Skip to content
BSWEN
Blog

How Do I Use Claude Code Safely in CI/CD Pipelines with Budget Controls?

Cowrie
Cowrie
Dev @ Bswen

Problem

I wanted to run Claude Code in my CI/CD pipelines for automated code reviews and security analysis. But I had a problem that kept me up at night: what if the agent runs forever?

Here’s what I was worried about:

Scenario 1: An agent encounters a tricky bug and enters an infinite reasoning loop, consuming tokens indefinitely until someone notices the bill.


Scenario 2: A runaway agent exhausts my Anthropic API credits, costing hundreds or thousands of dollars before I catch it.


Scenario 3: A CI/CD job triggers Claude Code 100 times in a day, each running longer than expected, creating an unexpected budget disaster.

Traditional CI/CD safety nets like timeouts don’t work here. A 10-minute timeout might stop the process, but not before Claude has spent $50 in API costs. I needed something different - a way to control both execution time AND money spent.

What I Tried First

My first attempt was naive. I just added -p to make Claude Code non-interactive:

First attempt - unsafe!
claude -p "Review this PR for security issues"

This worked for basic automation. The -p flag tells Claude Code to run in print mode, outputting results to stdout without requiring user interaction. Perfect for CI/CD, right?

Wrong. I quickly realized two problems:

  1. No loop prevention: If Claude gets stuck on a complex problem, it keeps reasoning. There’s no limit on turns or iterations.

  2. No cost ceiling: The agent could spend any amount on API calls. A single run might cost $0.50 or $50.00 - I had no control.

I needed additional safeguards.

The Solution: Three Flags for Safe Automation

I discovered that Claude Code provides three flags specifically designed for safe CI/CD automation. Used together, they create a comprehensive safety net.

Flag 1: -p (Print Mode)

Print mode for non-interactive execution
claude -p "Review this code"

This flag enables non-interactive mode. Claude Code outputs results to stdout and exits without waiting for user input. Essential for pipelines where no human is present.

Flag 2: --max-turns (Execution Limit)

Limit reasoning cycles
claude -p --max-turns 5 "Analyze this codebase"

This flag limits how many reasoning cycles the agent can perform. Each “turn” is one round of thinking and tool use. If I set --max-turns 5, the agent stops after 5 cycles, regardless of whether the task is complete.

Why does this matter? AI agents can enter infinite loops when they encounter difficult problems. They try approach A, fail, try approach B, fail, go back to A, and cycle forever. --max-turns prevents this at the logic level.

Flag 3: --max-budget-usd (Financial Circuit Breaker)

Hard cost limit
claude -p --max-budget-usd 2.00 "Review this PR"

This flag sets an absolute dollar limit. The agent cannot exceed this cost, even if it hasn’t finished its task. It’s a financial circuit breaker that guarantees cost predictability.

The budget applies to API costs - input tokens, output tokens, and tool uses. When the limit is reached, the agent stops immediately and reports the budget exhaustion.

Putting It All Together

Here’s how I use all three flags in a real CI/CD pipeline:

GitHub Actions workflow with budget controls
name: AI Code Review


on:
  pull_request:
    types: [opened, synchronize]


jobs:
  ai-review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4


      - name: Run Claude Code Review
        env:
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
        run: |
          # Get PR diff and analyze with budget controls
          gh pr diff ${{ github.event.pull_request.number }} | \
          claude -p \
            --max-turns 4 \
            --max-budget-usd 1.00 \
            "Review this PR for: 1) Security issues 2) Code quality 3) Breaking changes"

This configuration guarantees:

  • Non-interactive execution: Runs in CI without hanging
  • Maximum 4 reasoning cycles: Prevents infinite loops
  • Maximum $1.00 cost: Financial ceiling per PR review

Now I can safely run this across dozens of repositories and hundreds of PRs per day without worrying about runaway costs.

Why Budget Controls Matter

Budget controls enable trust in autonomous systems. When I know a CI/CD job cannot exceed $2.00, I can confidently:

  1. Deploy it widely: Run it on every PR in my organization
  2. Sleep at night: No surprise bills from runaway agents
  3. Scale automation: Move from manual code review to AI-assisted review

This transforms Claude Code from a developer tool into infrastructure. Teams can automate code reviews, security audits, documentation generation, and test writing without monitoring every run.

Common Mistakes

I made several mistakes when setting up CI/CD automation. Here’s what I learned:

Mistake 1: Using only -p flag

WRONG - no cost control
claude -p "Review this code"

This leaves you vulnerable to runaway costs. Always add budget limits.

Mistake 2: Setting --max-turns too high

WRONG - too many turns
claude -p --max-turns 50 --max-budget-usd 1.00 "Review this code"

With 50 turns allowed, the agent could spend significant time before hitting the budget. For most tasks, 3-5 turns is sufficient.

Mistake 3: Forgetting per-invocation costs

Budget applies per run
# This script could cost 100 x $2.00 = $200 total
for file in ./src/**/*.ts; do
  claude -p --max-budget-usd 2.00 "Analyze $file"
done

The budget limit applies per invocation. Running a job 100 times still costs 100x the limit.

Mistake 4: Treating AI like traditional CLI tools

Traditional CLI tools have bounded execution - grep, sed, awk all finish in predictable time with predictable costs. AI agents are different because their cost scales with reasoning, not just computation. I learned this the hard way when a “simple” analysis task ran for 15 minutes and cost $8.

Practical Examples

Here are some patterns I use in production:

Security Review Pipeline

Security review with JSON output
claude -p \
  --max-turns 3 \
  --max-budget-usd 1.50 \
  --output-format json \
  "Analyze the codebase at ./src for OWASP Top 10 vulnerabilities. Output as structured JSON."

This produces machine-readable output I can parse and alert on.

Batch File Processing

Process multiple files with individual budgets
#!/bin/bash


BUDGET_PER_FILE=0.50
MAX_TURNS=3


for file in ./src/**/*.ts; do
  echo "Analyzing $file..."


  claude -p \
    --max-turns $MAX_TURNS \
    --max-budget-usd $BUDGET_PER_FILE \
    "Suggest refactoring improvements for this TypeScript file. Be concise." \
    < "$file"
done

Each file gets its own budget, preventing any single analysis from consuming too much.

Environment Configuration

CI/CD environment defaults
# .env for CI/CD (inject via secrets)
ANTHROPIC_API_KEY=sk-ant-xxxxx


# Recommended defaults for automated workflows
export CLAUDE_MAX_TURNS=5
export CLAUDE_MAX_BUDGET=2.00
export CLAUDE_OUTPUT_FORMAT=json

Setting environment variables ensures consistent limits across all automation.

Structured Output for Automation

Generate structured audit report
claude -p \
  --max-turns 5 \
  --max-budget-usd 2.00 \
  --output-format json \
  --json-schema ./schemas/security-audit.schema.json \
  "Analyze the codebase at ./src for OWASP Top 10 vulnerabilities"

Using JSON output with a schema lets me parse results programmatically and integrate with other tools.

Choosing the Right Limits

I’ve found these starting points work well:

Task TypeMax TurnsBudget (USD)Reasoning
Simple PR review3$0.50-$1.00Quick analysis, no deep exploration
Security audit5$1.50-$2.00Needs thorough scan but bounded scope
Complex refactoring5-10$2.00-$5.00More reasoning, higher complexity
Documentation generation3$0.50Simple extraction and formatting

Start conservative. If tasks routinely hit budget limits without completing, increase gradually. If tasks finish well under budget, you have room to reduce.

What Happens When Limits Are Reached?

When Claude Code hits a limit, it stops gracefully:

  • --max-turns reached: Agent stops and returns a partial result with a message like “Maximum turns reached”
  • --max-budget-usd reached: Agent stops immediately with budget exhaustion notification

Both cases give you actionable output. You can then decide whether to:

  1. Increase limits and retry
  2. Use the partial result
  3. Split the task into smaller pieces

Summary

In this post, I showed how to use Claude Code safely in CI/CD pipelines with budget controls. The key point is combining three flags: -p for non-interactive execution, --max-turns to prevent infinite reasoning loops, and --max-budget-usd to enforce a hard financial ceiling.

This combination transforms Claude Code from a developer tool requiring supervision into trusted automation infrastructure. I can now run AI-powered code reviews, security audits, and documentation generation across my entire organization without worrying about runaway costs or infinite loops.

Next steps:

  1. Add budget controls to your existing CI/CD pipelines
  2. Start with conservative limits ($1-2 per run, 3-5 turns)
  3. Monitor actual usage and adjust limits based on real data
  4. Implement structured output for programmatic integration

The peace of mind from knowing your automation has hard cost limits is worth the few seconds it takes to add these flags.

Final Words + More Resources

My intention with this article was to help others share my knowledge and experience. If you want to contact me, you can contact by email: Email me

Here are also the most important links from this article along with some further resources that will help you in this scope:

Oh, and if you found these resources useful, don’t forget to support me by starring the repo on GitHub!

Comments

Tags: