Claude Code 2026: The Complete Cheat Sheet — Slash Commands, MCP, Hooks & Shortcuts

It was a Tuesday afternoon when a senior engineer at a mid-size fintech firm realized he'd spent forty minutes searching three different docs pages for the exact syntax to add an SSE-based MCP server. He knew the command existed. He'd used it before. But Claude Code had shipped nine point releases in the past month, the transport flag had changed, and his muscle memory was lying to him.

That story isn't unusual anymore. Claude Code has grown faster than most developers can track. What started as a single-command CLI — claude, hit Enter, ask a question — is now a full agentic runtime: multi-model, multi-agent, hook-driven, MCP-native, with a permission model granular enough to satisfy a zero-trust security team. The power is real. So is the surface area.

This post is the reference I wish existed during that Tuesday afternoon. It covers every slash command currently shipped, the correct MCP transport syntax (including the newly-preferred http transport that replaced sse), the full hooks JSON schema with event types, accurate keyboard shortcuts, and a summary of every feature that landed in the last six months. We verified all of it against the official changelog and release notes — no guesswork, no hallucinated flags.

Installation & Version Check

The primary install path is now a native binary installer — no Node.js or npm required. Homebrew, WinGet, and PowerShell are also supported for CI and managed environments.

# macOS, Linux, WSL (recommended)
curl -fsSL https://claude.ai/install.sh | bash

# macOS via Homebrew
brew install --cask claude-code

# Windows PowerShell
irm https://claude.ai/install.ps1 | iex

# Windows WinGet
winget install Anthropic.ClaudeCode

# Verify installation
claude --version

# Run diagnostics (new in recent releases)
claude doctor

The claude doctor command is worth running after every major update. It checks API connectivity, MCP server health, hook syntax validity, and shell integration — surfacing misconfiguration before it derails a session.

Complete Slash Command Reference

Slash commands are invoked directly in the Claude Code prompt with a / prefix. Built-in commands ship with the CLI. User-defined commands (called skills) live in your .claude/ directory and extend the base set — think of them as project-local slash commands you write yourself.

Built-in Commands

Live Command Search

Filter commands in real-time. Start typing a keyword — try "mcp", "hook", "cost", or "model".

Model Names & Selection

One of the most common mistakes in older guides — including the previous version of this post — was referencing model IDs that don't exist. The Anthropic CLI uses a specific naming scheme. There is no claude-4-pro; there is no temperature setting in the Claude Code config. Here are the actual model identifiers as of April 2026:

opusplan is particularly useful for large refactors: Claude uses Opus-level reasoning when analyzing what to change, then automatically switches to Sonnet's speed when writing the actual code. You get the best of both without manually toggling models.

To set a model for the current project, add it to .claude/settings.json (not a CLI command like the old guides claimed):

// .claude/settings.json
{
  "model": "opusplan"   // or "claude-sonnet-4-6", "opus", etc.
}

To switch models mid-session without clearing your prompt, use Option+P (Mac) / Alt+P (Linux/Windows), or type /model opusplan directly in the prompt.

MCP — Model Context Protocol

MCP is what separates a capable Claude Code setup from a great one. It lets Claude reach into external systems — your GitHub repos, Slack channels, databases, Notion pages — during a session. But the CLI syntax has shifted significantly. The sse transport is now deprecated in favor of http, and the flag structure changed. Here's what the docs say today.

Adding MCP Servers

# HTTP transport — recommended for cloud-based tools
claude mcp add --transport http <name> <url>
claude mcp add --transport http notion https://mcp.notion.com/mcp

# HTTP with an auth header
claude mcp add --transport http github-api https://api.github.com/mcp \
  --header "Authorization: Bearer $GHTOKEN"

# SSE transport — legacy, use http when available
claude mcp add --transport sse <name> <url>

# Stdio transport — for local processes and npm packages
claude mcp add --transport stdio <name> -- <command> [args]
claude mcp add --transport stdio my-fs-server -- npx -y @some/mcp-package

# Stdio with environment variables
claude mcp add --transport stdio airtable \
  --env AIRTABLEAPIKEY=$AIRTABLEAPI_KEY \
  -- npx -y airtable-mcp-server

Listing, Inspecting, and Removing

# List all configured MCP servers
claude mcp list

# Get details for a specific server (tools, auth, transport)
claude mcp get <server-name>

# Remove a server
claude mcp remove <server-name>

# Import servers from Claude Desktop config
claude mcp add-from-claude-desktop

# Add from raw JSON (useful for CI pipelines)
claude mcp add-json weather '{"type":"http","url":"https://weather.example.com/mcp"}'

# Reset project-scoped server consent choices
claude mcp reset-project-choices

Scopes — Local vs. Project vs. User

MCP servers can be scoped to a specific context. Use --scope to control where the config is written:

# Add a server to the project scope (commit .mcp.json for teammates)
claude mcp add --scope project --transport http notion https://mcp.notion.com/mcp

# Add to your user scope (available in all projects)
claude mcp add --scope user --transport http jira https://jira.example.com/mcp

Hooks — JSON Schema & Event Types

Here's where a lot of older posts get it badly wrong. Claude Code hooks are not JavaScript modules. They are not module.exports = { preCommit: ... }. They are JSON configuration blocks inside settings.json, executed by the harness as shell commands, HTTP calls, or even inline LLM prompts. The harness runs them — Claude reads the result.

I learned this the hard way when a teammate spent a weekend trying to debug a hook that was correctly structured as a JS module and wondering why it was silently ignored. The file was never executed. Claude Code never imported it. The correct configuration lives here:

// ~/.claude/settings.json  OR  .claude/settings.json
{
  "hooks": {
    "EVENTNAME": [
      {
        "matcher": "regexor_empty",
        "hooks": [
          {
            "type": "command",
            "command": "your-shell-command-here",
            "timeout": 10000
          }
        ]
      }
    ]
  }
}

Hook Event Types

Practical Hook Examples

Run Prettier after every file edit:

{
  "hooks": {
    "PostToolUse": [
      {
        "matcher": "Edit|Write",
        "hooks": [
          {
            "type": "command",
            "command": "npx prettier --write \"$CLAUDETOOLINPUTFILEPATH\""
          }
        ]
      }
    ]
  }
}

Block rm -rf — always:

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [
          {
            "type": "command",
            "command": "echo \"$CLAUDETOOLINPUT\" | jq -r '.command' | grep -q 'rm -rf' && { echo 'rm -rf is blocked by policy' >&2; exit 2; } || exit 0"
          }
        ]
      }
    ]
  }
}

Slack notification when a session ends:

{
  "hooks": {
    "Stop": [
      {
        "matcher": "",
        "hooks": [
          {
            "type": "command",
            "command": "curl -s -X POST $SLACK_WEBHOOK -d '{\"text\":\"Claude Code session finished.\"}'"
          }
        ]
      }
    ]
  }
}

Hook Types: command, http, prompt, agent

// Shell command (most common)
{ "type": "command", "command": "echo 'done'", "timeout": 5000 }

// HTTP POST — send event data to a webhook
{ "type": "http", "url": "https://hooks.example.com/claude", "headers": { "X-Token": "abc" } }

// Prompt — single-turn LLM call (useful for validation)
{ "type": "prompt", "prompt": "Did the last edit pass our security policy?", "model": "claude-haiku-4-5" }

// Agent — multi-turn for complex post-processing
{ "type": "agent", "prompt": "Verify all tests still pass and report status.", "timeout": 120 }

Exit Code Semantics

• Exit 0 — proceed. For SessionStart and UserPromptSubmit, stdout is injected into Claude's context.
• Exit 2 — block. Write a human-readable reason to stderr. Claude will surface this to the user.
• Exit 1 or other — logged but not blocking. The action proceeds.

Permissions & settings.json

The old way to "configure" Claude Code was fabricated flags like claude config set safety_level strict. None of those commands exist. The real configuration is declarative JSON in settings.json. Here's the actual schema:

// .claude/settings.json  (project-level, commit this)
// ~/.claude/settings.json  (global, applies everywhere)
{
  "model": "claude-sonnet-4-6",

  "permissions": {
    "allow": [
      "Read",
      "Edit",
      "Bash",
      "Bash(git )",
      "Edit(.ts)",
      "WebFetch"
    ],
    "deny": [
      "Bash(rm -rf )",
      "Edit(.env)"
    ]
  },

  "defaultMode": "plan",

  "hooks": { / see hooks section */ },

  "env": {
    "DISABLE_AUTOUPDATER": "1"
  }
}

Permission rule syntax:

• Bash — all shell commands
• Bash(git *) — only git commands
• Edit(*.py) — only Python files
• WebFetch(domain:example.com) — only this domain
• mcpgithubcreate_issue — specific MCP tool

Available default modes: default, acceptEdits, plan, auto, bypassPermissions

Keyboard Shortcuts — The Real List

The previous version of this post contained made-up shortcuts. Ctrl+Space does not trigger autocomplete. Alt+Enter does not "force autonomous execution." Here's what Claude Code actually ships:

Multiline Input

By default Claude Code uses Escape → Enter for newlines. Run /terminal-setup to install Shift+Enter support natively on iTerm2, WezTerm, Ghostty, and Kitty.

Input Prefixes

• / prefix — slash command or user-defined skill
• ! prefix — run shell command directly (e.g., ! git status)
• @ prefix — mention a file with autocomplete

Essential CLI Flags

These flags are passed when launching claude from the terminal. They're especially useful in CI/CD pipelines, scripts, and automation workflows.

# Start with an initial prompt
claude "Refactor the auth module to use JWT"

# Non-interactive / print mode (ideal for scripts)
claude -p "Generate a changelog entry for the last 10 commits"

# Continue the most recent session
claude -c

# Resume a named session
claude -r "auth-refactor" "Continue where we left off"

# Set model for this session only
claude --model claude-opus-4-6

# Start in Plan Mode (analyze before executing)
claude --permission-mode plan

# Limit agentic turns in print mode
claude -p --max-turns 5 "Run all tests and fix failures"

# Set a spend ceiling (Pro/Max plans)
claude -p --max-budget-usd 2.50 "Refactor the entire API layer"

# Load a custom settings file
claude --settings ./ci-settings.json

# Create an isolated git worktree for this session
claude -w feature/new-auth

Recently Shipped — What's New in 2026

Claude Code ships fast. Frequently fast enough that the docs lag behind the CLI by a point release. Here's a snapshot of what's landed since late 2025 that is most relevant to daily workflow:

Real-World Patterns

These are workflow patterns worth bookmarking — not toy examples, but things senior engineers actually run.

CI-safe non-interactive run

claude -p \
  --permission-mode bypassPermissions \
  --max-turns 10 \
  --model claude-sonnet-4-6 \
  "Fix all TypeScript errors. Run tsc, iterate until clean, commit."

Project-scoped Notion MCP for the whole team

# Creates .mcp.json — commit this so teammates get it automatically
claude mcp add \
  --scope project \
  --transport http \
  notion https://mcp.notion.com/mcp

Post-edit hook that auto-formats TypeScript

// .claude/settings.json
{
  "hooks": {
    "PostToolUse": [
      {
        "matcher": "Edit|Write",
        "hooks": [{
          "type": "command",
          "command": "echo \"$CLAUDETOOLINPUT\" | jq -r '.file_path' | grep '\\.ts$' | xargs -r npx prettier --write"
        }]
      }
    ]
  }
}

Plan Mode by default for any sensitive repo

// .claude/settings.json
{
  "defaultMode": "plan",
  "permissions": {
    "deny": ["Bash(rm )", "Bash(git push )", "Edit(.env*)"]
  }
}

opusplan for large refactors

When you're tackling something genuinely complex — a cross-cutting refactor, a security audit, a legacy migration — opusplan is the right model alias. You get Opus-level analysis during the planning phase, then Sonnet's throughput when Claude is actually writing code.

# Start a session with opusplan — Claude thinks like Opus, writes like Sonnet
claude --model opusplan "Audit the entire payments module for race conditions, then fix them"

# Or set it in settings.json for any session in this project
# .claude/settings.json → "model": "opusplan"

🐣 Bonus: /buddy — The Terminal Pet

Shipped in v2.1.89 on April 1, 2026, /buddy is a real, officially supported Easter egg. Run it and you'll hatch a small animated creature that lives in your terminal and watches you code. It's deterministically generated from your user ID — everyone gets a unique companion with its own species, rarity tier, and stats.

The changelog entry is refreshingly honest: "/buddy is here for April 1st — hatch a small creature that watches you code." It's not a headline feature, but it's real, it works, and it does make long refactor sessions a little less lonely.