Cheat sheet

One-page printable reference. Ctrl/⌘+P to print — print stylesheet hides nav, footer, and quizzes.

Slash commands

/compact          # Free context window space
/clear            # Reset context (unrelated tasks)
/resume           # Continue previous session
/cost             # Token usage by model
/model sonnet     # Default
/model opus       # Multi-device reasoning
/model haiku      # Quick lookups
/export           # Save conversation to file
/branch           # Fork without polluting main
/sandbox          # Restrict to project dir
/mcp              # List connected MCP servers
/plugin install   # Install local/remote plugin

Permissions (.claude/settings.json)

{
  "permissions": {
    "allow": [
      "Read", "Glob", "Grep",
      "Bash(ssh * show:*)",
      "Bash(ping:*)",
      "Bash(traceroute:*)",
      "Bash(terraform plan:*)"
    ],
    "deny": [
      "Bash(ssh * conf:*)",
      "Bash(ssh * configure:*)",
      "Bash(ssh * write:*)",
      "Bash(ssh * reload:*)",
      "Bash(terraform apply:*)",
      "Bash(ansible-playbook:*)"
    ],
    "ask": [
      "Bash(scp:*)",
      "Bash(git push:*)",
      "Bash(git commit:*)"
    ],
    "defaultMode": "askEdits"
  }
}

PreToolUse hook — block config commands

{
  "hooks": {
    "PreToolUse": [{
      "matcher": "Bash",
      "hooks": [{
        "type": "command",
        "command": "echo $CLAUDE_TOOL_INPUT | jq -r '.command' | grep -qiE 'configure|conf t|edit exclusive|set system|commit|write mem|copy run|reload|reboot' && echo BLOCKED && exit 2 || exit 0",
        "timeout": 5000
      }]
    }]
  }
}

PostToolUse hook — auto-lint

{
  "hooks": {
    "PostToolUse": [{
      "matcher": "Write(*.yml)",
      "hooks": [{
        "type": "command",
        "command": "ansible-lint $CLAUDE_FILE_PATH --profile production"
      }]
    }, {
      "matcher": "Write(*.tf)",
      "hooks": [{
        "type": "command",
        "command": "terraform fmt -check $CLAUDE_FILE_PATH && terraform validate"
      }]
    }]
  }
}

SessionStart hook — git pull

{
  "hooks": {
    "SessionStart": [{
      "hooks": [{
        "type": "command",
        "command": "cd ~/network-automation && git pull --quiet && echo 'Synced'"
      }]
    }]
  }
}

MCP servers

# NetBox
claude mcp add --transport stdio netbox \
  --env "NETBOX_URL=$URL" \
  --env "NETBOX_TOKEN=$TOKEN" \
  -- npx -y @your-org/mcp-server-netbox

# Grafana
claude mcp add --transport http grafana \
  --header "Authorization: Bearer $GF_TOKEN" \
  https://grafana.internal/mcp/

# GitHub
claude mcp add --transport stdio github \
  -- npx -y @anthropic-ai/mcp-server-github

# Postgres (syslog)
claude mcp add --transport stdio postgres \
  --env "DATABASE_URL=$DB_URL" \
  -- npx -y @anthropic-ai/mcp-server-postgres

CLAUDE.md skeleton

# Project — Operational Context

## Environment
- Core: Arista 7280R3, EOS 4.32.2F
- Access: Cisco Catalyst 9300, IOS-XE 17.12
- Firewalls: Palo Alto PA-5400, PAN-OS 11.2

## Naming
{role}-{site}-{number}, e.g. core-nyc-01

## IP Plan
10.{site_id}.{vlan_id}.0/24
nyc=1, lax=2, ord=3, ldn=4, fra=5

## Routing
- iBGP full mesh, AS 65000, MD5
- OSPF Area 0 inter-site
- Per-site OSPF area = site_id

## Safety
- NEVER write memory autonomously
- Always include rollback
- Always capture pre-change baseline
- All changes require ticket

## Repo
configs/ templates/ playbooks/
terraform/ scripts/ docs/

Headless mode (CI)

claude -p "Audit configs/ against
  the security baseline" \
  --allowedTools "Read,Grep,Glob" \
  --output-format json

Pipeline rule: read-only tools only. The pipeline detects problems. Humans fix.