The Prompts Claude Code's Creator Actually Uses: Real Examples
I spent hours crafting elaborate prompts for Claude Code. Every instruction meticulously worded, every edge case anticipated. Then I saw what Boris Cherny—the person who literally built Claude Code—actually uses.
My prompts looked like this:
I need you to review the code in src/auth/login.ts for potential securityissues. Please check for SQL injection, XSS vulnerabilities, and make surethe authentication flow follows OWASP best practices. Also verify that theerror handling doesn't leak sensitive information...His prompts look like this:
Grill me on these changes. Don't make a PR until I pass your test.That’s it. Five words.
The Three Patterns
From a Reddit discussion in r/PromptEngineering, Boris shared three prompt types he actually uses:
1. Review Prompts: “Grill me”
Grill me on these changes and don't make a PR until I pass your test.What happens when I use this:
Claude: Looking at your auth.ts changes:
1. Line 47: You're using == instead of ===. Why?2. The token refresh logic doesn't handle concurrent requests. What happens if two API calls trigger refresh simultaneously?3. No rate limiting on the login endpoint. Is this intentional?
Answer these before I create the PR.The word “grill” sets a confrontational tone. Claude stops being polite and starts being thorough. The “don’t make a PR” constraint creates a gate—I have to actually think about the answers.
2. Pivot Prompts: “Scrap this”
Knowing everything you know now, scrap this and implement the elegant solution.I used to write:
I think my current implementation is too complex. I have three separatefunctions that all do similar things but with slight variations. Maybewe could refactor this into a single generic function that acceptsparameters for the variations? Or perhaps use a strategy pattern?The problem: I’m prescribing the solution. “Strategy pattern” limits Claude to that approach. “Generic function” constrains the thinking.
When I say “elegant solution,” Claude defines elegant. Sometimes that means a strategy pattern. Sometimes it means deleting half the code. Sometimes it means a completely different architecture I hadn’t considered.
3. Fix Prompts: One word
[error log paste]Fix.Here’s what I used to do:
I'm getting this error when I run my tests. I think it might be relatedto the changes I made to the database connection pooling yesterday.The error happens intermittently, usually when there are more than10 concurrent requests. I tried increasing the pool size but thatdidn't help. Could you look at this and suggest a fix?The error log already contains:
- The error message
- The stack trace
- The file and line number
- Often, the root cause
Adding “I think it might be related to…” biases Claude toward my theory—which might be wrong. Adding “I tried increasing pool size” adds noise.
Why Brevity Works
VERBOSE PROMPT:┌─────────────────────────────────────────────────────────────┐│ You: "Please review this code for security issues by ││ checking for SQL injection, XSS, and..." ││ ││ Claude: [Does exactly what you specified] ││ [Might miss CSRF because you didn't mention it] ││ [Follows YOUR security checklist, not the full one]│└─────────────────────────────────────────────────────────────┘
SHORT PROMPT:┌─────────────────────────────────────────────────────────────┐│ You: "Grill me on these changes." ││ ││ Claude: [Defines what "grilling" means] ││ [Uses full security knowledge] ││ [Finds issues you didn't know to ask about] │└─────────────────────────────────────────────────────────────┘Long prompts constrain. Short prompts trust.
The pattern:
YOUR PROMPT CLAUDE'S FREEDOM───────────────── ──────────────────"Fix X by doing Y" ZERO (you gave the solution)"Fix X" LOW (you defined the problem)"Fix" HIGH (error defines problem)"Grill me" MAXIMUM (Claude defines everything)When Short Prompts Fail
Brevity isn’t always the answer. I need more context when:
SHORT PROMPT WORKS WHEN:✓ Claude has the files open✓ The error/goal is clear from context✓ I want Claude to reason freely
ADD MORE CONTEXT WHEN:✗ Claude doesn't have relevant files✗ Goal is ambiguous (what does "improve this" mean?)✗ Domain knowledge is missing (industry-specific rules)✗ Multiple valid interpretations existExample of when to add context:
# TOO SHORT - Claude doesn't know which database:"Optimize this query."
# BETTER - Gives Claude the constraint it needs:"This query runs 1000x in a batch. It's hitting our PostgreSQLreplica and causing lag. Optimize for read load."The Philosophy
Boris’s approach: “Don’t babysit.”
I realized my verbose prompts were a form of distrust. I was spelling everything out because I didn’t trust Claude to figure it out. But Claude Code has:
- My files
- My git history
- My error logs
- Its own training on what good code looks like
The context is already there. My job is to point, not to explain.
My New Workflow
BEFORE:Write detailed prompt → Wait → Get exactly what I asked for (often not what I needed)
AFTER:Paste context → Short directive → Claude reasons → Better outcome (often finds issues I didn't know about)The prompts that would fail English class—fragments, single words, confrontational tone—are the ones that work best.
Stop writing prompt novels. Start writing prompt telegrams.
Final Words + More Resources
My intention with this article was to help others share my knowledge and experience. If you want to contact me, you can contact by email: Email me
Here are also the most important links from this article along with some further resources that will help you in this scope:
Oh, and if you found these resources useful, don’t forget to support me by starring the repo on GitHub!
Comments