HARNESS  ·  Cheat Sheet

v0.1  ·  15 May 2026

Agent = Model + Harness. The model is intelligence; the harness is everything else. Below is the configuration you can build in one afternoon. Pin this. The full handbook lives at HANDBOOK.md.

1Memory · CLAUDE.md

  • Three files: ~/.claude/CLAUDE.md (global, <30 lines), ./CLAUDE.md (project, source-controlled), ./CLAUDE.local.md (personal, gitignored).
  • Treat as context, not enforcement. Rules here are advice, not law. Hard rules belong in hooks.
  • Anthropic's hard warning fires at 40 KB. Cut to <60 effective lines.

2Skills · the system that prompts for you

  • Build a skill the second time you do something, not the third.
  • YAML header + 10–30 lines of instructions in ~/.claude/skills/<name>/SKILL.md.
  • Rule of seven Seven good skills beat seventy half-built ones.
  • Use skill-creator to scaffold. Description = activation trigger; tighten until it fires only when it should.

3Subagents · isolated context

  • Default four: Plan Explore code-reviewer general-purpose.
  • Isolation is the value — keep main session lean by delegating long research.
  • Model routing: Haiku for mechanical, Sonnet for synthesis, Opus only for tradeoffs. 40–70% token savings on research tasks; can be negative ROI on small ones.

4MCP servers · tools, not recipes

  • 4–6 always-on max. More than ~10 measurably degrades attention (MindStudio: 18k token overhead for a standard 5-server stack).
  • Baseline: filesystem GitHub git fetch search
  • Per-project for anything that touches money, email, or customer data.
  • Auth-scope minimisation. If a server only needs read, do not give it write.

5Hooks · the only enforced layer

  • Two on day one: PreToolUse on Bash blocking rm -rf, chmod -R, xattr; PreToolUse on Write/Edit scanning for secrets.
  • Configure in .claude/settings.json; scripts in ~/.claude/hooks/.
  • Success silent · failures verbose. Exit 0 to allow; exit 2 with one-line stderr to block.
  • Hooks survive --dangerously-skip-permissions. They are the safety net.

6Permissions · the gate

  • Six modes: default · acceptEdits · plan · auto (Mar 2026) · dontAsk · bypassPermissions.
  • Order: Hooks → Deny → Allow → Ask → Mode. Deny wins.
  • Build the deny list first. Promote frequently-asked commands to the allow list as you observe them.
  • --dangerously-skip-permissions only in containers / VMs. Anthropic ships a devcontainer for this.

7Statusline · what you see

  • Custom one-liner via .claude/statusline.sh.
  • Show: model, context-remaining, cost, working dir, mode.
  • Mode in the statusline prevents the silent footgun of running in the wrong one.

8The 80/20 hacks

  • PDF → text first. pdftotext path.pdf -. ~10× token reduction on text-bearing PDFs.
  • Reset, do not summarise. Long sessions degrade past ~60–70% context fill. Write a progress file, /clear, restart.
  • Two settings.json env tweaks (version-fragile): CLAUDE_CODE_DISABLE_1M_CONTEXT=1, CLAUDE_AUTOCOMPACT_PCT_OVERRIDE=80.
  • Concise prompts. 29 words > 500. Targeted edits ("only redo section 3"). New chats for new topics.

9Anti-patterns

  • Bloated CLAUDE.md (400+ lines). Anthropic warns at 40 KB.
  • MCP hoarding (>10 always-on). Each server adds context overhead.
  • Treating CLAUDE.md as enforcement. It is context. Hooks bind.
  • --dangerously-skip-permissions on host. Use a container.
  • Trusting third-party skills/MCP blindly. Read before installing. Auth-scope minimise.

10The capability test

  • When the agent is off — am I a sharper thinker, more disciplined operator, better delegator, better systems designer than last month?
  • If yes, the harness is good. If no, it is a crutch.
  • The Ratchet Principle: every failure becomes a permanent rule. The harness only tightens.

Minimum viable harness, twelve files, one afternoon:

~/.claude/
├── CLAUDE.md                    # <30 lines. Identity, style, paths, behaviour.
├── settings.json                # Deny list. Two PreToolUse hooks. Statusline.
├── skills/<name>/SKILL.md       # Five to seven, one per recurring workflow.
├── agents/                      # Plan, Explore, code-reviewer, general-purpose.
└── hooks/
    ├── fs-guard.sh              # Blocks destructive filesystem ops.
    └── secret-scan.sh           # Blocks committing secrets.

<project>/
├── CLAUDE.md                    # Project conventions. Source-controlled.
├── CLAUDE.local.md              # Your overrides. Gitignored.
├── .claude/settings.json        # Project allow list.
├── .claude/settings.local.json  # Your personal pre-approvals.
└── INDEX.md                     # Map of the repo.