A Claude Code team rollout is a quarter of disciplined work, not an afternoon of installs. The 30/60/90-day plan below is the cadence we run for client engineering teams — three sprints, fifteen milestones, eight reusable templates, and a quarterly review that keeps the gains from drifting back to install-only. The plan assumes seats are bought and access is provisioned on day zero; everything in the calendar after that is about turning a per-engineer tool into a team capability.

The shape of the plan is deliberate. Days 1-30 land the base layer — settings, permissions, the first skills, the first hooks, a tight starting CLAUDE.md. Days 31-60 build leverage — a shared skill library, hook templates the team actually uses, a productivity-signal panel that makes engagement visible. Days 61-90 wire governance — subagent design, security review, documented quarterly cadence. By day 90 the team has the artefacts and the rhythm to stay there.

This guide walks through each phase as a list of milestones with named owners and concrete deliverables, the RACI for who does what, the templates the rollout depends on, and the four most common reasons rollouts stall before they reach day 90. The companion piece is the 50-point adoption scorecard — run it on day 0 to set the baseline and on day 90 to measure progress.

Key takeaways

01
Ninety days is the right horizon.Thirty days is enough to install but not to embed. A full year loses the urgency. Three sprints is the engineering-rollout cadence that consistently moves teams from install-only to a working capability.
02
Skill library is the highest-ROI investment.One skill per engineer per month, ten across the team by day 60, compounds into hours saved per week. Skills are the single artefact whose absence most reliably predicts a stalled rollout.
03
Memory hygiene predicts depth.Teams that prune CLAUDE.md to 200-400 lines inside the first sprint go on to ship hooks and subagents in sprints two and three. Bloated memory correlates with surface-level use that never deepens.
04
Security policy lags adoption.Permissions, secret handling, and MCP review tend to drift behind the rate at which engineers adopt new tool surfaces. Sprint three is explicitly the security sprint for that reason.
05
Quarterly review keeps gains in place.A 90-day rollout without a calendared review at day 180 typically regresses to install-only inside two quarters. The cadence is what makes the playbook hold.

01 — Why 90 DaysThree sprints is the right horizon for engineering rollouts.

Engineering tool rollouts have a characteristic curve. The first week looks great — installs land, sessions open, eng-leadership sees activity and reports success up the chain. Week three is quieter. By week six the dashboard still shows licence usage but the artefacts that would indicate real adoption — shared skills, wired hooks, pruned CLAUDE.md files, subagents — are still absent. By month six the project has been declared a success on paper and the actual capability of the team has barely shifted.

Ninety days is the horizon that defeats that pattern, for three reasons. First, it is long enough that the easy wins (install, settings, first skill) have time to compound into the harder wins (shared library, hook habit, security review). Second, it is short enough that the urgency stays in the calendar — a year-long rollout drifts because every milestone is far away. Third, it maps cleanly to a quarter, which is how engineering organisations already plan, budget, and review.

The three sprints inside the quarter each have a different character. The first sprint is install and configuration — concrete, mechanical, mostly individual work. The second sprint is leverage and habit — collaborative, more ambiguous, where the team has to invest time in artefacts whose payoff is two or three weeks away. The third sprint is governance and durability — security review, subagent design, documented cadence. The skill of running the rollout is matching effort and attention to the shape of each sprint rather than treating all three as one continuous installation project.

"Tool rollouts fail because they treat install as the project. Install is day one. The project is the next eighty-nine days."— Field note · client engagement debrief, Q2 2026

One nuance worth surfacing early. The plan below assumes a team of roughly ten to fifty engineers on a shared stack. Smaller teams (one to five) can compress the calendar to forty-five days because coordination overhead drops. Larger teams (a hundred plus) usually need to run the plan per-squad in parallel rather than centrally, because per-team variance in stack and workflow tends to be the dominant signal at scale. The shape of the plan is the same in every case; the cadence adjusts.

02 — Days 1-30Install, config, initial skill kit.

The first sprint is concrete. Every milestone has a binary done/not-done state, every artefact lives in a known location, and every engineer can complete their portion inside a normal working day. The intent is to land the base layer cleanly so that the leverage work in sprint two has a foundation to sit on. Cutting corners in sprint one is the single most reliable way to stall sprint two — the team ends up rebuilding configuration mid-rollout, which is expensive and demoralising.

Five milestones, ordered by dependency. Each has a default owner; the RACI matrix in Section 05 names the broader responsibility set.

Milestone 01

Shared settings.json + permissions

.claude/settings.json committed to repo

Project-scope settings.json reviewed and committed to the main repo by the tech lead. Permissions allowlist explicit. MCP server registry agreed. User-scope additions documented for individuals to layer on top.

Owner: tech lead · Day 1-7

Milestone 02

Starter CLAUDE.md (≤400 lines)

memory file committed

First draft of CLAUDE.md written from the existing project context. Hard cap at 400 lines. Sections for stack, conventions, key files, owner-of-record. Cross-references rather than restated content. Reviewed in PR like any other artefact.

Owner: tech lead · Day 5-12

Milestone 03

First three skills

.claude/skills/ directory

Three high-frequency workflows wrapped as skills — typically commit, code-review, scaffold-new-route. Each skill scoped to one job, documented in its SKILL.md, shared via the repo. The team writes them, not the lead, so authorship spreads.

Owner: rotating · Day 10-20

Milestone 04

First Stop hook wired

settings.json hooks

One Stop hook ships in the project settings — typically Slack notification or audit log append. The point is less the hook's function than establishing that hooks are something the team writes; the first one is always the hardest.

Owner: devops / platform · Day 15-25

Milestone 05

Baseline 50-point audit

scorecard snapshot

Run the 50-point adoption scorecard on day 30. Record the result. This is the baseline against which day-60 and day-90 measurements compare. Without the baseline, the productivity signal panel in sprint two has nothing to anchor against.

Owner: rollout lead · Day 28-30

The single most-skipped milestone in sprint one is the audit baseline. Teams move into the leverage sprint without a snapshot of where they started, which means the productivity signals shipped in sprint two have no reference point and the day-90 review has no quantitative story to tell. Spend the half-day on day 29 to run the scorecard. It compounds every subsequent sprint.

The other consistent stumble is over-scoping the starter CLAUDE.md. Engineers reach for completeness — every project convention, every key file, every gotcha — and the file lands at 1,200 lines on day 12, which the model then skims rather than reads. The 400-line cap is a discipline, not a target. Tight memory in sprint one pays back through every interaction in sprints two and three.

Sprint-one rule of thumb

If by day 20 the team has not shipped at least one skill that another engineer voluntarily invokes, the rollout is already drifting. That signal — skills used by someone other than the author — is the earliest predictor of whether the leverage sprint will land.

03 — Days 31-60Shared library, hooks, productivity signals.

The second sprint is where the rollout earns its keep. The base layer from sprint one is necessary but not sufficient — what turns Claude Code into a team capability rather than a per- engineer tool is the shared library of skills, hooks, and subagents that everyone contributes to and everyone uses. This is the sprint with the highest variance across teams: the ones that invest land at Stage 3 Leveraged on the day-60 audit, the ones that coast stay at Stage 2 Configured.

Five milestones, weighted toward leverage and measurement. The tone shifts from individual work to team work — pairs and small groups owning artefacts rather than individuals owning milestones in isolation.

Milestone 06

Skill library reaches ten entries

.claude/skills/ · 10 documented skills

Library grows from three to ten across the team — typically commit, review, scaffold-route, scaffold-component, write-tests, update-changelog, run-migration, deploy-staging, doc-update, spawn-subagent-team. Authorship spread; documentation enforced in PR.

Owner: skill captains · Day 31-50

Milestone 07

Hook templates shared

.claude/hooks/ documented

Stop, SubagentStop, PreToolUse hook templates documented in the repo so new hooks are a copy-and-edit job rather than a research project. Three hook archetypes minimum: notification, audit-log, gate. The team adds at least two more hooks beyond the sprint-one starter.

Owner: platform · Day 35-55

Milestone 08

CLAUDE.md prune + sub-doc split

memory hygiene pass

First scheduled prune of CLAUDE.md. Three sections moved to linked sub-docs (loaded on relevance, not every turn). One-line summary + link replaces inline content. Total line count down 20-40% versus sprint-one baseline.

Owner: tech lead · Day 40-50

Milestone 09

Productivity-signal panel v1

weekly metrics dashboard

First version of the engagement panel. Weekly subagent count, weekly skill invocations, time-to-first-meaningful-output for new hires. Posted to the team Slack or wiki. Imperfect data is fine — the cadence is what matters in this sprint.

Owner: rollout lead · Day 45-58

Milestone 10

Mid-sprint scorecard re-run

day-60 audit

Run the 50-point scorecard a second time on day 60. Compare against the sprint-one baseline. Identify the largest absolute deltas — both improvements and persistent gaps — and feed them into the sprint-three plan.

Owner: rollout lead · Day 58-60

The leverage sprint introduces a role that did not exist in sprint one — the skill captain. One or two engineers who take ownership of the skill library: ensuring scoping discipline (one job per skill), documentation quality, and invocation reporting. The captains are not necessarily the most senior engineers; in the audited cohort, they are most often mid-level developers who have personally fallen in love with the tool and want to spread that experience to the team. Surfacing and supporting those people is the highest-leverage move a rollout lead makes in sprint two.

The productivity-signal panel is the artefact most often built badly. Teams reach for vanity metrics — total tokens spent, total sessions opened — that licence telemetry already covers. The panel is useful precisely when it tracks the metrics licence telemetry cannot see: subagent invocations, skill use, time-to-value. The companion piece on the 50-point adoption scorecard covers the panel design in detail.

The leverage curve

Day-60 audit results from the 2026 cohort cluster bimodally — teams either move from Stage 2 to Stage 3 in this sprint or stay flat at Stage 2. Almost no one drops back. The differentiator is whether at least one skill captain emerges. Without one, the library stagnates at the three starter skills and the rollout coasts to a quiet end.

04 — Days 61-90Subagent governance, security, quarterly review.

The third sprint is governance — the unglamorous but essential work that turns a productive rollout into a durable one. Subagent design discipline, security policy that has caught up with the new tool surface, the documented cadence that keeps the artefacts current after day 90. Teams that skip sprint three usually find themselves redoing it in an unscheduled emergency one or two quarters later — typically triggered by an incident rather than a calendar.

Five milestones, weighted toward review and durability. The character is different again from sprints one and two — more cross-functional, with security and platform engineering usually contributing more than they did in earlier sprints.

Milestone 11

Custom subagents shipped

.claude/agents/ committed

First two or three custom subagents — typically a code-review subagent and a research-subagent for ticket triage. The team has the practice of designing scoped subagents rather than relying on default behaviour. Companion guide covers the build pattern.

Owner: senior engineer · Day 61-75

Milestone 12

Permissions + secret review

security policy audited

Permissions allowlist reviewed against the surface added in sprints one and two. Skills and hooks checked for accidentally committed secrets or PII. MCP server registry audited — source, permissions, freshness. Written sign-off from security partner.

Owner: security partner · Day 65-80

Milestone 13

Productivity panel v2

dashboard refined

Panel iterated based on what proved useful in sprint two. Vanity metrics dropped. Signals that correlated with the day-60 audit improvements retained. New hires onboard from this version, so onboarding-flow metric ships in this sprint.

Owner: rollout lead · Day 70-85

Milestone 14

Day-90 audit + retro

scorecard + 60-min retro

Third run of the 50-point scorecard. Side-by-side comparison with day-0 and day-60 baselines. Hour-long retro with the team — what worked, what stalled, what the next quarter plan looks like. Output written up as a 1-2 page memo.

Owner: rollout lead · Day 85-90

Milestone 15

Quarterly cadence calendared

Q+1 review on the calendar

The day-180 review goes on the calendar before day 90 closes. Quarterly skill-library prune, quarterly CLAUDE.md prune, quarterly permissions review. The cadence is the difference between a rollout that holds and one that quietly regresses.

Owner: tech lead · Day 88-90

Subagent design is the milestone teams either embrace or ignore in sprint three. The ones that embrace it land at Stage 4 Optimised on the day-90 audit — under ten percent of audited teams reach that stage in 2026, and they almost all get there through scoped, well-documented subagents that act as durable team capabilities rather than ad-hoc agentic runs. The walkthrough on building a Claude Code custom subagent is the operational layer underneath this milestone.

Security review is the milestone teams most often under-resource. It looks like a checklist exercise — confirm permissions, scan for secrets, check the MCP registry — but done well it is also an opportunity to catch the drift that has accumulated through sprints one and two as the surface expanded. The pattern that has held across the client base: block a half-day with the security partner on day 75, walk through the artefacts together, sign off in writing. Compress it to an hour and the sign-off is theatre.

05 — Owners + DeliverablesRACI for each milestone.

The plan only works with named owners. Implicit ownership in tool rollouts collapses to no ownership inside a fortnight — every engineer assumes someone else is driving the next milestone, and the calendar slips. The RACI below is the allocation we use as the default; adjust for team shape but keep the principle that every milestone has a single named R (responsible) and a single named A (accountable).

Four roles cover the plan. The rollout lead is the single accountable owner — typically a tech lead or an EM-grade engineer with the time to drive the calendar. The tech lead owns the per-repo artefacts — CLAUDE.md, settings.json, sub-doc structure. Skill captains own the library — one or two engineers per team. The security partner is named in sprint one but most active in sprint three. The platform / devops function supports hooks and MCP work across all three sprints.

Rollout lead

Accountable for the whole plan

Owns the calendar, the day-30/60/90 audits, the productivity panel, and the day-90 retro. Single point of accountability for the rollout landing. Usually an EM-grade engineer or staff-plus IC with explicit time allocated — 20-30% of their week for the quarter.

A on every milestone

Tech lead

Per-repo artefact owner

Responsible for settings.json, CLAUDE.md, sub-doc structure, and the quarterly memory prune. Reviews skill PRs for scoping discipline. Sign-off on the day-30 base-layer milestones. One per repo or per team.

R on milestones 1, 2, 8

Skill captains

Library ownership

One or two engineers who own the skill library — scoping discipline, documentation quality, invocation reporting. Often mid-level developers who have fallen in love with the tool. Emerging in sprint two is the strongest single signal that the leverage sprint will land.

R on milestones 3, 6, 7

Security partner

Policy + secret handling

Named in sprint one but most active in sprint three. Owns the permissions review, secret-handling sweep, MCP server audit. Written sign-off on milestone 12. Usually a security engineer or AppSec partner with a half-day allocated to the rollout in the third sprint.

R on milestone 12

Platform / devops

Hooks, MCP, infrastructure

Cross-cutting role across all three sprints. Owns the first Stop hook, the hook template library, MCP server registration and review, and any infrastructure for the productivity panel. Consulted on permissions and platform settings.

R on milestones 4, 7, 9

One pattern worth calling out: the rollout lead role is the most often under-allocated. Teams treat it as a 5% nice-to- have on someone's plate and the calendar slips inside three weeks. Twenty to thirty percent of one engineer's week for the quarter is the realistic allocation. Less than that and the rollout becomes a part-time project with a full-time drift problem.

The skill-captain role is the most often missing. Teams assume skills will emerge organically from a culture of sharing, and on rare engagements they do. The default assumption should be the opposite — name one or two captains explicitly in sprint two, give them the air-cover to write skills on company time, and the library compounds from there.

06 — TemplatesInitial skill kit, hook templates, productivity dashboard.

Eight templates form the reusable backbone of the rollout. They are the artefacts a new team can clone from a previous engagement rather than re-deriving from scratch. The starter kit is approximate — every team adapts — but having a starting point is the difference between a sprint one that ships base-layer artefacts and one that spends three weeks discussing what shape they should take.

The directory layout below is a sketch of what the repo looks like by day 30. Skills, hooks, and the productivity dashboard config all sit under .claude/ with the exception of the dashboard renderer, which usually lives in a separate platform repo.

Template 01-03

Initial skill kit

Starter skills (commit, code-review, scaffold-route) shipped as a copyable bundle. Each has a SKILL.md with scope, trigger phrases, and example invocations. Teams clone, rename, and adapt to their stack rather than writing from scratch.

.claude/skills/

Template 04-05

Hook templates

Stop-hook (Slack notification) and SubagentStop-hook (audit log) templates with the shell scripts the hook invokes. Documented input contracts. Teams pick the variant that fits their notification stack and ship it on day 25.

.claude/hooks/ + settings.json

Template 06

Starter CLAUDE.md

400-line skeleton. Section headers for stack, conventions, key files, owner-of-record. Inline comments call out where to cross-reference sub-docs versus restate content. The cap is the discipline; the structure makes hitting the cap painless.

.claude/ root

Template 07-08

Productivity dashboard

Dashboard config plus a starter Slack-bot script that posts weekly subagent + skill counts. Schema is intentionally small — five signals, no more — so the panel ships in week six rather than week sixteen.

platform repo

The directory layout that crystallises across the audited cohort looks like the snippet below. It is not a standard — Claude Code itself does not require a particular structure under .claude/ — but the convention makes audits faster and onboarding cleaner.

<repo-root>/
├── .claude/
│   ├── settings.json          # project-scope config (committed)
│   ├── CLAUDE.md              # ≤400 lines, pruned quarterly
│   ├── docs/                  # sub-docs loaded on relevance
│   │   ├── stack.md
│   │   ├── conventions.md
│   │   └── runbooks/
│   ├── skills/                # team-shared slash commands
│   │   ├── commit/SKILL.md
│   │   ├── code-review/SKILL.md
│   │   ├── scaffold-route/SKILL.md
│   │   └── ...
│   ├── agents/                # scoped subagents (sprint 3)
│   │   ├── code-reviewer.md
│   │   └── ticket-triager.md
│   └── hooks/                 # hook scripts referenced by settings.json
│       ├── slack-notify.sh
│       └── audit-log.sh
└── ...

Eight templates is the minimum. The reusable assets that tend to accumulate over the second and third sprint — additional skills, hook variants, dashboard refinements — are usually team-specific and not worth templating until a pattern is observed across two or three engagements. The starter kit covers the day-30 milestones; sprint two and three additions stay in-team.

07 — PitfallsFour ways the rollout stalls.

Across the 2026 rollout cohort, four failure modes account for almost every stalled rollout. They are visible in sprint one or sprint two; spotted early, each has a cheap remediation. Left to develop, each turns the day-90 review into an explanation of why the rollout did not land rather than a celebration of the new capability.

Common rollout failure modes · sprint-level frequency

Pattern frequency · 2026 rollout cohort (anonymised)

Pitfall 01 · No named rollout leadImplicit ownership collapses inside three weeks · most common cause of slipped calendars

Common

Pitfall 02 · Skill captain never emergesLibrary stagnates at the three starter skills · leverage sprint never lands

Frequent

Pitfall 03 · CLAUDE.md bloats past 800 linesModel skims rather than reads · engagement metrics drop in sprint two

Frequent

Pitfall 04 · Security review pushed to Q+1Drift accumulates · resurfaces as an unscheduled incident one to two quarters later

Persistent

Day-90 outcome · stalled vs landedTeams with two or more pitfalls usually finish at Stage 2 · clean runs reach Stage 3

Risk indicator

The first pitfall — no named rollout lead — is the easiest to fix and the most-often unfixed. Name a single person on day zero. The other three pitfalls follow from sprint-one and sprint-two execution. Skill captains emerge if the rollout lead names them; CLAUDE.md stays tight if the tech lead enforces the 400-line cap in PR; security review lands on time if it is calendared on day one rather than negotiated on day seventy.

One pattern across the audited cohort: rollouts with zero pitfalls are rare. The realistic goal is to hit zero or one pitfall by day 60 and use sprint three to remediate anything that emerged in sprints one and two. Teams that carry two or more pitfalls into sprint three almost always finish at Stage 2 Configured rather than Stage 3 Leveraged — recoverable in the next quarter, but only with explicit follow-up work.

Conclusion

90 days from install to adoption is realistic — the templates and cadence make it stick.

The 30/60/90-day plan is deliberately mundane on each individual milestone — a settings.json commit, a hook script, a CLAUDE.md prune, a quarterly review on the calendar. What it produces in aggregate is the one thing a licence purchase cannot: a team that knows how to work with Claude Code as a delegated capability rather than a personal autocomplete, with the artefacts in place to stay there past day 90.

The next-quarter shape we expect to see across the client base is consistent with the audit findings — most teams move from install-only to Stage 3 Leveraged inside one quarter if the plan is taken seriously. The harder transition is from Stage 3 to Stage 4 Optimised, which usually takes a second quarter with subagent governance and security cadence as the gating factors rather than anything in the day-30 base layer.

The signal underneath all of this: rollouts that hold are a property of the cadence a team commits to, not the install they completed. Ship the base layer in sprint one, the leverage in sprint two, the governance in sprint three, and calendar the quarterly review before the sprint-three audit closes. Skip the cadence and the artefacts decay back toward install-only inside two quarters, regardless of how strong the day-90 number was.

Claude Code Team Rollout: 30/60/90-Day Plan 2026