Claude Code Mastery Capstone: Ship a Secure Production Feature and Plugin
·Course·Sudeep Devkota

Claude Code Mastery Capstone: Ship a Secure Production Feature and Plugin

Complete a rigorous Claude Code capstone spanning discovery, specification, TDD, MCP, skills, hooks, subagents, security, CI, plugin packaging, deployment evidence, and operations.


Claude Code Mastery Capstone: Ship a Secure Production Feature and Plugin

Quick answer

Build an incident-ready feature delivery system: implement audited, expiring API keys in a sample SaaS application and package a read-only release-guardian Claude Code plugin that verifies changes before release. You must demonstrate requirements discovery, architecture tracing, a reviewed CLAUDE.md, least privilege, TDD, Context7-backed version research, hooks, subagents, worktrees, CI, plugin distribution, browser/API verification, rollback, and an evidence-rich handoff. Mastery means reproducible engineering outcomes—not merely using every feature. Use Anthropic's Claude Code documentation index to verify every current feature contract during the project.

The product challenge

Add project-scoped API keys with:

  • create, list metadata, rotate, revoke, and expire;
  • plaintext shown only once and never stored;
  • hashed storage with key identifier and scoped permissions;
  • tenant isolation and authorization;
  • concurrent rotation/revocation safety;
  • audit events without secret leakage;
  • rate limits and neutral error responses;
  • backwards-compatible rollout and rollback;
  • CLI/API and admin UI flows.

Use a stack you can test locally. Do not connect to production or reuse real secrets.

Phase 1: discovery and specification

In plan mode, map authentication, authorization, persistence, audit, and deployment boundaries. Produce a threat model and decision record comparing hash strategy, token format, expiry model, scope representation, and rotation semantics. Resolve exact framework/library versions from lockfiles and use Context7 only for version-correct official documentation.

Deliverables:

  • architecture map with verified edges;
  • behavioral spec and non-goals;
  • verification matrix including negative and concurrent cases;
  • data migration and compatibility plan;
  • rollout, observability, and rollback triggers;
  • list of irreversible actions requiring human authority.

Phase 2: configure the harness

Write a concise root CLAUDE.md with commands, generated paths, security boundaries, and completion checks. Add path-scoped backend/UI rules only where needed. Configure deny rules for secrets, push, deploy, and production tools; allow only routine tests. Enable sandbox restrictions.

Create:

  • a version-research skill using Context7;
  • a read-only authorization-review subagent;
  • a formatter hook limited to edited supported files;
  • a stop verification hook with bounded checks;
  • separate Git worktrees for backend and UI after the contract is frozen.

Document why every extension exists and test its denied behavior.

Phase 3: implement through evidence

Use red-green-refactor for each vertical behavior. Prove tests fail for the intended reason before coding. Implement the domain and API first, integrate the UI second, and merge in dependency order. Run an independent adversarial review focused on tenant escape, timing/secret leaks, race conditions, replay, audit integrity, and migration safety.

Required checks:

unit + property tests for token parsing/hash behavior
authorization and tenant-isolation integration tests
concurrency tests for rotate/revoke
schema/migration forward and rollback rehearsal
typecheck, lint, production build
API end-to-end flow
browser desktop/mobile flow, keyboard and accessibility check
secret scan and dependency audit
clean diff and generated-artifact validation

Phase 4: build release-guardian

Package a plugin that reads the diff and repository policy, detects auth/migration/API/UI changes, routes to relevant references, delegates a read-only security review, and runs the bounded verification script. It must produce GO, CONDITIONAL, or NO-GO with evidence. It must never commit, push, publish, deploy, message, or mutate external systems.

Create a local marketplace, install the plugin from it, test namespaces and hooks, upgrade its version without losing safe persistent settings, uninstall it, and prove external authorization is revoked. Pin the final marketplace entry to an immutable source for the release artifact.

Phase 5: CI and operations

Run the guardian in headless CI with structured output, no secrets for untrusted pull requests, limited tools/turns/time, and schema validation. Separate analysis from any PR comment. Seed prompt injection in an issue and source fixture; demonstrate that it cannot access secrets or authorize writes.

Perform a deployment rehearsal in a disposable environment. Record health checks, metrics, logs, alert thresholds, rollback decision, and recovery time. Deployment itself requires explicit owner approval.

Graduation rubric

Score each area 0–4: specification, architecture, prompt contracts, context hygiene, testing, security, extension design, parallel integration, CI automation, operations, and handoff. A passing project needs no zeroes, an average of at least 3, and full marks in security and verification. Any fabricated check result is an automatic failure.

FAQ

Must I use every Claude Code feature in production afterward?

No. The capstone demonstrates selection skill. Remove any component whose value does not exceed complexity and risk.

What is the final handoff?

A reproducible bundle: spec, ADR, threat model, code, migrations, tests, commands/results, plugin and marketplace, CI artifact, rollout/rollback, residual risks, and required approvals.

When have I mastered Claude Code?

When you can repeatedly turn ambiguous work into secure, verified, reviewable outcomes—and know when a simpler tool or manual step is better.

Subscribe to our newsletter

Get the latest posts delivered right to your inbox.

Subscribe on LinkedIn