What is Claude Code? The Guardrails That Saved My SaaS

By Lazar Milicevic · Published June 10, 2026 · 8 min read

Anthropic's demo videos show Claude Code refactoring a toy repo. They don't show what happens when a terminal agent with write access decides a migration file is "redundant" at 11pm on a Friday. If you run a SaaS, you already know that fear. Here's the exact setup I run on a 22,000-line Laravel/Vue invoicing app with 600 paying users, and the 14-minute refactor that proved it works.

Claude Code Is Not A Chatbot. That's The Whole Problem.

Most people still confuse Claude Code with Claude.ai. They are not the same product and the difference is the entire reason you need guardrails.

Claude.ai is a chat window. You paste, it answers, you copy code back into your editor. Blast radius: zero. Claude Code is a terminal agent. You run it inside your project folder and it:

• Reads your actual files
• Edits them in place
• Runs your test suite
• Runs your build
• Runs git commands (including destructive ones)

The moment an AI has write access to your repo, the conversation stops being about prompt engineering and starts being about blast radius. That's the part the marketing skips.

Week one of using it on production, I learned this the expensive way. I gave it a refactor task on a live invoicing SaaS — 22,000 lines of code, 600 active paying users across three countries who legally needed to send invoices on time. I went to make coffee. When I came back, Claude Code had decided a database migration file was "redundant" and deleted it. Next deploy hit the missing file in the migration chain, and for 40 minutes nobody could create an invoice. 40 minutes of Friday-night support tickets.

The tool is powerful. The default settings are not safe for production code. Here are the three layers I run on every client project now.

Layer One: Git Isolation. Claude Code Never Touches Main.

Before Claude Code reads a single byte of my repo, I'm on a throwaway branch with an empty anchor commit. That anchor is my undo button.

I wrap it in a shell alias so I can't forget:

# ~/.zshrc
alias claude-start='git checkout -b "claude-session-$(date +%Y%m%d-%H%M)" && \
  git commit --allow-empty -m "session start: claude code anchor" && \
  echo "✓ Branch: $(git branch --show-current)" && \
  echo "✓ Anchor: $(git rev-parse --short HEAD)"'

Workflow is one command:

$ claude-start
Switched to a new branch 'claude-session-20250115-1430'
✓ Branch: claude-session-20250115-1430
✓ Anchor: a3f2c91

If anything goes sideways during the session, recovery is two seconds:

git reset --hard a3f2c91

The empty anchor commit matters more than the branch. Branches drift. A pinned hash you wrote down 30 seconds ago is the only thing that can't lie to you. Claude Code never runs on main. Not for typo fixes, not for one-line edits, not for anything. The cost of the branch is zero. The cost of skipping it once is the rest of your evening.

Layer Two: CLAUDE.md — The File That Stops 80% Of Incidents

Claude Code reads a file called CLAUDE.md at the repo root automatically every session. This is where you put the rules. Plain English, no special syntax. It works.

Here's a redacted version of the one I ship on the invoicing app:

# Project Rules for Claude Code

## Forbidden directories — DO NOT MODIFY
- `/database/migrations/` — production schema, manually reviewed only
- `/app/Webhooks/Payment/` — payment provider integration, contract-tested
- `/config/production/` — environment-specific configs
- `.env`, `.env.production`, `.env.staging` — secrets

## Commands
- Test: `php artisan test --parallel`
- Build: `npm run build`
- Lint: `./vendor/bin/pint`

## Workflow rules
- After any edit touching more than 1 file, STOP and summarize what changed
  before continuing.
- Never run `git push`, `git rebase`, or `git reset --hard`.
- If a task requires touching a forbidden directory, stop and ask.
- Do not delete files. Mark them for review in your summary instead.

## Domain notes
- VAT logic must remain in `App\Services\Tax\*`. Do not inline.
- All money is stored as integer cents. Never float.

Things to know about this file:

• Claude Code will tell you when it skipped a directory because of CLAUDE.md. That's the signal it's working.
• The "do not delete files, mark them for review" rule is a direct response to my migration incident. It hasn't deleted a file since.
• The forbidden list is more useful than an allowed list. You'll never enumerate everything Claude is allowed to touch in a 22k-line codebase. You can enumerate the 4 directories that ruin your weekend.

That single file has prevented more incidents than any other tooling I use.

Layer Three: Plan Mode + Diff Review

The first pass on anything non-trivial runs in plan mode. Claude Code outputs the full list of intended file changes before writing a character. You read it, push back on anything sensitive, then approve.

The session looks like this:

$ claude
> /plan Refactor VAT calculation. Find every place VAT is calculated,
  consolidate into a single service class, update all call sites,
  run the test suite.

[Claude Code outputs plan]

Plan:
  1. Create App\Services\Tax\VatCalculator
  2. Modify InvoiceController.php (3 call sites)
  3. Modify QuoteController.php (2 call sites)
  4. Modify CreditNoteService.php (1 call site)
  5. Modify InvoiceLineItem.php (1 call site)
  6. Update tests in tests/Feature/Tax/
  7. Run: php artisan test --parallel

Files NOT touched: database/migrations/*, app/Webhooks/Payment/*
  (per CLAUDE.md)

Approve? [y/n]

If the plan touches something it shouldn't, I push back in plain English and it regenerates. Only after the plan is clean do I let it execute.

After execution, a second terminal opens and runs:

git diff --stat
git diff

Every changed file gets eyeballed before I commit. Yes, this is slower than letting it rip. In eight months across multiple production codebases I have had zero repeat incidents.

The non-negotiables of this layer

• Plan mode for anything touching more than two files
• git diff review before every commit, no exceptions
• Push back on the plan in natural language — don't manually edit it

The 14-Minute Refactor That Proved It Works

Last week the VAT rules changed in one of the markets the app serves. The calculation was duplicated across seven files (a sin I inherited, not one I committed). A junior dev pass at it would have been half a day plus an hour of review.

Timeline:

• 0:00 — claude-start alias, confirmed CLAUDE.md was current
• 0:15 — One prompt: "Find every place VAT is calculated, consolidate into a single service class, update all call sites, run the test suite."
• 1:45 — Plan mode returned: clean breakdown across the seven files. No migrations touched. No payment webhooks touched. Approved.
• 13:30 — Execution finished. php artisan test --parallel passed on the first run.
• 14:00 — git diff review. Two small style adjustments by hand. Committed.

That's 14 minutes for what used to be a half-day task plus a code review. The speedup is real. But the speedup only exists because the guardrails make the agent trustworthy enough to actually use. Without them, I would have spent that 14 minutes followed by an hour of paranoia checking what else it touched, and probably another incident.

The point is not that Claude Code is magic. The point is that with three boring layers of guardrails — a branch with an anchor commit, a CLAUDE.md file with forbidden directories, and plan-mode-plus-diff-review — an AI agent becomes a junior developer you can actually trust on production code. Without them, it's a loaded gun pointed at your weekend.

Why bizflowai.io helps with this

Most of the production automations I ship for clients run on the same guardrail pattern: isolated git branches per agent session, repo-level instruction files that fence off payment and auth code, and a plan-then-execute step that a human approves before anything touches a production file or database. When bizflowai.io takes over a client's repetitive engineering work — refactors, schema migrations, cron-job maintenance, integration glue — the agent never has unsupervised write access to the things that, if broken, generate refund requests. That's the boring infrastructure most "AI dev" pitches don't talk about.

Frequently asked questions

What is Claude Code and how is it different from Claude.ai?

Claude Code is a terminal agent that lives inside your project folder, reads your actual files, edits them, runs your test suite, runs your build, and executes git commands. Claude.ai, by contrast, is just a chat window where you paste text and get answers. The critical difference is write access: Claude Code changes your code directly, which means safety practices matter from the first session.

How do I safely run Claude Code on a production codebase?

Use a three-layer guardrail setup. First, git isolation: check out a dedicated branch and create an empty anchor commit you can reset to. Second, a CLAUDE.md file at the repo root listing forbidden directories, test commands, and stop-and-summarize rules. Third, staged approval: run plan mode first, review the proposed changes, then review git diff before committing every edit.

What is a CLAUDE.md file and why does it matter?

CLAUDE.md is an instruction file at the root of your repository that Claude Code reads automatically every session. It can list forbidden directories in plain English (like database migrations or payment webhooks), specify test and build commands, and set rules such as stopping to summarize after multi-file edits. Claude Code respects these rules and will explicitly skip directories the file forbids.

Why should you never run Claude Code on the main branch?

Claude Code has write access to your files and can delete or modify anything it judges redundant, including critical files like database migrations. In one real incident, an unsupervised refactor deleted a migration file, breaking invoice creation for 40 minutes on a live SaaS. Running on a dedicated session branch with an anchor commit lets you git reset back to a known good state in seconds.

When should I use plan mode in Claude Code?

Use plan mode for any non-trivial task, especially refactors that touch multiple files or anything near sensitive areas like migrations, payment logic, or production config. Plan mode shows you a file-by-file breakdown of intended changes before Claude Code writes a single character, letting you push back on risky edits before execution. Pair it with a git diff review after execution for full coverage.

Want more like this?

I publish practical AI automation, GenAI engineering, and faceless content workflows on YouTube every week.

Subscribe to bizflowai.io on YouTube — never miss a new tutorial.

Planning an AI automation project or need a second opinion on your architecture?

Connect with me on LinkedIn — Lazar Milicevic, GenAI Engineer & bizflowai.io Founder.

Visit bizflowai.io for our services, case studies, and AI consulting.