MCP Server for Claude Code

Your Claude Code project,
scaffolded in seconds.

CCL wires up CLAUDE.md, skills, subagents, hooks, and config — automatically. Best practices included. Zero maintenance.

View on GitHub →

Open source·MIT license·Works with Claude Code·Requires Anthropic API key

claude-code — ccl

How it works

Three steps. Then never again.

Step 01

Register once

Run npx @sushilkulkarni1389/ccl-mcp in your terminal. CCL registers itself as an MCP server in your Claude Code config. Takes 4 seconds.

$npx @sushilkulkarni1389/ccl-mcp✓ CCL registered.Open Claude Code and type ccl to get started.

Step 02

Describe your project

Type ccl in Claude Code. Choose Auto-Detect or answer 5 quick questions. CCL reads your codebase and builds a complete plan.

👋 Welcome to Claude Context Loader How would you like to get started?[1] Auto-detect  — scan your directory[2] Guided setup — answer 5 questions

Step 03

Review and ship

CCL shows you the exact content of every file before writing anything. Approve once. Everything scaffolds in one shot.

✓ CLAUDE.md                (187 lines)✓ .claude/settings.json✓ .claude/skills/deploy/SKILL.md✓ .claude/skills/run-migrations/SKILL.md✓ .claude/agents/security-auditor.md✓ .claude/agents/dependency-mapper.md✓ .claudeignore✓ .gitignore updated Done in 1.2s

What gets scaffolded

Everything Claude Code needs. Nothing it doesn't.

your-project/

your-project/ ├── CLAUDE.md ├── .claudeignore └── .claude/ ├── settings.json ├── settings.local.json ├── ccl-practices.json ├── ccl-state.json ├── skills/ │ ├── deploy/ │ │ └── SKILL.md │ └── run-migrations/ │ └── SKILL.md └── agents/ ├── security-auditor.md └── dependency-mapper.md

CLAUDE.md

A staff-engineer onboarding doc for your codebase. Hard limit: 200 lines. Every line must earn its place.

SKILL.md

Lazy-loaded instructions for recurring workflows. Deploy, migrate, publish — each with precise auto-activation triggers.

agents/*.md

Right model, right tools, right scope. Haiku for bulk reads. Sonnet for implementation. Opus for architecture decisions.

settings.json

Security hooks on every Bash command and Write operation. Dangerous commands blocked at the permission layer.

ccl-practices.json

30 curated best practices. Self-updates weekly. You approve every change before it's written.

CLAUDE.md

CLAUDE.md that actually fits in context.

Most CLAUDE.md files bloat past 800 lines and lose their usefulness. CCL enforces a hard 200-line limit and structures the file around 7 questions every senior engineer needs answered.

What is this?
Stack
Where things live
How to run it
Coding rules
Common pitfalls
Never do

CLAUDE.md187 lines

# auth-service

## What is this?
REST API for user authentication and session management. Used by
the mobile app (iOS + Android) and the web dashboard. Postgres
for persistence, Redis for session store, deployed on Railway.

## Stack
- Node.js 20, TypeScript 5.4
- Fastify 4, Zod, Prisma 5
- PostgreSQL 15, Redis 7
- Vitest, Supertest

## Where things live
src/routes/      HTTP handlers — one file per resource
src/services/    Business logic — no DB calls here
src/db/          Prisma client + migration scripts
src/lib/          Shared utilities (crypto, email, tokens)

## How to run it
npm run dev          # start dev server (port 3001)
npm test             # vitest unit + integration
npm run db:migrate   # run pending migrations
npm run lint         # eslint + prettier

## Coding rules
- No default exports — named only
- Services never import from routes
- All env vars via src/lib/env.ts (Zod-validated at startup)
- Never throw raw errors — use AppError with a status code

## Common pitfalls
- Prisma.$transaction is slow — avoid for reads
- Redis sessions expire in 7 days — don't assume they persist

## Never do
- Never log request bodies — PII risk
- Never call external APIs in route handlers — use a service

Best practices

Best practices that keep themselves current.

Every 7 days, CCL offers to refresh your practices file against the latest Claude Code documentation and community discoveries. You review every change. Nothing is written without your approval.

ccl — practices refresh

📦 It's been 7 days since your best practices were last checked.
 
Would you like me to search for updates?
Type 'refresh', 'later', or 'never' to continue.
 
>refresh
 
Searching for Claude Code best practices...
 
✦ 2 new practices found
✦ 1 outdated practice to remove
✦ 14 practices unchanged
 
NEW:
+ Extended thinking for multi-step architecture tasks
  source: docs.anthropic.com/en/docs/build-with-claude/extended-thinking
+ Use --output-format stream-json for structured agentic pipelines
  source: docs.anthropic.com/en/docs/claude-code/cli-reference
 
REMOVE:
- elicitInput() for user prompts — deprecated in Claude Code 1.9
 
Accept changes? Type 'yes' or 'no'.
 
>yes
✓ ccl-practices.json updated (v1.2 → v1.3)
      

API key management

Your API key. Your machine. Nowhere else.

CCL uses the Anthropic API to generate AI-powered skill content and process plan changes in plain English. Your key is stored only in your local Claude Code config file — it never touches your project directory or leaves your machine.

--set-keyStore your Anthropic API key
--remove-keyDelete the stored key
--update-keyReplace the key with a new one
--check-keyVerify the stored key is valid

your terminal

# Store your key
$ npx @sushilkulkarni1389/ccl-mcp --set-key sk-ant-api03-...
✓ API key saved to ~/.claude/claude.json (chmod 600)
Restart Claude Code to apply.

# Verify it's working
$ npx @sushilkulkarni1389/ccl-mcp --check-key
✓ Key valid — claude-sonnet-4-6 reachable

# Rotate to a new key
$ npx @sushilkulkarni1389/ccl-mcp --update-key sk-ant-api03-...
✓ API key updated.

# Remove it entirely
$ npx @sushilkulkarni1389/ccl-mcp --remove-key
✓ API key removed from config.

Stored at ~/.claude/claude.json on macOS · %APPDATA%\Claude\claude.json on Windows · ~/.config/Claude/claude.json on Linux

Security

Safe defaults. Audited writes.

Minimal permissions by default

.claude/settings.json

"deny": [
  "Bash(rm -rf:*)",
  "Bash(curl:*)",
  "Bash(wget:*)"
]

Destructive and network commands blocked at the permission layer before any hook runs.

Hooks on every write

.claude/settings.json

"PreToolUse": [{
  "matcher": "Bash",
  "hooks": [{
    "type": "command",
    "command": "ccl-validate-bash"
  }]
}],
"PostToolUse": [{
  "matcher": "Write",
  "hooks": [{
    "type": "command",
    "command": "ccl-audit-write"
  }]
}]

Every shell command validated before execution. Every file write logged after.

One permission prompt per session

CCL asks for file-write permission once. Grant it once — no further interruptions. Permission never persists across sessions.

Model routing

Right model. Right task. Every time.

Task

Model

When

Bulk reads, security scans, dependency mapping

claude-haiku-4-5

Subagents

Daily implementation, multi-file edits, test writing

claude-sonnet-4-6

Orchestrator default

Complex architecture decisions, heavy algorithmic work

claude-opus-4-7

On demand

CCL tracks both durable aliases and dated snapshot IDs so you can pin to a specific model version when reproducibility matters.

Recovery

Interrupted? Pick up exactly where you left off.

All writes are atomic. Resuming re-executes the full plan — already-written files are overwritten with identical content. State is always consistent.

⚠  It looks like a previous scaffold was interrupted.
 
Last completed step: skills/deploy
Remaining: agents/security-auditor, settings.json
 
[1] Continue from where I left off
[2] Start again from scratch
      

Open source

Open source. MIT licensed. Contributions welcome.

CCL is built in the open. Two packages, a clear contribution guide, and a community that ships.

View on GitHub

MIT License · Docs and public release coming soon

github.com/sushilkulkarni1389/ccl

ccl/
├── packages/
│   ├── core/          ← Plan generation, file writing, practices
│   └── mcp/           ← MCP server + npx setup
├── CONTRIBUTING.md
├── LICENSE
└── README.md

One command. Then just ccl.