Day 4: What Claude Code Can Actually See In Your Project

Hey, it's G.

Day 4 of the Claude Code series.

Today's topic: What Claude Code can actually see in your project, what it ignores, and how to control what it accesses.

A lot of people think Claude Code magically reads your entire codebase the moment you open it.

It doesn't.

Understanding how it actually works makes you way more effective.

Let me break it down.

The Core Misconception (What People Get Wrong)

What people think happens:

You run claude in your project folder and Claude Code instantly loads every file into memory, analyzes everything, and knows your entire codebase.

What actually happens:

Claude Code reads files on demand. It navigates your project the same way you do — folder by folder, file by file, as needed for the task.

Why this matters:

If you understand this, you stop pasting code into the chat (inefficient) and start just pointing Claude at file paths (clean, fast, effective).

The Concept (How Claude Code Actually Navigates Your Project)

When you run claude inside a project folder, it starts with awareness of your current directory.

It doesn't pre-load every file. That would be slow and expensive.

Instead, it reads files on demand as it needs them to complete your task.

Think of it like a new developer on your team:

They don't memorize the entire codebase on day one.

They navigate to the files relevant to the task, read them, understand the context, and work from there.

That's exactly how Claude Code operates.

What Controls What Claude Code Sees

Three things determine what Claude Code can access:

1. What You Tell It

If you mention a file path, Claude Code reads it.

Example:

> Read /components/AuthForm.tsx and find any validation issues

Claude goes directly to that file, reads it, analyzes it.

2. What It Discovers

Claude Code explores your folder structure as needed to complete tasks.

Example:

> Look at the authentication flow and tell me how it works

What Claude Code does:

• Searches for auth-related files
• Reads relevant components, API routes, config files
• Traces the flow from login form → auth handler → database

It navigates on its own based on the task.

3. What's Blocked

Claude Code automatically respects boundaries:

Automatically ignored:

• Everything in .gitignore
• node_modules/
• .env files (if properly gitignored)
• Build folders (/dist, /build, /.next)
• Hidden system files (.DS_Store, etc.)
• Binary files (images, fonts, compiled code)

Why this is critical for security:

As long as your .gitignore is set up correctly, your secrets (API keys, database passwords, environment variables) stay safe.

How To Work With Claude Code's File System Access

Pattern 1: Let Claude Find Files Itself

For exploratory tasks:

> Look at the authentication flow and tell me how it works

What happens:

• Claude searches your project for auth-related files
• Reads components, routes, utilities as needed
• Traces the flow and explains it

When to use: When you want Claude to figure out what files are relevant.

Pattern 2: Point It Directly at a File

For specific tasks:

> Read /components/AuthForm.tsx and find any validation issues

What happens:

• Claude goes directly to that exact file
• No exploration needed
• Fast and focused

When to use: When you know exactly what file needs attention.

Pattern 3: Point It at a Folder

For broader analysis:

> Look through /app/api/ and list all the API routes we have

What happens:

• Claude reads all files in that folder
• Identifies route files
• Summarizes what each does

When to use: When you want an overview of a specific section of your codebase.

Pattern 4: Ask What It Can See

For orientation:

> List the top-level folder structure of this project

What happens:

• Claude lists directories at the project root
• Shows you what it has access to
• Helps you verify it's in the right place

When to use: First thing on a new project, or when Claude seems confused about your structure.

Real Example (How I Use This)

Scenario: I want Claude to help me understand Resiboko's expense logging flow.

❌ What I used to do:

> Here's my expense form component:
> [paste 200 lines of code]
> 
> And here's my API route:
> [paste 150 lines of code]
> 
> And here's my database schema:
> [paste schema]
> 
> Now explain the flow

Problems:

• Takes forever to paste everything
• Context window fills up fast
• Easy to paste wrong version of code

✅ What I do now:

> Trace the expense logging flow from user clicking "Add Expense" 
> to data being saved in the database. Start with /components/ExpenseForm.tsx

What happens:

• Claude reads /components/ExpenseForm.tsx
• Sees form submit calls /api/expenses
• Reads /app/api/expenses/route.ts
• Sees database insert using Supabase
• Traces the complete flow
• Explains each step

Time saved: 5 minutes per task.

Accuracy improved: Always reading current code, not pasted snapshots.

What Claude Code Automatically Ignores (And Why)

Ignored: Everything in .gitignore

Why this is good:

Your .gitignore typically includes:

• node_modules/ (thousands of dependency files you don't want Claude reading)
• .env (environment variables and secrets)
• /dist or /build (compiled output, not source code)
• .next/ (Next.js build artifacts)

If Claude read these:

• Sessions would be slow (reading unnecessary files)
• Context window would fill with garbage
• Potential security risk if secrets aren't gitignored properly

Ignored: Binary Files

What counts as binary:

• Images (.png, .jpg, .svg)
• Fonts (.woff, .ttf)
• Compiled code
• Videos, PDFs (unless you specifically ask to analyze them)

Why this matters:

Claude Code is for reading and writing code. Binary files don't help it understand your codebase, so they're automatically skipped.

Security Check (Critical Before Running Claude Code)

Before running Claude Code on any project, verify your .env is gitignored.

The check:

# In your project root
cat .gitignore | grep .env

You should see:

.env
.env.local
.env*.local

If you don't see this, add it now:

echo ".env" >> .gitignore
echo ".env.local" >> .gitignore
echo ".env*.local" >> .gitignore

Why this is critical:

If .env isn't gitignored, Claude Code can read it. That means your API keys, database passwords, and secrets are visible to the AI.

Even though Anthropic doesn't store this data maliciously, you still don't want secrets in prompts or logs.

Quick Diagnostic (How To Check What Claude Sees)

On every new project, I run this:

cd ~/projects/my-app
claude

> What's the folder structure of this project?

Claude responds with something like:

Your project structure:
/app
/components
  /ui
  /custom
/lib
/public
/utils
package.json
CLAUDE.md
README.md
next.config.js
tailwind.config.ts
tsconfig.json

What I check:

• ✅ Does it see my main folders (/app, /components, /lib)?
• ✅ Does it see CLAUDE.md?
• ❌ Does it see node_modules/? (Should NOT see this)
• ❌ Does it see .env? (Should NOT see this)

If the summary looks right, Claude Code knows where it is.

From there, it can navigate anywhere I point it.

Common Mistakes (What Not to Do)

Mistake 1: Pasting Code Instead of Using File Paths

❌ Don't do this:

> Here's my code:
> [paste 200 lines]
> 
> Fix the bug

✅ Do this:

> There's a bug in /components/AuthForm.tsx where the form 
> submits with empty fields. Fix it.

Why: Claude reads the actual file, always gets the current version, doesn't waste context window on pasted code.

Mistake 2: Not Checking .gitignore Before Starting

Problem: You run Claude Code, it reads your .env, now your API keys are in the chat history.

Solution: Always verify .env is gitignored first.

Mistake 3: Expecting Claude to Know Everything Instantly

Problem: Asking vague questions and expecting Claude to magically know what you mean.

Example:

> Fix the auth bug

Why this fails: Claude doesn't know which file, what bug, or where to look.

Better:

> There's an auth bug in /lib/auth.ts where the token refresh fails. 
> Check that file and fix it.

Best Practices (What Actually Works)

1. Point Claude at Specific Locations

Instead of:

> Look at the auth code

Be specific:

> Read /lib/auth.ts and /app/api/auth/route.ts

2. Ask Claude to Navigate When You're Unsure

When you don't know where something is:

> Find all files related to user authentication and list them

Claude searches your project and tells you what it found.

3. Verify File Access When Things Seem Off

If Claude seems confused:

> Can you see the /components/ui/ folder? List what's in it.

Sometimes Claude loses track. Asking it to explicitly read a folder reorients it.

My Raw Notes (Unfiltered)

It doesn't load everything upfront. Reads on demand. Respects gitignore which is good for security.

If it seems confused about your project structure just tell it exactly where to look.

Don't paste code into the prompt when you can just give it a file path — way cleaner.

Always double check your .env is in .gitignore before running Claude on any project.

Quick check: claude → "What's the folder structure?" → if it looks right, you're good.

Tomorrow (Day 5 Preview)

Topic: Running commands — how Claude Code executes terminal commands on your behalf and how to control it.

What I'm testing: Can it run npm install? Can it start dev servers? What commands should you allow vs. manually approve? Security implications.

Following This Series

Daily updates for 30 days. Each day builds on the last.

So far:

• Day 1: Setup and installation
• Day 2: Prompting that actually works
• Day 3: CLAUDE.md permanent briefing
• Day 4: What Claude can see in your project (today)
• Day 5: Running terminal commands (tomorrow)

G

P.S. - The single most important takeaway: Verify your .env is in .gitignore before running Claude Code on any project. Security first.

P.P.S. - Stop pasting code into prompts. Just give Claude the file path. It's faster, cleaner, and always uses the current version.

P.P.P.S. - If you're using Claude Code on production projects with sensitive data, what's your security setup? Drop it in the comments. I want to learn from people who've hardened this properly.