Claude Code for Business

What Claude Code Cannot Do: Honest Limitations for Business Owners

Claude Code is remarkably capable — and the honest answer is that the limitations matter as much as the capabilities for anyone making a build decision. Here is an honest assessment of where Claude Code falls short and what you should not rely on it for.

Genuine Limitations

These are not theoretical edge cases — they are the real failure modes that CC engineers encounter in production work with Claude Code and account for in every project scope.

Cannot make product decisions

Claude Code executes what you specify. If the spec is wrong — wrong user flow, wrong data model, wrong feature scope — it builds the wrong thing perfectly. Product strategy, UX decisions, and feature prioritization are human work.

Cannot guarantee correctness for complex business logic

For standard patterns (authentication, CRUD, API wrappers), Claude Code is highly reliable. For domain-specific business logic — complex pricing rules, regulatory compliance logic, multi-party state machines — output requires careful review by someone who understands the domain.

Cannot maintain quality over very long sessions

Context window limits mean that on large refactors (50,000+ lines changed), quality degrades toward the end of a session. CC engineers structure large tasks into bounded phases to avoid this.

Cannot replace architectural judgment

Should this be a microservice or a monolith? SQL or NoSQL? What are the scaling implications of this approach? These require human engineering judgment grounded in your specific constraints — not pattern matching from training data.

Cannot run in production environments autonomously

Claude Code is a development tool. It should not have write access to production databases, handle live payments, or make production deployments without human review and approval gates.

Hallucination and Correctness Risk

Claude Code can generate code that looks correct but contains subtle bugs — especially in areas where the training data is sparse (unusual library APIs, niche framework patterns, very recent language features) or where the correct behavior requires domain knowledge it does not have.

Where hallucination risk is highest

⚠Third-party API integrations where the API changed after the training cutoff

⚠Security-critical code (authentication flows, encryption, access control)

⚠Database migrations on existing schemas with existing data

⚠Complex async patterns (race conditions, distributed transactions)

⚠Regex for validation of sensitive formats (financial data, medical codes)

CC's mitigation: every security-critical piece of code goes through a senior engineer review before deployment, regardless of the generating tool. Claude Code output is not exempt from code review — it is the starting point.

The Judgment Gap

Claude Code follows instructions extremely well. The gap is judgment — knowing when the instruction itself is wrong, when the requirement conflicts with a non-obvious constraint, or when a seemingly simple ask has expensive downstream implications.

Example: the judgment gap in practice

Prompt: "Add a caching layer to the user query."

Claude Code will implement caching — probably correctly. What it may not catch:

→The query returns personally identifiable information that should not be cached in a shared cache
→The underlying data is updated frequently — a 60-second cache TTL will make the UI show stale data to users
→Your current infrastructure does not have Redis — the simplest cache implementation adds a new dependency

A senior engineer asks these questions before implementing. Claude Code implements.

When You Need a Human Engineer

System architecture design

Before any major build: infrastructure choices, data modeling, API surface design, scalability planning

Security review

Authentication, authorization, payment handling, PII storage — any code that touches sensitive data

Production incident response

Debugging live production issues under time pressure requires human judgment and operational experience

Code review of Claude Code output

All production-bound code should be reviewed by a human who understands the business requirements and constraints

CC's model: Claude Code generates 60–80% of code in a typical project. Human engineers provide architecture direction, domain-specific logic, code review, and production sign-off. The combination delivers faster timelines without the quality risk of pure AI-generated output in production.

FAQ

Is Claude Code safe to use for security-sensitive features?

As a generator, yes — it can draft authentication flows, input validation, and access control logic correctly. But every line of security-critical code should be reviewed by a human who can validate correctness against your specific threat model. Do not ship AI-generated auth code without review.

Can Claude Code handle a legacy codebase?

It depends on the codebase size and structure. Claude Code reads the codebase to understand patterns — but very large monoliths (1M+ lines) exceed the context window. CC engineers work around this by feeding Claude Code specific subsections rather than the full codebase.

What percentage of CC's client code is written by Claude Code?

For new projects: 60–75% of first-pass code is generated by Claude Code. That number drops to 40–50% for complex feature work requiring domain-specific logic. CC engineers drive all architecture decisions, code review, testing strategy, and production deployment regardless of generation source.

Discuss my build approach →

Ready to stop doing this manually?

We map your workflows, deploy the right AI Worker, and guarantee the math pencils out before you sign.

Discuss my build approach →Back to Claude Code for Business