Claude Code Routines: How to Run Automated Dev Tasks While You Sleep
By EndOfCoding
Anthropic just shipped one of the most practically useful Claude Code features since its launch: Routines. Claude Code Routines let you define scheduled, automated workflows that run without you — overnight code reviews, morning test reports, weekly dependency audits, daily documentation updates. The promise is simple: your AI coding assistant no longer needs you to be at the keyboard. You define what you want done, when, and under what conditions. Claude Code executes it, commits the results, and you wake up to completed work. Alongside Routines, Anthropic shipped a significant desktop UI overhaul — a dedicated Claude Code app for macOS and Windows that gives Routines a home outside the terminal and makes multi-session management significantly easier. This post covers what Routines actually are, how to set them up, practical patterns that work today, and how to think about automating your development workflow with scheduled AI execution.
What You'll Learn
You'll understand what Claude Code Routines are and how they work technically, the difference between interactive Claude Code sessions and Routines execution, how to write your first Routine and schedule it, five practical Routine patterns that work immediately, the new desktop UI and what it adds to multi-session management, the security model for Routines (what can and can't run unattended), and how Routines fit into a broader automated AI development workflow.
What Claude Code Routines Actually Are
Routines are scheduled Claude Code task definitions — YAML files that specify a task, its schedule (cron syntax), its allowed tools, and its output handling. When the schedule fires, Claude Code executes the task autonomously, using only the tools you've pre-authorized, and commits or reports results according to your specification.
The key architectural difference from an interactive Claude Code session:
Interactive session:
├── You're present
├── Claude asks clarifying questions
├── You approve/reject tool use in real time
├── You guide the session when it goes off track
└── Session ends when you close the terminal
Routine:
├── You're absent
├── Claude executes the defined task spec
├── Tools are pre-authorized in the Routine definition
├── If the task fails, it reports the failure (doesn't prompt you)
└── Runs on schedule, commits results, exits
Routines are not general-purpose autonomous agents. They're bounded automation: the task is defined, the tools are pre-authorized, the output is specified. What runs unattended is the execution — not the decision about what to do.
Setting Up Your First Routine
First, update Claude Code to the version that includes Routines:
npm update -g @anthropic-ai/claude-code
# Routines available in v1.5.0+
# Verify
claude --version
Routines live in .claude/routines/ in your project root. Each Routine is a YAML file:
# .claude/routines/morning-test-report.yaml
name: morning-test-report
description: Run tests and generate a summary report of failures
schedule: "0 8 * * 1-5" # 8am Monday-Friday
task: |
Run the full test suite with `npm test`.
If any tests fail:
1. Identify which tests failed and why
2. Check if the failure is new (compare to last commit)
3. If new failure: create a GitHub issue with title "Test failure: [test name]"
and body containing the error output and a brief diagnosis
4. If pre-existing failure: add a comment to any existing issue
Generate a summary report at .claude/reports/test-report-$(date +%Y%m%d).md
with: total tests, passing, failing, new failures, pre-existing failures.
tools:
- bash # Run npm test
- read # Read source files for diagnosis
- write # Write the report
- github # Create/comment on issues
output:
commit: false # Don't auto-commit (report only)
notify: slack # Send summary to Slack on completion
on_failure:
notify: slack
message: "Morning test Routine failed to complete — manual check needed"
Enable the Routine:
claude routine enable morning-test-report
# List enabled Routines
claude routine list
# Run manually to test before scheduling
claude routine run morning-test-report
Five Practical Routine Patterns
Pattern 1: Overnight Dependency Audit
# .claude/routines/weekly-deps-audit.yaml
name: weekly-deps-audit
description: Audit dependencies for vulnerabilities and outdated packages
schedule: "0 2 * * 0" # 2am Sunday
task: |
Run `npm audit` and capture output.
Run `npm outdated` and capture output.
For each critical or high vulnerability:
1. Look up the CVE details
2. Check if a patched version exists
3. Draft an upgrade in package.json (don't commit yet)
Generate a report at .claude/reports/deps-audit-$(date +%Y%m%d).md with:
- Critical vulnerabilities (with CVE IDs and fix versions)
- High vulnerabilities
- Packages more than 2 major versions behind
- Recommended upgrade commands
Create a GitHub issue "Weekly dependency audit [date]" with the report content
if any critical vulnerabilities are found.
tools:
- bash
- read
- write
- github
output:
commit: false
notify: slack
Pattern 2: Nightly Code Quality Sweep
# .claude/routines/nightly-quality.yaml
name: nightly-quality
description: Run linting, type checking, and code quality analysis overnight
schedule: "0 1 * * *" # 1am daily
task: |
Run `npm run lint` and capture any new lint errors (compare to baseline).
Run `npx tsc --noEmit` and capture TypeScript errors.
Run code complexity analysis on src/ — flag any functions over 50 lines
or cyclomatic complexity over 10.
For each new issue found (not in the baseline from last run):
- Add a TODO comment to the relevant file
- Add to the quality tracking log at .claude/reports/quality-log.md
Update baseline file at .claude/reports/quality-baseline.json with today's counts.
tools:
- bash
- read
- write
- edit
output:
commit: true
commit_message: "chore: nightly quality sweep [date]"
files_to_commit:
- ".claude/reports/"
- "src/**/*.ts" # Only files with added TODO comments
Pattern 3: Documentation Freshness Check
# .claude/routines/weekly-docs-freshness.yaml
name: weekly-docs-freshness
description: Check if documentation is out of sync with code changes
schedule: "0 9 * * 1" # 9am Monday
task: |
Compare git log from the past 7 days against documentation files.
For each code file changed in the last 7 days:
1. Check if there's a corresponding documentation file
2. If yes: compare the code changes to the doc content
3. Flag any documentation that describes behavior the code no longer implements
4. Flag any new exported functions/APIs that have no documentation
Generate a report at .claude/reports/docs-freshness-$(date +%Y%m%d).md
with: docs that need updating, new APIs without docs, outdated descriptions.
tools:
- bash
- read
- write
output:
commit: false
notify: slack
Pattern 4: Pre-Merge Security Scan
# .claude/routines/pr-security-scan.yaml
name: pr-security-scan
description: Security scan triggered on PR creation
trigger: github_event # Runs on event, not schedule
github_event: pull_request.opened
task: |
Review the changed files in this PR for:
1. SQL injection patterns (string concatenation in queries)
2. XSS vulnerabilities (unsanitized user input in output)
3. Authentication bypasses (missing auth checks on protected routes)
4. Secrets in code (API keys, passwords, tokens)
5. Insecure direct object references
For each finding:
- Post a PR review comment at the relevant line
- Classify severity: critical, high, medium, low
If any critical findings: request changes on the PR
If only medium/low: approve with comments
Post a summary comment with: total issues by severity, key findings.
tools:
- bash
- read
- github
output:
commit: false # Security scan doesn't modify code
Pattern 5: Morning Standup Prep
# .claude/routines/standup-prep.yaml
name: standup-prep
description: Generate standup notes from yesterday's commits and open issues
schedule: "30 8 * * 1-5" # 8:30am Monday-Friday
task: |
Review git log from the past 24 hours.
Review open GitHub issues assigned to the current user.
Review PRs that need review or are awaiting merges.
Generate a standup note at .claude/reports/standup-$(date +%Y%m%d).md with:
- Yesterday: summary of commits merged (2-3 bullets)
- Today: highest-priority open issues and PRs (2-3 bullets)
- Blockers: PRs waiting for review, failing tests, unresolved issues
Keep each section to 2-3 bullets maximum.
tools:
- bash
- read
- write
- github
output:
commit: false
notify: slack
slack_message_format: "standup_report" # Uses Slack-formatted summary
The New Desktop UI
Alongside Routines, Anthropic shipped a standalone Claude Code desktop application for macOS and Windows. Previously, Claude Code was terminal-only. The desktop app adds:
- Routines dashboard: View enabled Routines, their schedules, last run status, and output without going to the terminal
- Multi-session management: Run up to 5 concurrent Claude Code sessions with a visual session switcher
- Session history: Browse past Claude Code sessions with full transcript and diff outputs
- Routine output viewer: Read Routine reports and review generated content in a formatted UI instead of raw markdown
- Permission management: Approve or modify tool permissions for Routines from a GUI
The desktop app is complementary to terminal use, not a replacement. Most power users will continue to initiate sessions from the terminal and use the desktop app for Routine management and session oversight.
# Desktop app installs alongside Claude Code CLI
# macOS: available in Claude.ai downloads section
# Windows: available in Claude.ai downloads section
# The CLI remains the primary interface for interactive sessions
Security Model: What Routines Can and Can't Do
The Routines security model is deliberately conservative:
Routine security constraints:
├── Can only use tools explicitly listed in the Routine YAML
├── Cannot escalate permissions at runtime (no sudo, no admin operations)
├── File writes are scoped to the project directory by default
├── External network access requires explicit 'fetch' or 'github' tool inclusion
├── Routine outputs are logged and auditable in .claude/logs/
├── No shell escaping or tool injection — task spec is sandboxed
└── GitHub operations require pre-authorized GitHub token in Claude Code settings
Secure Routine design:
├── Use minimum tool set (don't include bash if you only need read+write)
├── Review .claude/logs/ periodically to audit what Routines are doing
├── Start with commit:false until you've validated the output quality
├── Use dry_run: true in early testing to simulate without side effects
└── Store Routine YAMLs in version control — treat them as code
Integrating Routines into Your Workflow
The practical adoption path:
Week 1: One read-only Routine
├── Start with something that generates a report but doesn't commit
├── Morning test report or weekly deps audit are good first choices
├── Run manually first: claude routine run [name]
└── Review the output quality before enabling on schedule
Week 2: Add a commit-enabled Routine
├── Nightly quality sweep with commit:true for baseline files only
├── Review the first 3-4 automated commits carefully
└── Adjust task spec based on output quality
Month 1: Build your Routine library
├── Add PR security scan (event-triggered)
├── Add documentation freshness check
├── Add standup prep
└── Establish .claude/routines/ as a first-class project artifact
Ongoing: Treat Routines as team infrastructure
├── Commit Routine YAMLs to the repo
├── Team members can run, modify, and improve Routines
└── Routines become part of your team's engineering practices
Common Challenges
'What if a Routine makes a bad commit?' — Start with commit: false on all Routines until you've validated output quality over several runs. When you do enable commits, use specific files_to_commit patterns to limit scope. The git history gives you a clear audit trail of what Routines did — bad Routine commits are revertable. The risk is lower than it sounds if you start conservatively.
'How do I handle Routines that need secrets or API keys?' — Routines inherit environment variables from the Claude Code configuration (~/.claude/settings.json). Store API keys there, not in Routine YAML files. Routine YAMLs should be committed to version control; credentials should not.
'Can I run Routines on a CI server instead of my laptop?' — Yes. Claude Code Routines can be executed in CI environments. The claude routine run [name] command works headlessly. This is the recommended setup for team-shared Routines — run them on a dedicated CI machine rather than individual developer laptops. GitHub Actions workflow support is expected in the next Claude Code release.
'What happens if a Routine encounters an unexpected situation?' — Routines are designed to fail safely. If the task encounters a situation not covered by the spec, it writes an uncertainty to the report file and exits without committing. It won't hallucinate a decision on your behalf. The on_failure handler lets you configure how failures are surfaced — Slack notification, GitHub issue, or email.
Advanced Tips
Write task specs with explicit failure modes: Don't just describe the happy path. Add explicit instructions for what to do when things are ambiguous: 'If you find a vulnerability that requires human judgment to assess severity, add it to the report with NEEDS_REVIEW tag and do not create a GitHub issue automatically.' Explicit failure handling produces better Routine output than relying on the AI's default behavior.
Use Routine reports as learning material: The reports Routines generate are diagnostic artifacts. Weekly dependency audits, nightly quality sweeps, and docs freshness checks collectively give you an evolving picture of your codebase health. Treat .claude/reports/ as a codebase health journal — review it monthly to identify trends.
Chain Routines via trigger dependencies: You can configure a Routine to trigger when another Routine's output contains specific patterns. For example: the dependency audit Routine runs Sunday night, and if its output contains 'critical', it triggers the dependency upgrade Routine to draft the upgrade PRs automatically. This is closer to a workflow pipeline than individual tasks — the Routines compose.
Contribute your Routines to the community: The Claude Code Routines ecosystem is new and the community is actively building a shared library. Publishing your Routines YAML (with any project-specific details removed) at the Vibe Coding Academy community forum or on GitHub contributes patterns that other developers can adopt. The best Routines will become standard engineering practice — similar to how certain GitHub Actions workflows became industry-standard after community iteration.
Conclusion
Claude Code Routines are the first major step toward AI as a persistent engineering collaborator rather than an on-demand tool. The ability to define what you want done, schedule it, authorize its tools, and wake up to completed work is a qualitatively different relationship with AI assistance than interactive sessions provide. The desktop UI makes that relationship manageable at scale — seeing all your Routines, their schedules, and their outputs in one place changes how you think about AI as part of your engineering infrastructure.
For developers learning AI-assisted development, Routines represent the Advanced tier of vibe coding: not just using AI to do tasks, but delegating a category of recurring work entirely. The Vibe Coding Academy Advanced Track covers Routines implementation, CI integration, and team-level Routine design in Module 15 (AI-Powered DevOps). For the prompt engineering patterns that make Routine task specs reliable, Vibe Coding Ebook Chapter 17's prompt library includes the new Claude Code Routine Setup Prompt and Multi-Stack Coordination Prompt. Stay current with Claude Code releases and Routine patterns at EndOfCoding.