Claude Code in Production: The 5 Things That Break First

Claude Code running on your laptop feels magical. You describe a task, it executes, the work gets done. Then you move it to production — against real infrastructure, with real credentials, running autonomously — and things break in ways nobody anticipated.

The failure modes are never dramatic. No explosion. Just slow-building problems that become expensive before anyone notices. After watching dozens of teams attempt this transition, here are the five things that consistently break first.

1. Shared Credentials Across the Team

Every developer uses the same Anthropic API key. Works fine in development. Then you move to production, and twelve Claude Code agent sessions are running against your AWS account — all authenticated with the same IAM user.

When something goes wrong, you open CloudTrail and every action reads “performed by claude-agent-prod.” Which agent? Which developer triggered it? Which session? Useless.

The real scenario: A Claude Code agent creates an overly permissive security group rule. Your security team flags it two days later. You spend half a day tracing it because every agent operation uses the same credential identity.

Prevention: Every agent session needs its own credential identity. Use AWS STS AssumeRole with session tags that identify the developer, project, and session ID. Your audit logs should trace any action back to the specific human who triggered it.

2. No Branch Protection for Agents

Your developers need pull requests to merge to main — but nothing enforces that rule for Claude Code. The agent has service account Git credentials. Branch protection rules often don’t apply to service accounts. The agent pushes directly.

The real scenario: A developer sets up a Claude Code agent for automated dependency updates. It encounters a breaking change, writes a fix with a subtle bug, and pushes directly to main. The broken code deploys automatically.

Prevention: Agents should use Git credentials subject to the same branch protection as humans. Configure policies that force agents to work on feature branches and create pull requests. The PR is the review gate — don’t let agents bypass it.

3. Context Window Exhaustion on Large Codebases

Claude Code works by ingesting your codebase into its context window. On a production codebase with hundreds of files, the agent silently degrades.

It doesn’t crash. It just starts making worse decisions — missing the utility function that already exists, writing duplicates, ignoring naming conventions from other modules. Nobody realizes the agent is context-limited until code review catches three duplicate implementations.

Prevention: Monitor context utilization per session. Break large tasks into smaller, focused sessions. Point the agent at specific files rather than letting it ingest everything.

4. No Cost Visibility

Claude Code uses tokens. Every file read, every tool call, every retry loop — tokens. Without visibility, a single stuck session can consume more tokens than a week of normal usage before anyone notices.

The real scenario: An agent gets stuck in a retry loop on Friday afternoon. By Monday morning it has consumed $400 in API credits. Nobody knew because there was no real-time cost tracking.

Prevention: Implement per-session token budgets with hard stops. Track usage in real time. Alert at 50% and 80% of budget. When the budget is hit, the session stops — no exceptions.

5. Missing the Kill Switch

When a Claude Code agent goes off the rails, how fast can you stop it? “SSH in and kill the process” is too slow. “Revoke the API key” kills every agent, not just the problematic one.

The real scenario: An agent with S3 write permissions starts “organizing” a bucket — moving objects based on its interpretation of project structure. The interpretation is wrong. Objects move to locations where other services can’t find them. Finding and stopping the right process takes 15 minutes. The agent moves 200 more objects in that time.

Prevention: Every agent session needs a unique session ID and a kill endpoint. Build a Slack command or dashboard that lists running sessions and lets you stop any one instantly. Test the kill switch before you need it.

---

The pattern: all five problems are infrastructure gaps, not AI capability gaps. Claude Code itself works fine. What breaks is everything around it. The teams that succeed in production invested in the control plane — the layer between the AI agent and your infrastructure that enforces policies, tracks costs, maintains audit trails, and provides operational control.