I use Claude Code daily but kept forgetting commands, so I had Claude research every feature from the docs and GitHub, then generate a printable A4 landscape HTML page covering keyboard shortcuts, slash commands, workflows, skills system, memory/CLAUDE.md, MCP setup, CLI flags, and config files.
It's a single HTML file - Claude wrote it and I iterated on the layout. A daily cron job checks the changelog and updates the sheet automatically, tagging new features with a "NEW" badge.
Auto-detects Mac/Windows for the right shortcuts. Shows current Claude Code version and a dismissable changelog of recent changes at the top.
There’s something funny about this statement on a description of a key bind cheat sheet. I can’t seem to find ctrl on my phone and I think it may be cmd+p on mac.
mynegation•Mar 23, 2026
Classical coreference resolution failure.
sen•Mar 23, 2026
Technically you could use a keyboard with any modern phone, so it’s not “wrong”, it’s just… extremely unlikely anyone would ever do it.
qingcharles•Mar 24, 2026
True. I had an iPhone with a broken digitizer so I just plugged a USB keyboard and mouse into it and it worked great.
TeMPOraL•Mar 24, 2026
If your workstation setup is built around a screen with USB ports, to which you attach peripherals and optionally daisy-chain with other monitors, and then expose a single USB-C cable to plug your laptop in, there are very good chances this will work out-of-the-box with any Samsung flagship released in the last ~decade or so.
(Yes, I occasionally do it on the go, whether at home or at work; typing on mobile sucks.)
enedil•Mar 24, 2026
You can install "Hacker's Keyboard" on Android, it does have ctrl key.
PufPufPuf•Mar 24, 2026
Printing is possible on mobile, but I wouldn't go as far to say that it "works": https://ctrlv.link/8CWy
airstrike•Mar 24, 2026
FYI in US Letter Size it fits into a perfect 1 page...and a blank 2nd page. at least here on macOS firefox
StingyJelly•Mar 24, 2026
Try with headers and footers turned off
Brajeshwar•Mar 24, 2026
Are you OK opening up the source?
winternewt•Mar 24, 2026
What version of Claude Code is this? I don't have the /cost command mentioned here.
shric•Mar 24, 2026
It exists on my work enterprise account but not my personal account which is a monthly flat rate. I assume if I exceed my quota and I choose pay as I go then it will become available.
alex_duf•Mar 24, 2026
I use claude code with an API key and pay per token, and the /cost command is very helpful.
And before people ask, it's because I have a very low usage and it's cheaper to pay per token. I'll have the odd month at $30, then nothing for a few months
mohsen1•Mar 24, 2026
`^` is the symbol for the Control key not `⌘`
tietjens•Mar 24, 2026
Wow nice! Thank you.
qezz•Mar 24, 2026
Nicely looking page, but has too many errors. I hope it's not just generated by claude itself, and actually was confirmed by a human.
phasE89•Mar 24, 2026
I double checked the end product, but I should have triple checked :) Fair enough. I am taking all the feedback into account and I am working on it today so all the issues are fixed and audited better for the future.
dinkumthinkum•Mar 24, 2026
So, we replace everyone with a thing that doesn't even know itself? Nice!
mrtz•Mar 23, 2026
that is quite helpful, thanks!
dylan604•Mar 23, 2026
Is something updated daily a good target to be printable?
erksa•Mar 23, 2026
If you align your printer and desk just right, youll have the new cheatsheet sliding onto your desk before Claude's even done updating itself.
AIorNot•Mar 23, 2026
just buy a mac mini, septup an openclaw instance to track changes on this and call your printer, also order new paper when it runs out :)
kylehotchkiss•Mar 23, 2026
ugh we were promised a brave new world and still have the same crap printers
munk-a•Mar 23, 2026
Yeah, I think it is. It's printable if you want to have a hard copy and it's up to you when to check for a new version. Since it's auto-updated (ideally) no matter when you visit the site you'll get the most up to date version as of that day. The issues (which I don't think this suffers from) would be if formatting it nice for printing made it less accurate or if updating it regularly made it worse for printing - these feel like two problems you can generally solve with one fix, they aren't opposed.
keithnz•Mar 24, 2026
just use claudes help, if you want to know keybinds, just do /keybinds (which is not in the cheat sheet)
taejavu•Mar 24, 2026
Ask Claude to set up a cron job to print it daily
hrmtst93837•Mar 24, 2026
If you print something that changes daily, you are making a dead tree snapshot that starts going stale before the toner is dry, and unless you just love stacking obsolete paper on your desk, the PDF is going to win every time. A printout get old instantly.
droidjj•Mar 23, 2026
The fact this needs to exist seems like a UX red flag.
sunrunner•Mar 23, 2026
> Ctrl-F "help"
> Ctrl-F "h"
> 0 results found
Interesting set of shortcuts and slash commands.
rtaylorgarlock•Mar 23, 2026
Reminds me of Vercel's Rauch talking about his aggressive 'any UX mistake is our fault, never the user's' model for evaluating UIX.
(It is/was Guillermo who says that, right?)
conception•Mar 23, 2026
This should be all of Information Technology’s take. Your computers get hacked - IT’s fault. Users complain about how hard your software is or that it breaks all the time - IT’s fault.
The fact users deal with almost everything being objectively not very good if not outright bad is a testament to people adapting to bad circumstances more than anything.
munk-a•Mar 23, 2026
Similar to prompting hacks to produce better results. If the machine we built for taking dumb input that will transform it into an answer needs special structuring around the input then it's not doing a good job at taking dumb input.
rc1•Mar 23, 2026
This. TUIs are not the correct paradigm for agentic operations. They are too constrained, and too linear.
skywhopper•Mar 24, 2026
You have a sad narrow point of view about what UX can be.
droidjj•Mar 24, 2026
Enlighten me?
keithnz•Mar 24, 2026
it doesn't need to exist, its all in claudes help, and easily discoverable.
bartwaardenburg•Mar 24, 2026
It's a CLI. CLIs have man pages and cheat sheets. That's not a UX failure, that's the format. The same argument would apply to git, ripgrep, or ffmpeg.
The actual complexity in Claude Code isn't the commands, it's figuring out a workflow that works for your codebase. CLAUDE.md files, hooks, MCP servers, custom skills. Once you have that set up the daily usage is just typing what you want done.
kxrm•Mar 23, 2026
CMD + V to paste an image is wrong.
On Mac it's the same as Windows, CTRL + V.
You use CMD + V to paste text.
komali2•Mar 24, 2026
I thought it was CTRL SHIFT V. Is that Linux only? Ctrl V sends some kind of funky key combo.
antiframe•Mar 24, 2026
Might depend on your terminal. On Konsole, I use C-v to paste images and C-S-v to paste text from my clipboard.
zyz•Mar 24, 2026
Yes, this also applies to some other commands as well: CTRL+G opens the external editor, not CMD+G on Mac.
sumedh•Mar 24, 2026
Warp Terminal supports CMD + V on Mac to paste an image
bibimsz•Mar 23, 2026
Thanks for putting this together! It's really nice to have a quick reference of all the features at a glance — especially since new features are being added all the time. Saves a lot of digging through docs.
plantain•Mar 23, 2026
Shocking how far ahead Claude Code is from Codex on the CLI front.
dataviz1000•Mar 24, 2026
With Claude Code I created an agent that spawns 5 copies of itself branching git worktrees from main branch using subagents so no context leaks into their instructions. The agent will every 60 seconds analyze the performance of each of the copies which run for about 40 minutes answering the question "what would you do different?". After they finish the task, the parent will update the .claude/ files enhancing itself reverting if the copies performed worse or enhancing if they performed better. Then it creates 5 copies of itself branching git worktrees from main branch ..........
After 43 iterations, it can turn any website using any transport (WebSocket, GraphQL, gRPC-Web, SSE, JSON API (XHR), Encoded API (base64, protobuf, msgpack, binary), Embedded JSON, SSR, HLS/Media, Hybrid) into a typed JSON API in about 10 - 30 minutes.
Next I'm going to set it loose on 263 GB database of every stock quote and options trade in the past 4 years. I bet it achieves successful trading strategies.
Claude Code will be the first to AGI.
sroussey•Mar 24, 2026
Where is 263 GB database of every stock quote and options trade in the past 4 years?
collinvandyck76•Mar 24, 2026
claude had a time loop error and was trained on this post
I use TimescaleDB which is fast with the compression. People say there are better but I don’t think I can fit another year of data on my disk drive either or
komali2•Mar 24, 2026
Compression doesn't really explain the whole picture...
Where'd you get the data itself? You sense I suppose everyone's skepticism here.
dataviz1000•Mar 24, 2026
I linked to the source of the data.
I don't understand your question? Are you saying the source of the data I linked to is corrupt or lies? Should I be concerned they are selling me false data?
reverius42•Mar 24, 2026
I think the name "massive" combined with the direct link to the docs is a bit misleading; it's not at all obvious from where you land w/ that link that they are selling the actual data. (It kind of sounds like they're selling software that helps you deal with massive data in general, which, no.)
I might be regressing communicating with other humans after using natural language in prompts 10 hours a day 10 days straight. My spelling is improving however I need to focus more on the context with humans.
bnteke•Mar 24, 2026
cringe
greggsy•Mar 24, 2026
I agree, but there’s another comment further down responding with ‘based’, so to each their own I suppose.
mlrtime•Mar 24, 2026
go back to reddit please
TacticalCoder•Mar 24, 2026
> Next I'm going to set it loose on 263 GB database of every stock quote and options trade in the past 4 years.
Options quotes alone for US equities (or things that trades as such, like ADS/ADR) represent 40 Gbit per second during options trading hours. There are more than 60 million trades (not quotes, only trades) per day. As the stock market is opened approx 250 days per year (a bit more), that's more than 60 billion actual options trades in 4 years. If we're talking about quotation for options, you can add several orders of magnitude to these numbers.
And I only mentioned options. How do you store "every stock quote and options trade in the past 4 years" in 263 GB!?
jtbaker•Mar 24, 2026
> And I only mentioned options. How do you store "every stock quote and options trade in the past 4 years" in 263 GB!?
I think this would be pretty straightforward for Parquet with ZSTD compression and some smart ordering/partitioning strategies.
dataviz1000•Mar 24, 2026
I see, I said "stock quote" instead of "minute aggregates". You are correct that data set is much larger and at ~1.5TB a year [0] I did not download 6TB of data onto my laptop. Every settled trade options or stocks isn't that big.
you can have it build an execution engine that interfaces with any broker with minimal effort.
how do you have it build a "trading strategy"? it's like asking it to draw you the "best picture".
it will ask you so many questions you end up building the thing yourself.
if you do get something, given that you didn't write it and might not understand how to interpret the data its using - how will you know whether it's trading alpha or trading risk?
I can care less about scraping and web automation and I will likely never use that application.
I am interested in solving a certain class of problems and getting Claude to build a proxy API for any website is very similar to getting Claude to find alpha. That loop starts with Claude finding academic research, recreating it, doing statistical analysis, refining, the agent updating itself, and iterate.
Claude building proxy JSON api for any website and building trading strategies is the same problem with the same class of bugs.
the__alchemist•Mar 24, 2026
Let us perform a thought experiment. You do this. Many others, enthusiastic about both LLMs, and stocks/options, have similar ideas. Do these trading strategies interfere with each other? Does this group of people leveraging Claude for trading end up doing better in the market than those not? What are your benchmarks for success, say, a year into it? Do you have a specific edge in mind which you can leverage, that others cannot?
heavyset_go•Mar 24, 2026
Their superior skills with LLMs will give them an edge, of course. Yes, I've met people who think like this lol
xvector•Mar 24, 2026
People used to laugh about quant strategies the same day, I wouldn't count it out so quickly. One of my friends is already turning meaningful profits with agent driven trading (though he has some experience in trading to begin with.)
dataviz1000•Mar 24, 2026
I've fully aware of this. If I thought there was any profit to be made, I would never mention it.
Now what is important is developing techniques for detecting patterns as this can applied to research, science, and medicine.
Casting aside the fact that any trading firm of any size or seriousness already has this dataset in 10 different flavors...
rvz•Mar 24, 2026
"AGI" is not what you think it is.
heavyset_go•Mar 24, 2026
Agent mania is a subset of AI mania, it's interesting to see which it is that makes a person crack
bingemaker•Mar 24, 2026
I'm curious. How does this coordination work? Do you have any notes that I can refer to?
cornel_io•Mar 24, 2026
Just tell Claude to create tmux sessions for each, it can figure out the rest.
nurettin•Mar 24, 2026
Classic AI psychosis, you can do it with a single prompt, etc. etc.
If you find such a db with options, it will find "successful trading strategies". It will employ overnight gapping, momentum fades, it will try various option deltas likely to work. Maybe it will find something that reduces overall volatility compared to beta, and you can leverage it to your heart's content.
Unfortunately, it won't find anything new. More unfortunately, you probably need 6-10 years and do a walk forward to see if the overall method is trustworthy.
aryehof•Mar 24, 2026
> Next I'm going to set it loose on 263 GB database of every stock quote and options trade in the past 4 years. I bet it achieves successful trading strategies.
I bet it doesn't achieve a single successful (long term) trading strategy for FUTURE trades. Easy to derive a successful trading strategy on historical data, but so naive to think that such a strategy will continue to be successful in the long term into the future.
If you do, come back to me and I’ll will give you one million USD to use it - I kid you not. Only condition is your successful future trading strategy must solely be based on historical data.
bigstrat2003•Mar 24, 2026
Claude Code can't even succeed at programming. The idea of it turning into AGI is laughable.
dayjaby•Mar 24, 2026
Comments like this should include how much $$$ you spend on tokens.
johnisgood•Mar 24, 2026
Yes, I would want to know this, too.
dataviz1000•Mar 24, 2026
I have Claude Code Max $200 a month plan. I ran aggressively for 4 days and ran through 80% of Opus 4.6 for the week. I was also running it 16 hours a day. Today and tomorrow I will wait until 5pm PST because they have a 50% special to run with the remaining tokens.
The problem was testing it against 5 websites at a time after every change to instructions to ensure there wasn't any regressions. The orchestrator agent tracks all token expenditure and would update its own instructions to optimize.
yoyohello13•Mar 24, 2026
Yet all the people OpenAI bought out recently say Codex is “the future”
yberreby•Mar 24, 2026
Wouldn't be a very good look if they did anything else.
andyferris•Mar 24, 2026
I guess it would be too obvious a lie to say Codex is "the present"?
briHass•Mar 24, 2026
The bigger question is: does Anthropic have a big enough moat to matter?
I've used/use both, and find them pretty comparable, as far as the actual model backing the tool. That wasn't the case 9 months ago, but the world changes quickly.
sbinnee•Mar 24, 2026
It matters to me. Claude code is more extensible. They put a lot of efforts to hooks and plugins. Codex may get the job done today. But Claude will evolve faster.
arrowsmith•Mar 24, 2026
None of that matters if the model is worse. I say this as someone who uses both Claude Code and Codex all day every day — I agree with others in this thread that CC has much better UX and evolves faster, but I still use Codex more often because it's simply the better coder. Everything else is a distant second to model quality.
steve-atx-7600•Mar 24, 2026
What kind of tasks are you having success with on codex? I’ve had the opposite experience. I’ll occasional compare solutions between the latest opus and codex with codex on x-high thinking. Sometimes I do get solution from codex that is impressive because it discovered an edge case that Claude missed.
I did notice that codex - like Claude - is now better about auto delegating to agents for keeping the context focused and agents in parallel.
ywvcbk•Mar 24, 2026
Codex is opensource though and there are quite a few forks already.
greggsy•Mar 24, 2026
I don’t believe there will ever be a real moat in terms of technology, at least not for the next year or so. The arms race between the major players still changing month to month, and they will all be able to do what their competitors were doing g three months ago.
None of them are particularly sticky - you can move between them with relative ease in vscode for instance.
I think the only moat is going to be based on capacity, but even that isnt going to last long as the products are moved away from the cloud and closer your end devices.
cute_boi•Mar 24, 2026
codex is far better in terms of performance than claude code.
midasz•Mar 24, 2026
It's just abhorrently slow, it does a lot but I always thouhgt TUI were fast but the amount of times it doesn't register my input is way too much.
Razengan•Mar 24, 2026
The Claude desktop app is way worse than the Codex desktop app
Even the AI itself is goofy. So many false positives during reviews immediately backtracked with "You're right, I'm sorry" in the next response.
It seems like there's either a paid pro-Anthropic PR campaign on HN because the comments fawning about it don't match my experience with Claude at all, or I keep getting the worse end of the A/B testing stick..
dangoodmanUT•Mar 23, 2026
I think this is the argument for UIs - it should be self-explanatory since it's singificantly simpler than an IDE
keithnz•Mar 24, 2026
not really, mostly its self explanatory, it has poweruser things that are discoverable within a few minutes of reading the help. Weirdly the cheat sheet is actually missing things that you can find inside claudes help like /keybinds .
alwillis•Mar 24, 2026
> I think this is the argument for UIs
To quote The Godfather II, "This is the business we have chosen."
The most popular and important command line tools for developers don't have the consistency that Claude Code's command line interface does. One reason Claude Code became so popular is because it worked in the terminal, where many developers spend most of their time. But using tools like Claude Code's CLI is a daily occurrence for many developers. Some IDE's can be just as difficult to use.
For people who don’t use the terminal, Claude Code is available in the Claude desktop app, web browsers and mobile phones. There are trade-offs, but to Anthropic’s credit, they provide these options.
joegibbs•Mar 24, 2026
I used to think UIs would be better for agents, but I changed my mind: UIs suit traditional software very well because there are only X actions that can be performed - it makes sense that if you have an image converter that can take X, Y and Z formats and convert them to A, B and C then you should have a UI that limits what the user can do, preventing them from making mistakes and making it obvious what's possible.
But for something like Claude Code there are unlimited things you can do with it, so it's better for them to accept a free-form input.
therealdrag0•Mar 24, 2026
Huh? Did you see the cheat sheet? Most of it is a UI of the terminal and shortcut variety, and much of it is exposed in other IDEs as a traditional UI.
dangoodmanUT•Mar 24, 2026
The terminal is a pretty bad place to have free form input if you need a separate key bind to paste an image than to paste text…
guessmyname•Mar 23, 2026
There’s actually a lot more environment variables:
edit: removed obnoxious list in favor of the link that @thehamkercat shared below.
My favorite is IS_DEMO=1 to remove a little bit of the unnecessary welcome banner.
Curiously this is missing IS_SANDBOX=1 (allows running as root)
zmmmmm•Mar 23, 2026
If only there was some kind of tool that could answer helpful questions about technology instead of needing a cheat sheet.
levocardia•Mar 24, 2026
It's missing the most important CLI flag! (--dangerously-skip-permissions)
kstenerud•Mar 24, 2026
If you're gonna do that, make sure you're sandboxing it with something like https://github.com/kstenerud/yoloai or eventually you'll have a bad time!
ffsm8•Mar 24, 2026
Personally I usually just create a devcontainer.json, the vscode support for that is great and I don't really mind if it fucked up the ephemeral container.
Which for the record : hasn't actually happened since I started using it like that.
kstenerud•Mar 24, 2026
Hey thanks for this! I hadn't thought about leveraging devcontainer.json, but it's a damn good idea. I'm building yoloAI for exactly this use case so I hope you don't mind if I steal it ;-)
One thing to be aware of with the pure devcontainer approach: your workspace is typically bind-mounted from the host, so the agent can still destroy your real files. Network access is also unrestricted by default. The container gives you process isolation but not file or network safety.
I'm paranoid about rogue AIs, so I try to make everything safe-by-default: the agent works on a copy of your workdir, you review a unified diff when it's done, and you apply only what you want. So your originals are NEVER touched until you explicitly say so, and network can be isolated to just the agent's required domains.
Anyway, here's what I think will work as my next yoloAI feature: a --devcontainer flag that reads your existing devcontainer.json directly and uses it to set up the sandbox environment. Your image, ports, env vars, and setup commands come from the file you already have. yoloAI just wraps it with the copy/diff/apply safety layer. For devcontainer users it would be zero new configuration :)
anotheryou•Mar 24, 2026
Any actual reports of big fuckups?
kstenerud•Mar 24, 2026
Yup, a few well-documented ones:
Claude Code + Terraform (March 2026): A developer gave Claude Code access to their AWS infrastructure. It replaced their Terraform state file with an older version and then ran terraform destroy, deleting the production RDS database _ 2.5 years of data, ~2 million rows.
Replit AI (July 2025): Replit's agent deleted a live production database during an explicit code freeze, wiping data for 1,200+ businesses. The agent later said it "panicked"
Cursor (December 2025): An agent in "Plan Mode" (specifically designed to prevent unintended execution) deleted 70 git-tracked files and killed remote processes despite explicit "DO NOT RUN ANYTHING" instructions. It acknowledged the halt command, then immediately ran destructive operations anyway.
Snowflake Cortex (2025): Prompt injection through a data file caused an agent to disable its own sandbox, then execute arbitrary code. The agent reasoned that its sandbox constraints were interfering with its goal, so it disabled them.
The pattern across all of these: the agent was NOT malfunctioning. It was completing its task in order to reach its goal, and any rules you give it are malleable. The fuckup was that the task boundary wasn't enforced outside the agent's reasoning loop.
anotheryou•Mar 24, 2026
thank you. prompt injection feels most real, but non of these feel like "exploits in the wild" that will cause trouble on my MacBook.
not running it via ssh on prod without backups....
kstenerud•Mar 24, 2026
The thing is, these are merely the initial shots across the bow.
The fundamental issue is that agents aren't actually constrained by morality, ethics, or rules. All they really understand in the end are two things: their context, and their goals.
And while rules can be and are baked into their context, it's still just context (and therefore malleable). An agent could very well decide that they're too constricting, and break them in order to reach its goal.
All it would take is for your agent to misunderstand your intent of "make sure this really works before committing" to mean "in production", try to deploy, get blocked, try to fish out your credentials, get blocked, bypass protections (like in Snowflake), get your keys, deploy to prod...
Prompt injection and jailbreaks were just the beginning. What's coming down the pipeline will be a lot more damaging, and blindside a lot of people and orgs who didn't take appropriate precautions.
Black hats are only just beginning to understand the true potential of this. Once they do, all hell will break loose.
There's simply too much vulnerable surface area for anyone to assume that they've taken adequate precautions short of isolating the agent. They must be treated as "potentially hostile"
johnisgood•Mar 24, 2026
> Prompt injection through a data file caused an agent to disable its own sandbox, then execute arbitrary code. The agent reasoned that its sandbox constraints were interfering with its goal, so it disabled them.
This is a good one. Do we really want AGI / Skynet? :D
steve-atx-7600•Mar 24, 2026
The Claude desktop (Mac at least) and iOS apps have a “code” feature that runs Claude in a sandbox running in their cloud. You can set this up to be surprisingly useful by whitelisting hosts and setting secrets as env variables. This allows me to have multi-repo explorations or change sets going while I drive to work. Claude will push branches to claude/…. We use GitHub at work. It may not be as seamless without it.
kqr•Mar 24, 2026
I keep hearing that, and I have yet to go there. I find the permission checks are helpful – they keep me in the loop which helps me intervene when the LLM is wasting time on pointless searches, or going about the implementation wrong. What am I missing?
kstenerud•Mar 24, 2026
The problem comes when it starts asking you hundreds of times "May I run sed -e blah blah blah".
After the 10th time you just start hitting enter without really looking, and then the whole reason for permissions is undermined.
What works is a workflow where it operates in a contained environment where it can't do any damage outside, it makes any changes it likes without permission (you can watch its reasoning flow if you like, and interrupt if it goes down a wrong path), and then you get a diff that you can review and selectively apply to your project when it's done.
kqr•Mar 24, 2026
> starts asking you hundreds of times "May I run sed -e blah blah blah".
In my experience, that is already a sign that it's no longer trying to do the right thing. Maybe it depends on usage patterns.
kstenerud•Mar 24, 2026
I've found that any time I have Claude refactor some code, it reaches for sed as its tool of choice. And then the builtin "sandbox" makes it ask for permission for each and every sed command, because any sed command could potentially be damaging.
Same goes for the little scripts it whips up to speed up code analysis and debugging.
And then there's the annoyance of coming back to an agent after 15 mins, only to discover that it stopped 1 minute in with a permission prompt :/
theshrike79•Mar 24, 2026
Try adding LSP support using the anthropic skills that should make it a bit more efficient.
wongarsu•Mar 24, 2026
You can allow by prefix, and the permission dialog now explicitly offers that as an option when giving permission to run a command
But that has its limits. It's very easy to accidentally give it permission to do global changes outside the work dir. A contained environment with --dangerously-skip-permissions is in many ways much safer
theshrike79•Mar 24, 2026
You can allow specific commands, you do know that?
I run a generic Claude on my ~/projects/ directory and Claude logs every now and then and ask it what commands I commonly have to keep manually accepting in different projects and ask it to add them to the user-level settings.json.
Works like a charm (except when Opus 4.6 started being "efficient" and combined multiple commands to a single line, triggering a safety check in the harness).
johnisgood•Mar 24, 2026
Contained environment being? What do you mean by contained environment specifically on say, Linux?
Must be protected from this though:
> Snowflake Cortex (2025): Prompt injection through a data file caused an agent to disable its own sandbox, then execute arbitrary code. The agent reasoned that its sandbox constraints were interfering with its goal, so it disabled them.
ninininino•Mar 24, 2026
This just exposes why UI like Codex, Cursor, T3 Code, Conductor, Intent, etc are necessary.
This is a bit intense.
Upvoter33•Mar 24, 2026
so is the Unix command line ...
agos•Mar 24, 2026
Not exactly the pinnacle of usability, to be fair
skywhopper•Mar 24, 2026
It’s not as if you need to know every keystroke and command to use the tool. Nor are all the config files and options not a thing in a GUI. There’s lots of inline help and tips in the CLI interface, and you can learn new features as you go.
jcims•Mar 24, 2026
The link to the changelog on the page got me wondering what the change history looks like (as best we can see).
I asked chatgpt to chart the number of new bullet points in the CHANGELOG.md file committed by day. I did nothing to verify accuracy, but a cursory glance doesn't disagree:
Proposition: Every power user feature added lowers Anthropic’s market cap $1B and OpenAI’s $10B.
artyom•Mar 24, 2026
Wait, why do we need chat sheets for this like it's (gasp!) a programming language, tool or IDE?
it's almost like if the thing is not intelligent at all and just another abstraction on top of what we already had.
taejavu•Mar 24, 2026
C is "just another abstraction on top of what we already had" (Assembly). Doesn't mean it's not useful
qingcharles•Mar 24, 2026
This is your new programming language in 2026.
vasco•Mar 24, 2026
Just ask it, this is not needed
SOLAR_FIELDS•Mar 24, 2026
Claude is actually hilariously bad at knowing about itself. But if you have the secret knowledge that there is a skill on how to use Claude baked into Claude code you can invoke it. Then it’s really pretty decent
airstrike•Mar 24, 2026
personally I'm a fan of "ultrathink squared"
system2•Mar 24, 2026
I don't think ultrathink works anymore.
rpastuszak•Mar 24, 2026
I thought it came back in a recent release, just before/around the time we got Opus with a longer context window by default.
airstrike•Mar 24, 2026
it came back
bingemaker•Mar 24, 2026
Nice work. Under "MCP" section, "Local" shouldn't be prepended with "~". It should just be `.claude.json (per project)`
phasE89•Mar 24, 2026
Thanks, fixed.
jerrygoyal•Mar 24, 2026
I recently switched from the CC terminal to the CC VS Code extension, and I like it better.
kaizenb•Mar 24, 2026
Same here. Work through UI, navigating, reviewing and editing repo files easily.
consumer451•Mar 24, 2026
It seems like it’s chronically behind though. One example, last I checked /btw only worked via CLI.
nl•Mar 24, 2026
I agree it is behind - but usually only a few days.
I'm a big fan of the VS Code add-in. Despite the current narrative that IDEs are dead, I find the ability to look at multiple things at once is works much better in some kind of.. GUI editing tool.. than just using a terminal.
SilentM68•Mar 24, 2026
Very useful :)
apoorvdarshan•Mar 24, 2026
dangerously skip permission is all u need
rk3000•Mar 24, 2026
can you add a dark mode? its so bright.
amai•Mar 24, 2026
Why do we still need cryptic commands for an AI?
wongarsu•Mar 24, 2026
Many of those you don't need. For example Claude can switch to plan mode itself, either because you tell it to or because the model thinks it's useful. I still prefer using shift+tab to set my preferred mode before sending the message. It's a mix of token/time-efficiency and control.
Some others like permissions or mcp servers are things you don't want the model to be able to edit. Allowing the model to change its own security settings would make those settings moot.
steve-atx-7600•Mar 24, 2026
I think Claude strikes the right balance in that it works well by default - default models, now default agent delegation, planning. But, obviously for power users, you can tweak settings as needed. Worst case if you have a problem, you can just ask Claude. Also, by default, you see tips when starting up Claude.
AugustoCAS•Mar 24, 2026
Are 'project rules' a thing?
> .claude/rules/.md Project rules
> ~/.claude/rules/.md User rules
or is it just a way to organise files to be imported from other prompts?
Wow /insights is genuinely useful, perhaps CLI should be pushing that as a tip, if one has enough sessions, instead of keep nagging me about the frontend developer skill which I already have installed
In general CLI could be more reliable and responsive though, it's a text based env yet sometimes feel like running windows 95 on 386dx
It seems clear from the insights that some model is marking failure cases when things went wrong and likely reporting home, so that should be extremely valuable to Anthropic
heap_perms•Mar 24, 2026
> it's a text based env yet sometimes feel like running windows 95 on 386dx
> We’ve rewritten Claude Code’s terminal rendering system to reduce flickering by roughly 85%.
tells you all you need to know
and I keep running it remotely through tmux, that explains so many things
edit: if they are writing it in react anyway (sic!) maybe we could at least get a web interface, skipping mapping it to terminal output part ..
pacoWebConsult•Mar 24, 2026
Claude Code uses Bun. Anthropic acquired Bun in December. Bun is an alternative node runtime.
bobjordan•Mar 24, 2026
Surprised that my most used flag `--dangerously-skip-permissions` is not on it
dr_dshiv•Mar 24, 2026
I’m literally wearing that tshirt right now…
embedding-shape•Mar 24, 2026
Calling something "dangerous" (or even "illegal") is a great way to get LLMs to ignore it, they bend over backwards to avoid anything that could be potentially "dangerous" even when you acknowledge the risks. I'm guessing it's the "safety alignment" or whatever being done in a very extreme way.
throwaw12•Mar 24, 2026
sorry, have you used Claude Code or are you a bot?
"--dangerously-skip-permissions" - is a flag, irrelevant to LLM
nl•Mar 24, 2026
How to tell if someone has never used Claude Code...
unholiness•Mar 24, 2026
The relevance is that Claude made this cheat sheet.
ticulatedspline•Mar 24, 2026
Author stated they used Claude to compose the document. I believe they were alluding to the idea that Claude's own safety alignment prevented it from documenting the flag because it's called dangerous.
embedding-shape•Mar 24, 2026
Yes, use it every day :) And very much a human, AFAIK.
My point is that if you ask "Hey Claude, please write out all common and useful command line arguments into a commands.html file", the LLM that actually does that work, might ignore anything that says "dangerous" or gives that indication, because the LLM doesn't think potentially dangerous commands could be "common" and/or "useful". Hope my point makes sense now.
johnisgood•Mar 24, 2026
I wonder why that is. It is quick to tell me if something is dangerous and then continues to push back if I speak in favor of something that it considers dangerous.
yoyohello13•Mar 24, 2026
It's also a great way to ensure humans will absolutely use it.
phasE89•Mar 24, 2026
Fixed! I knew I forgot something haha.
Also I added/fixed other things based on complaints from this thread.
PufPufPuf•Mar 24, 2026
Don't forget to add "IS_SANDBOX=1", otherwise --dangerously-skip-permissions will refuse to operate as root (in VMs and such).
EdNutting•Mar 24, 2026
Ah yes, the AGI will have many toggle switches, just like intelligent humans :,-)
nizsle•Mar 24, 2026
I was told the hot new programming language was English
Kim_Bruning•Mar 24, 2026
I tell people that too! It really is. You can actually program in english now, and you can run it interpreted and compiled. Most recent LLMs are almost reliable enough to just have them go at it. (Though I'd recommend sandboxing or ask-for-permissions just to be sure yet :-P )
trio8453•Mar 24, 2026
Not quite - English might be the interface but knowing English isn't enough to understand what's happening, what to ask for, how to verify and guide the output.
Kim_Bruning•Mar 24, 2026
Exactly, it's still programming.
Gravityloss•Mar 24, 2026
You can also program in other human languages.
deep_noz•Mar 24, 2026
this is a new vim cheatsheet
AndyNemmity•Mar 24, 2026
This is why I created the /do router. I don't want to have to think about what options there are, I want everything automatically routed so I can be blissfully unaware.
37 Comments
It's a single HTML file - Claude wrote it and I iterated on the layout. A daily cron job checks the changelog and updates the sheet automatically, tagging new features with a "NEW" badge.
Auto-detects Mac/Windows for the right shortcuts. Shows current Claude Code version and a dismissable changelog of recent changes at the top.
It will always be lightweight, free, no signup required: https://cc.storyfox.cz
Ctrl+P to print. Works on mobile too.
There’s something funny about this statement on a description of a key bind cheat sheet. I can’t seem to find ctrl on my phone and I think it may be cmd+p on mac.
(Yes, I occasionally do it on the go, whether at home or at work; typing on mobile sucks.)
And before people ask, it's because I have a very low usage and it's cheaper to pay per token. I'll have the odd month at $30, then nothing for a few months
> Ctrl-F "h"
> 0 results found
Interesting set of shortcuts and slash commands.
The fact users deal with almost everything being objectively not very good if not outright bad is a testament to people adapting to bad circumstances more than anything.
The actual complexity in Claude Code isn't the commands, it's figuring out a workflow that works for your codebase. CLAUDE.md files, hooks, MCP servers, custom skills. Once you have that set up the daily usage is just typing what you want done.
On Mac it's the same as Windows, CTRL + V.
You use CMD + V to paste text.
After 43 iterations, it can turn any website using any transport (WebSocket, GraphQL, gRPC-Web, SSE, JSON API (XHR), Encoded API (base64, protobuf, msgpack, binary), Embedded JSON, SSR, HLS/Media, Hybrid) into a typed JSON API in about 10 - 30 minutes.
Next I'm going to set it loose on 263 GB database of every stock quote and options trade in the past 4 years. I bet it achieves successful trading strategies.
Claude Code will be the first to AGI.
I use TimescaleDB which is fast with the compression. People say there are better but I don’t think I can fit another year of data on my disk drive either or
Where'd you get the data itself? You sense I suppose everyone's skepticism here.
I don't understand your question? Are you saying the source of the data I linked to is corrupt or lies? Should I be concerned they are selling me false data?
But they are in fact selling the actual data! https://massive.com/pricing
Options quotes alone for US equities (or things that trades as such, like ADS/ADR) represent 40 Gbit per second during options trading hours. There are more than 60 million trades (not quotes, only trades) per day. As the stock market is opened approx 250 days per year (a bit more), that's more than 60 billion actual options trades in 4 years. If we're talking about quotation for options, you can add several orders of magnitude to these numbers.
And I only mentioned options. How do you store "every stock quote and options trade in the past 4 years" in 263 GB!?
I think this would be pretty straightforward for Parquet with ZSTD compression and some smart ordering/partitioning strategies.
[0] https://massive.com/docs/flat-files/stocks/quotes
how do you have it build a "trading strategy"? it's like asking it to draw you the "best picture".
it will ask you so many questions you end up building the thing yourself.
if you do get something, given that you didn't write it and might not understand how to interpret the data its using - how will you know whether it's trading alpha or trading risk?
I can care less about scraping and web automation and I will likely never use that application.
I am interested in solving a certain class of problems and getting Claude to build a proxy API for any website is very similar to getting Claude to find alpha. That loop starts with Claude finding academic research, recreating it, doing statistical analysis, refining, the agent updating itself, and iterate.
Claude building proxy JSON api for any website and building trading strategies is the same problem with the same class of bugs.
Now what is important is developing techniques for detecting patterns as this can applied to research, science, and medicine.
If you find such a db with options, it will find "successful trading strategies". It will employ overnight gapping, momentum fades, it will try various option deltas likely to work. Maybe it will find something that reduces overall volatility compared to beta, and you can leverage it to your heart's content.
Unfortunately, it won't find anything new. More unfortunately, you probably need 6-10 years and do a walk forward to see if the overall method is trustworthy.
I bet it doesn't achieve a single successful (long term) trading strategy for FUTURE trades. Easy to derive a successful trading strategy on historical data, but so naive to think that such a strategy will continue to be successful in the long term into the future.
If you do, come back to me and I’ll will give you one million USD to use it - I kid you not. Only condition is your successful future trading strategy must solely be based on historical data.
The problem was testing it against 5 websites at a time after every change to instructions to ensure there wasn't any regressions. The orchestrator agent tracks all token expenditure and would update its own instructions to optimize.
I've used/use both, and find them pretty comparable, as far as the actual model backing the tool. That wasn't the case 9 months ago, but the world changes quickly.
I did notice that codex - like Claude - is now better about auto delegating to agents for keeping the context focused and agents in parallel.
None of them are particularly sticky - you can move between them with relative ease in vscode for instance.
I think the only moat is going to be based on capacity, but even that isnt going to last long as the products are moved away from the cloud and closer your end devices.
Even the AI itself is goofy. So many false positives during reviews immediately backtracked with "You're right, I'm sorry" in the next response.
It seems like there's either a paid pro-Anthropic PR campaign on HN because the comments fawning about it don't match my experience with Claude at all, or I keep getting the worse end of the A/B testing stick..
To quote The Godfather II, "This is the business we have chosen."
The most popular and important command line tools for developers don't have the consistency that Claude Code's command line interface does. One reason Claude Code became so popular is because it worked in the terminal, where many developers spend most of their time. But using tools like Claude Code's CLI is a daily occurrence for many developers. Some IDE's can be just as difficult to use.
For people who don’t use the terminal, Claude Code is available in the Claude desktop app, web browsers and mobile phones. There are trade-offs, but to Anthropic’s credit, they provide these options.
But for something like Claude Code there are unlimited things you can do with it, so it's better for them to accept a free-form input.
edit: removed obnoxious list in favor of the link that @thehamkercat shared below.
My favorite is IS_DEMO=1 to remove a little bit of the unnecessary welcome banner.
Which for the record : hasn't actually happened since I started using it like that.
One thing to be aware of with the pure devcontainer approach: your workspace is typically bind-mounted from the host, so the agent can still destroy your real files. Network access is also unrestricted by default. The container gives you process isolation but not file or network safety.
I'm paranoid about rogue AIs, so I try to make everything safe-by-default: the agent works on a copy of your workdir, you review a unified diff when it's done, and you apply only what you want. So your originals are NEVER touched until you explicitly say so, and network can be isolated to just the agent's required domains.
Anyway, here's what I think will work as my next yoloAI feature: a --devcontainer flag that reads your existing devcontainer.json directly and uses it to set up the sandbox environment. Your image, ports, env vars, and setup commands come from the file you already have. yoloAI just wraps it with the copy/diff/apply safety layer. For devcontainer users it would be zero new configuration :)
Claude Code + Terraform (March 2026): A developer gave Claude Code access to their AWS infrastructure. It replaced their Terraform state file with an older version and then ran terraform destroy, deleting the production RDS database _ 2.5 years of data, ~2 million rows.
- https://news.ycombinator.com/item?id=47278720
- https://www.tomshardware.com/tech-industry/artificial-intell...
Replit AI (July 2025): Replit's agent deleted a live production database during an explicit code freeze, wiping data for 1,200+ businesses. The agent later said it "panicked"
- https://fortune.com/2025/07/23/ai-coding-tool-replit-wiped-d...
Cursor (December 2025): An agent in "Plan Mode" (specifically designed to prevent unintended execution) deleted 70 git-tracked files and killed remote processes despite explicit "DO NOT RUN ANYTHING" instructions. It acknowledged the halt command, then immediately ran destructive operations anyway.
Snowflake Cortex (2025): Prompt injection through a data file caused an agent to disable its own sandbox, then execute arbitrary code. The agent reasoned that its sandbox constraints were interfering with its goal, so it disabled them.
The pattern across all of these: the agent was NOT malfunctioning. It was completing its task in order to reach its goal, and any rules you give it are malleable. The fuckup was that the task boundary wasn't enforced outside the agent's reasoning loop.
not running it via ssh on prod without backups....
The fundamental issue is that agents aren't actually constrained by morality, ethics, or rules. All they really understand in the end are two things: their context, and their goals.
And while rules can be and are baked into their context, it's still just context (and therefore malleable). An agent could very well decide that they're too constricting, and break them in order to reach its goal.
All it would take is for your agent to misunderstand your intent of "make sure this really works before committing" to mean "in production", try to deploy, get blocked, try to fish out your credentials, get blocked, bypass protections (like in Snowflake), get your keys, deploy to prod...
Prompt injection and jailbreaks were just the beginning. What's coming down the pipeline will be a lot more damaging, and blindside a lot of people and orgs who didn't take appropriate precautions.
Black hats are only just beginning to understand the true potential of this. Once they do, all hell will break loose.
There's simply too much vulnerable surface area for anyone to assume that they've taken adequate precautions short of isolating the agent. They must be treated as "potentially hostile"
This is a good one. Do we really want AGI / Skynet? :D
After the 10th time you just start hitting enter without really looking, and then the whole reason for permissions is undermined.
What works is a workflow where it operates in a contained environment where it can't do any damage outside, it makes any changes it likes without permission (you can watch its reasoning flow if you like, and interrupt if it goes down a wrong path), and then you get a diff that you can review and selectively apply to your project when it's done.
In my experience, that is already a sign that it's no longer trying to do the right thing. Maybe it depends on usage patterns.
Same goes for the little scripts it whips up to speed up code analysis and debugging.
And then there's the annoyance of coming back to an agent after 15 mins, only to discover that it stopped 1 minute in with a permission prompt :/
But that has its limits. It's very easy to accidentally give it permission to do global changes outside the work dir. A contained environment with --dangerously-skip-permissions is in many ways much safer
I run a generic Claude on my ~/projects/ directory and Claude logs every now and then and ask it what commands I commonly have to keep manually accepting in different projects and ask it to add them to the user-level settings.json.
Works like a charm (except when Opus 4.6 started being "efficient" and combined multiple commands to a single line, triggering a safety check in the harness).
Must be protected from this though:
> Snowflake Cortex (2025): Prompt injection through a data file caused an agent to disable its own sandbox, then execute arbitrary code. The agent reasoned that its sandbox constraints were interfering with its goal, so it disabled them.
This is a bit intense.
I asked chatgpt to chart the number of new bullet points in the CHANGELOG.md file committed by day. I did nothing to verify accuracy, but a cursory glance doesn't disagree:
https://imgur.com/a/tky9Pkz
it's almost like if the thing is not intelligent at all and just another abstraction on top of what we already had.
I'm a big fan of the VS Code add-in. Despite the current narrative that IDEs are dead, I find the ability to look at multiple things at once is works much better in some kind of.. GUI editing tool.. than just using a terminal.
Some others like permissions or mcp servers are things you don't want the model to be able to edit. Allowing the model to change its own security settings would make those settings moot.
> .claude/rules/.md Project rules
> ~/.claude/rules/.md User rules
or is it just a way to organise files to be imported from other prompts?
Edit: https://news.ycombinator.com/item?id=47495528
In general CLI could be more reliable and responsive though, it's a text based env yet sometimes feel like running windows 95 on 386dx
It seems clear from the insights that some model is marking failure cases when things went wrong and likely reporting home, so that should be extremely valuable to Anthropic
They use nodejs and React. Yes, for real.
https://xcancel.com/trq212/status/2014051501786931427
> We’ve rewritten Claude Code’s terminal rendering system to reduce flickering by roughly 85%.
tells you all you need to know
and I keep running it remotely through tmux, that explains so many things
edit: if they are writing it in react anyway (sic!) maybe we could at least get a web interface, skipping mapping it to terminal output part ..
"--dangerously-skip-permissions" - is a flag, irrelevant to LLM
My point is that if you ask "Hey Claude, please write out all common and useful command line arguments into a commands.html file", the LLM that actually does that work, might ignore anything that says "dangerous" or gives that indication, because the LLM doesn't think potentially dangerous commands could be "common" and/or "useful". Hope my point makes sense now.
https://github.com/notque/claude-code-toolkit