
Claude Architect Certification Articles 50–54: Governance, Security, and the Safe Use of Claude Code
- Mark Kendall
- 4 hours ago
- 8 min read
Claude Architect Certification Articles 50–54: Governance, Security, and the Safe Use of Claude Code
At this point in the certification journey, we have talked a lot about what Claude Code can do.
It can inspect a repo.
It can plan.
It can write code.
It can run commands.
It can use tools.
It can work with subagents, hooks, skills, memory, MCP, and SDK-based workflows.
That is powerful.
But for an architect, power is never the whole story.
The real question is:
Can we safely place this capability inside an enterprise engineering system?
That is what Articles 50 through 54 are about.
This is the governance post.
This is the security post.
This is the “do not let the agent run wild” post.
Because in a real company, success is not just about generating code faster. Success is about delivering safely, repeatedly, securely, and with enough evidence that leaders, engineers, auditors, and production teams can trust the result.
Claude Code is not just a productivity tool.
It is a new control surface inside the engineering organization.
And architects have to design that control surface carefully.
50. Permissions: The Agent Should Not Have Unlimited Power
The first enterprise architecture principle is simple:
Claude Code should only have the permissions it needs to do the job.
That sounds obvious.
But it is one of the most important ideas in AI engineering.
A human engineer may understand what not to touch. An AI agent needs those boundaries made explicit.
If Claude Code can read everything, modify everything, run anything, and call every tool, then the organization has created a risk surface.
The answer is not to avoid Claude Code.
The answer is to design permissions correctly.
Permissions should match the type of work.
A documentation task may only need read access and markdown edits.
A frontend task may need access to components, tests, and local browser validation.
A backend task may need source code, test commands, and local configuration.
A DevOps task may need infrastructure files, but should not automatically deploy to production.
A security-sensitive task may require human approval before any change is accepted.
This is where architects need to think clearly.
Not every task deserves the same authority.
A good enterprise pattern is:
Read broadly, write narrowly, execute carefully, deploy rarely, approve explicitly.
That means Claude can often inspect a lot of context, but its ability to change files, run commands, call tools, or touch environments should be controlled.
The architect should ask:
What can Claude read?
What can Claude modify?
What commands can Claude run?
What tools can Claude call?
What MCP servers are available?
What actions require approval?
What environments are off limits?
What logs are captured?
What evidence is required?
This is not bureaucracy.
This is how we make AI usable in serious engineering.
For certification, the key point is:
Permissions are architectural boundaries.
They define where the agent can act, where it can only observe, and where a human must decide.
51. Security: Treat the Agent Like a Powerful Engineering User
Claude Code should be treated like a capable engineering user.
Not like a toy.
Not like a magic box.
Not like a harmless autocomplete tool.
It can read source code, reason about systems, generate changes, invoke tools, and potentially touch sensitive paths depending on how it is configured.
That means the architect should apply the same security thinking used for humans, automation, CI/CD, and service accounts.
The principle is least privilege.
The agent should not receive secrets casually.
It should not be given production credentials unless there is a very specific, controlled reason.
It should not bypass code review.
It should not be allowed to modify sensitive files without review.
It should not introduce dependencies without justification.
It should not make security decisions invisibly.
This is especially important with MCP.
MCP is powerful because it connects Claude to external systems.
But external systems can include Jira, Confluence, GitHub, databases, cloud platforms, observability tools, internal APIs, ticketing systems, and more.
That means MCP needs boundaries.
A read-only MCP server for documentation is very different from a write-enabled MCP server that can update tickets, trigger deployments, or modify infrastructure.
The architect has to classify tools.
A simple classification might be:
Low risk
Read documentation, summarize repo files, inspect tickets, search architecture notes.
Medium risk
Create branches, update non-production files, generate test data, comment on tickets.
High risk
Modify infrastructure, change authentication logic, rotate secrets, update production data, trigger deployments.
Restricted
Production credentials, customer data, payment systems, regulated data, destructive operations.
That classification tells the team what Claude may do automatically, what needs approval, and what should be prohibited.
For the certification, remember this:
Security is not a feature added later. Security is part of the agent architecture.
A safe Claude Code design does not rely on everyone “being careful.”
It puts the controls into the workflow.
52. Governance: Hooks, Skills, and Memory Should Carry the Rules
Governance sounds heavy.
But in Claude Code architecture, governance can be very practical.
Governance means the engineering system has rules, and those rules are visible, repeatable, and enforceable.
This is where hooks, skills, and memory become important.
A memory file can tell Claude the durable rules of the repo:
How the system is structured
What commands are approved
What patterns must be followed
What files should be avoided
How tests should be run
What security rules apply
What “done” means
A skill can package a repeatable governed process:
How to review an API change
How to validate a React component
How to inspect infrastructure changes
How to generate evidence
How to prepare a release summary
How to evaluate security risk
A hook can enforce behavior automatically:
Run formatting after edits
Run tests after implementation
Check for secrets before commit
Validate that the intent file exists
Generate an evidence report
Block unsafe commands
Require approval for sensitive changes
Anthropic’s Claude Code docs describe hooks as user-defined shell commands that execute at specific lifecycle points, which is exactly why they are so useful for governance: they turn “please remember to do this” into deterministic control. (Claude Platform Docs)
This is a big architect-level idea:
Governance should not live only in meetings and documents. Governance should live inside the engineering loop.
That is the difference between policy and operating model.
A policy says:
“All changes must be tested.”
A governed Claude Code loop says:
“After code changes, run the approved test command, capture the result, and attach evidence to the PR summary.”
A policy says:
“Do not expose secrets.”
A governed Claude Code loop says:
“Run secret scanning before commit and block the workflow if a secret is detected.”
A policy says:
“Follow architecture standards.”
A governed Claude Code loop says:
“Read CLAUDE.md, inspect existing patterns, and validate the change against the documented architecture rules before implementation.”
That is where this becomes enterprise-ready.
The rules are no longer just words.
The rules become executable.
53. Auditability: If It Is Not Recorded, It Did Not Happen
Enterprise engineering needs auditability.
That does not mean every task needs a giant compliance report.
It means important work should leave a trace.
When Claude Code helps deliver a change, the team should be able to answer:
What was the original intent?
What context did Claude use?
What files changed?
What tools were invoked?
What commands were run?
What tests passed or failed?
What evidence was captured?
What risks were identified?
What human approvals occurred?
What release decision was made?
That is auditability.
And auditability is what turns AI work into professional engineering work.
Without auditability, AI work becomes hard to trust.
The agent says it did the job.
The code appears to work.
But nobody knows what assumptions were made, what tools were used, or what validation actually happened.
That is not enough for enterprise delivery.
A good Claude Code architecture should produce artifacts.
Those artifacts may include:
Intent file
Context summary
Implementation plan
Change summary
Test output
Screenshots
Logs
Security scan output
PR description
Risk assessment
Release recommendation
This is very close to how strong engineering teams already work.
Claude Code simply gives us a way to automate and standardize more of it.
For certification, the core principle is:
Evidence creates trust. Auditability preserves trust.
Evidence proves the specific change.
Auditability proves the process.
Together, they allow teams to move faster without losing control.
This is also where enterprise leaders get interested.
Executives do not just want to hear:
“We used AI.”
They want to know:
“Did AI improve delivery without increasing risk?”
Auditability helps answer that question.
It lets a team compare before and after:
Cycle time
Rework
Defects
Escaped issues
Test coverage
Deployment confidence
Lead time to production
Number of blocked stories
UAT-to-prod friction
That is how AI becomes measurable.
And measurable AI is much easier to defend.
54. When Not to Let the Agent Act
This might be the most important article in the set.
A good Claude architect knows when to use the agent.
A great Claude architect knows when not to.
There are times when Claude Code should not act autonomously.
It may still help analyze, summarize, compare, or propose options.
But it should not directly change or execute without human approval.
Examples include:
Production deployments
Data deletion
Customer data changes
Payment logic
Authentication and authorization changes
Secrets management
Infrastructure destruction
Compliance-sensitive systems
Legal or regulatory workflows
Security incident response
Major architectural rewrites
Cross-team API contract changes
In those cases, Claude can still be extremely useful.
It can prepare a plan.
It can identify risk.
It can compare alternatives.
It can draft migration steps.
It can generate test cases.
It can prepare rollback instructions.
It can produce a human review checklist.
But the decision should stay with people.
That is not weakness.
That is architecture.
The goal is not full autonomy everywhere.
The goal is appropriate autonomy.
Some work can be automated.
Some work can be agent-assisted.
Some work should remain human-approved.
Some work should be blocked entirely.
A useful model is:
Assist
Claude explains, researches, summarizes, or plans.
Act with limits
Claude makes low-risk changes inside controlled boundaries.
Act with approval
Claude prepares the change, but a human must approve before execution.
Do not act
Claude may only provide analysis because the risk is too high.
This is how architects should think about AI engineering maturity.
Not as a binary question of “agent or no agent.”
But as a decision model.
For certification, remember this phrase:
Autonomy should be earned by context, controls, and evidence.
If context is weak, limit autonomy.
If controls are missing, limit autonomy.
If evidence cannot be captured, limit autonomy.
If risk is high, require approval.
That is the responsible way to bring Claude Code into enterprise delivery.
The Combined Lesson: Safe Acceleration Beats Blind Automation
Articles 50 through 54 are about one big idea:
Safe acceleration beats blind automation.
Claude Code can make engineering faster.
But speed without governance creates risk.
The architect’s job is to create the environment where AI can help without turning the engineering process into a black box.
That means designing:
Permissions
Security boundaries
MCP access rules
Hook-based enforcement
Skill-based standards
Memory-based project guidance
Evidence capture
Audit trails
Human approval points
Release decision models
This is what separates enterprise AI engineering from casual AI coding.
Casual AI coding says:
“Let Claude do it.”
Enterprise AI architecture says:
“Let Claude do the right work, with the right access, under the right controls, producing the right evidence, so the right person can make the right decision.”
That is the architect mindset.
And it is exactly the mindset to carry into the Claude Architect certification exam.
The exam is not just about knowing feature names.
It is about understanding the system.
Claude Code is powerful because it can operate inside the development workflow.
But that power has to be shaped.
Permissions shape what it can do.
Security shapes what it should never do.
Governance shapes how it behaves.
Auditability shapes how we trust it.
Human decision points shape where responsibility belongs.
That is how Claude Code becomes enterprise-ready.
That is how Intent-Driven Engineering becomes safe.
And that is how AI-asted delivery becomes something a serious organization can actually run.
:::That sets up 55–60 perfectly: the final prep article should be the “architect’s exam mindset” — tool selection, simplicity, workflows vs agents, when to use API/SDK/MCP/Claude Code, and how to answer scenario questions like an architect instead of a developer.

Comments