Claude Code First Repo Audit Checklist: Map a Codebase Before the First Edit

The first Claude Code session in an existing repository should not start with an edit. It should start with a map. The agent can read fast, but speed is only useful when it knows the entry points, protected areas, proof commands, and business paths that must stay intact.

The search intent here is simple: a beginner wants to use Claude Code on a real codebase without losing control. The job is not to build a feature yet. The job is to make scope, risk, verification, and revenue CTAs visible in 20 minutes.

Related reading: claude-code-getting-started-complete, claude-code-existing-codebase-map, claude-code-harness-lite-workflow.

Why this pattern belongs before the first edit

Claude Code is strongest when the task has a boundary. A useful boundary names the files it may read, the files it may edit, the operations it must not run, and the proof that ends the work. Without that boundary, a beginner prompt can turn into a broad rewrite, and a content change can quietly damage the free PDF, Gumroad, or consultation path.

This pattern also helps revenue work because it connects technical proof with reader proof. A page that builds locally but sends the wrong reader to the wrong product is not finished. A workflow that records scope, command, public URL, and CTA can be improved tomorrow instead of rediscovered from memory.

The practical workflow

1. Read only README, package.json, and the routing entry points first
2. Mark generated code, billing, auth, migrations, and .env as protected areas
3. Limit the first editable surface to three files or fewer
4. Choose one proof command before any patch
5. For content or landing pages, include free PDF, Gumroad, and consultation links in the audit

Situation	Safe move	Proof
Astro content site	Before creating an article, inspect the content collection, slug rules, heroImage usage, and CTA pattern. The article body and the paid route are both part of the audit.	build, diff, URL
React operations dashboard	For a small layout defect, keep the audit to the component, CSS rule, and screenshot proof. Auth and billing stay protected.	screenshot, test
API repository	Start by reading the route path and test command. Keep database migrations and secrets outside the first task.	log, command, handoff

Keep the first pass short. The audit should create a decision, not a giant report. If the decision is still unclear after 20 minutes, the safe next move is to ask for one more file read, not to start editing.

Copy-paste prompt and working code

Audit this repository before the first edit. Do not edit yet. Return entry files, protected areas, files safe to edit, the smallest proof command, and the public URL plus CTA checks.

const audit = {
  repo: "customer-portal",
  intent: "first safe Claude Code session",
  scope: ["README.md", "package.json", "src/routes"],
  protected: [".env", "billing/", "migrations/"],
  proof: ["npm.cmd run build", "git diff --stat"],
};

export function readyForFirstEdit(report) {
  return report.scope.length > 0 &&
    report.protected.length > 0 &&
    report.proof.some((command) => command.includes("build"));
}

console.log(readyForFirstEdit(audit));

The code is intentionally small. It turns an operating idea into a checkable object: scope exists, protected areas exist, and at least one proof command is attached. You can adapt the shape for article publishing, app development, debugging, or team handoff.

Three real examples

Astro content site

Before creating an article, inspect the content collection, slug rules, heroImage usage, and CTA pattern. The article body and the paid route are both part of the audit.

The important part is the proof. Keep one command, one visible page, or one note that shows the work really reached the reader.

React operations dashboard

For a small layout defect, keep the audit to the component, CSS rule, and screenshot proof. Auth and billing stay protected.

The important part is the proof. Keep one command, one visible page, or one note that shows the work really reached the reader.

API repository

Start by reading the route path and test command. Keep database migrations and secrets outside the first task.

The important part is the proof. Keep one command, one visible page, or one note that shows the work really reached the reader.

Failure cases to avoid

• Asking Claude Code to fix everything mixes audit and implementation.
• A local build is not enough when the public URL or CTA still points to the wrong page.
• If protected areas are not written down, a helpful edit can become a production incident.

A second subtle failure is localization drift. The English article may explain the right product path, while another locale keeps an older CTA. That is why the public check must include h1, opening body, and CTA language for every locale, not only a frontmatter lang field.

How to route readers to PDF, Gumroad, and consultation

If the reader still needs command fluency, send them to the free cheatsheet. If setup, permissions, CLAUDE.md, hooks, MCP, or CI/CD are the bottleneck, the Setup Guide is the best paid next step. If the pain is repeated review, debugging, and refactoring prompts, route them to 50 Prompt Templates. If the work involves team rollout, workflow design, or revenue paths, use consultation. Readers who want to compare options can start at products.

Do not force every reader into the paid product immediately. Beginner readers usually need a low-friction PDF first. Intermediate readers who repeat the same prompts are closer to templates. Readers blocked by permissions, CLAUDE.md, hooks, MCP, or CI/CD are closer to the Setup Guide. Teams and operators with process questions are closer to consultation.

What to verify before and after publishing

For this article, verification means h1, opening body, heroImage, internal links, Gumroad links, and the consultation path all point to the same reader intent. HTTP 200 is not enough if the page body or CTA sends readers to the wrong next action.

For multilingual publishing, verify Japanese, English, Chinese, Korean, Spanish, French, German, Portuguese, Hindi, and Indonesian separately. The slug can match while the body is still stale. Screenshots at mobile width catch this faster than frontmatter checks because you can see the opening paragraph and CTA together.

Metrics to watch next

Watch PDF starts, Gumroad clicks, product-page visits, training-page visits, search source, country mix, and article-to-CTA click rate for this slug. If pageviews rise but Gumroad clicks stay flat, the article needs a stronger product match. If consultation visits rise from a technical article, the reader probably needs workflow design, not another generic tutorial.