Code Generation | AI Training Hub

Claude Track

Module 13

Claude Track — Module 13

The Security Bug Claude Caught: ThreadCo's developer had Claude review @webhook-handler.ts before merging. Claude flagged a missing Stripe signature verification — a real vulnerability. No API call, no script. Just: "Review this file for security issues" with the file attached.

Code Generation & Debugging with Claude Code

Claude Code in VS Code is a full coding partner. It reads your files, writes and edits code, runs tests, and reviews changes — all from the chat panel or with inline edits via Ctrl+K.

Task	How to do it in Claude Code	Tip
Write a new function	Place cursor where you want it → Ctrl+K → describe what it should do	Mention the signature and edge cases you care about
Debug an error	Paste the error + stack trace in chat, or @ the file and say "line 42 is failing with…"	Ask Claude to explain why, not just fix — you'll learn faster
Code review	"Review @pr-changes.ts for security, performance, and readability. Rate each 1–10."	Use Opus for complex security reviews; Sonnet for routine checks
Refactor	"Refactor @orders.ts for readability. Do not change behaviour. Add JSDoc comments."	Review the diff before accepting — Claude is thorough but not always conservative
Write tests	"Write Jest tests for @cart.ts. Cover the happy path plus empty cart and invalid product ID."	Ask for tests before the implementation to drive TDD
Explain unfamiliar code	"Explain @legacy-auth.js line by line. I'm not familiar with this pattern."	Follow up with "what would you change and why?" for a free design review

Always Review the Diff

When Claude proposes an edit, VS Code shows a diff before you accept. Read it. Claude is accurate but not infallible — especially for niche library APIs or code paths it cannot fully see without being given all the relevant files.

Inline Editing with Ctrl+K

Select the Code

Highlight the lines you want Claude to change — or place your cursor at an insertion point for new code.

Press Ctrl+K

A small inline prompt bar appears. Type your instruction: "Add null check for userId" or "Rewrite this loop as a .map() call".

Review the Diff

Claude shows the proposed change highlighted in the editor. Green = added, red = removed.

Accept or Reject

Press Tab to accept the change, or Escape to discard it. You can also edit Claude's suggestion before accepting.

ThreadCo: Reviewing the Webhook Handler

Chat Panel — Security Review Request

You (in Claude Code chat):
Review @webhook-handler.ts for security issues.
Focus on: input validation, authentication, and anything
that could be exploited by a malicious POST request.

Rate each issue: Critical / High / Medium / Low.

Claude responds:
CRITICAL: Missing Stripe signature verification (line 14).
Any HTTP client can send fake webhook events. Add:

  const sig = req.headers['stripe-signature'];
  stripe.webhooks.constructEvent(payload, sig, process.env.STRIPE_SECRET);

HIGH: Raw body not preserved — signature verification will fail
because body-parser is consuming the stream before verification.
...

      Run Tests from Chat: Type "run the tests for @cart.ts" and Claude opens the integrated terminal, executes the test command, reads the output, and either confirms everything passed or starts debugging the failures — without you leaving the chat panel.
    

← Reasoning & Analysis Next: Tools & Agents →