The question: What are the controls that turn Claude Code from a novelty into a daily-use operational tool?
The commands that matter for network operations
Claude Code has 60+ slash commands. Most are plumbing. These are the ones that change your daily workflow:
/compact — manage context
The most important command you'll learn. Claude's context window is 200,000 tokens. When you're analyzing switch configs, SSH output, syslog dumps, and routing tables, that context fills fast. At 60% capacity, run /compact. It summarizes the conversation and frees space. If you wait until 85%, Claude starts losing precision — wrong interface names, incorrect subnet masks, hallucinated VLAN IDs. At 90%+, responses become unreliable. Treat /compact like you treat write memory — do it before you need it.
/compact/clear — context reset
Nuclear context reset. Use when switching between completely unrelated tasks. If you've been troubleshooting an OSPF adjacency issue and now need to work on a firewall rule change, /clear prevents context contamination. Compacted BGP state from the previous task will confuse analysis of an unrelated ACL problem.
/resume — continue a previous session
Restores a previous session. If you were troubleshooting a circuit issue yesterday and need to continue today, /resume pulls back the conversation state. The session picker defaults to sessions from your current directory, which matters when you have separate repos for different sites or domains.
/resume # Pick from recent sessions in this directory/cost, /model, /export, /branch
/cost shows token usage broken down by model and cache hits. A typical operational session runs $0.10–$0.45 with Sonnet, $0.50–$2.25 with Opus.
/model switches model tier mid-session. Start with Sonnet for data gathering. Switch to Opus when you need complex multi-device reasoning. Switch to Haiku for quick syntax lookups.
/export saves the conversation to a file or clipboard. Use after resolving an incident to create a troubleshooting record. The export includes every command run, every output received, and every conclusion drawn — a complete post-incident report without writing one.
/branch forks the conversation into a new session. Use when you're mid-troubleshooting and want to explore a theory without polluting the main analysis. If the theory is wrong, you abandon the branch. If it's right, you have the evidence in a separate session.
Custom slash commands
Custom commands are markdown files that define reusable prompts. For networking, they become operational playbooks that your entire team shares via git.
mkdir -p .claude/commands/health-check — Device health playbook
Create .claude/commands/health-check.md:
---
allowed-tools: Bash(ssh:*), Bash(ping:*), Read, Grep
description: Standard health check against a network device
argument-hint: [hostname]
---
Run a health check on $ARGUMENTS:
1. Verify reachability (ping, 5 packets)
2. SSH in and collect:
- Uptime and reload reason
- CPU utilization (1min, 5min averages)
- Memory utilization
- Interface error counters (non-zero only)
- BGP neighbor summary (if BGP is configured)
- OSPF neighbor status (if OSPF is configured)
- NTP synchronization state
- Last configuration change timestamp
3. Flag anything abnormal:
- CPU sustained > 60%
- Memory > 80%
- Any interface with CRC/input/output errors increasing
- Any routing neighbor not in Established/Full state
- NTP offset > 500ms
- Config change in last 24 hours (potential untracked change)
4. Output a structured summary with severity levelsUsage:
/health-check core-nyc-01One command. Claude executes the entire playbook — pings the device, SSHes in, collects every metric, cross-references against thresholds, and returns a structured report. The playbook lives in your git repo. When someone on the team adds a new check, everyone gets it on the next pull.
/config-audit — Security compliance sweep
Create .claude/commands/config-audit.md:
---
allowed-tools: Read, Grep, Glob
description: Audit configs against security baseline
argument-hint: [config-file-or-directory]
---
Audit $ARGUMENTS against these requirements:
1. No plaintext passwords (check for "password" without "secret" or "pbkdf2")
2. SSH v2 enforced (no "ip ssh version 1")
3. Console and VTY exec-timeout ≤ 10 minutes
4. SNMP community strings not "public" or "private"
5. NTP authentication is enabled
6. Syslog server is configured
7. STP portfast only on access ports — never on trunk interfaces
8. No interfaces in VLAN 1 with an IP address
9. AAA authentication enabled (no local-only auth on VTY lines)
10. Login banner present
11. Unused interfaces administratively shut down
12. DHCP snooping enabled on all access VLANs
For each finding: severity, specific config line(s), and the remediation command(s).
Output as a table sorted by severity descending.