comprehensive weekly coverage while fixing the timeout. What is the correct architectural approach?
  • AIncrease the CI pipeline timeout from 5 minutes to 30 minutes to accommodate larger weekly diffs
  • BSwitch from HEAD~7 to HEAD~1 to limit the audit to the most recent day's changes
  • CAdd a pre-processing step that splits the diff into per-file or per-component chunks, then run parallel claude -p audit calls on each chunk, aggregating findings in a final step
  • DSwitch from claude -p to the Message Batches API so the large diff can be processed asynchronously without a pipeline timeout
Correct: C
C is correct. Chunking + parallel processing is the correct pattern for large inputs in CI: each chunk fits in context, parallel calls restore the original latency (or better), and comprehensive coverage is maintained. A doesn't fix the root cause — extending the timeout means the next library update will push past it again. Timeouts compound without architectural change. B reduces coverage — auditing only the most recent day's changes means a vulnerability introduced Monday isn't caught until Monday night, not the weekly nightly run. The team explicitly wants to maintain weekly comprehensive coverage. D is wrong: The Batch API is designed for batch workloads (thousands of independent requests), not for a single large CI audit. It also has the same context limit per request — a single 80,000-token call fails whether submitted synchronously or via the Batch API.
Domain 3 · All 6 Task Statements · Claude Certified Architect – Foundations
Next: Domain 4 — Prompt Engineering & Structured Output →