What this looks like in practice

Type /allium in Claude Code and Allium examines your project, then offers to distill from existing code or build a new spec through conversation.

Claude Code
> /allium
I can see you have an existing codebase with authentication, billing and a team management module, but no Allium spec yet. I can distill from code to capture what your implementation currently does, or start from intent to build a spec through conversation. Which would you prefer?
> Distill from code. Start with the authentication module.
I've read through auth/. I can see login, password reset, session management and role-based access. I've drafted an initial spec at auth.allium with 4 entities and 9 rules. A few things I want to flag:
Your login handler in auth/login.py:34 allows unlimited retries for users with an internal role. Is that intentional, or should the lockout policy apply to everyone?
> That's a bug. Lockout should apply to everyone. Update the spec and fix the code.

The elicitation guide and distillation guide cover both approaches in detail.

Allium surfaces implications you missed

A customer’s account was suspended for a terms of service violation. They’ve appealed and the team wants to let them back in.

Claude Code
> A customer says they can't reset their password. Their account was suspended last month but they've appealed and we want to let them back in. Can you enable password reset for suspended users?
Your Allium requires user.status = active for password resets. This user's status is suspended, so the reset is blocked by design. Reactivating through password reset would bypass your AccountReinstated rule, which requires admin approval and logs an audit trail.
Should we reinstate the account through the existing admin flow first, then let them reset their password? Or create a new AccountReinstatedViaAppeal rule that combines both steps with the audit trail intact?
> Reinstate through the admin flow first. The audit trail matters.

Without Allium, the LLM would have relaxed the status check, accidentally creating a backdoor around an admin control. The behavioural model caught that password reset and account reinstatement are separate concerns with different approval requirements.

Knowledge persists across sessions

A developer starts a new session days later, working on a different feature.

Claude Code
> Add a free trial. New subscribers get their first month at no charge.
Your Allium has a constraint here. SubscriptionCreated ensures a payment is processed and InvoiceGenerated requires invoice.amount > 0. A free first month would need to bypass both.
Should the trial skip invoice generation entirely, or create a zero-value invoice for the audit trail? And should the PaymentMethod still be captured upfront, or only when the trial converts?
> Create a zero-value invoice and capture the payment method upfront.

The developer never mentioned invoicing or payment method capture. The Allium did, from a session that ended days ago. Without it, the LLM would have implemented the trial with no awareness of these constraints, and the gaps would have surfaced in production.

Allium grounds a design conversation

A developer asks for a straightforward feature.

Claude Code
> Add an endpoint so admins can view any user's payment history.
Your Allium doesn't give admins blanket access. AdminAction requires the admin's scope to include the target resource. The current scopes are billing, users and support. Should this endpoint require billing scope?
> Yes, billing scope. But our support team needs to see payment history too, for resolving disputes. What are our options?
You could add billing to the support role, but that also grants access to refunds and plan changes, which your Allium controls through the same scope.
Alternatively, split billing into billing.read and billing.write. Support gets read-only access, finance gets both. Your code in admin/permissions.py already distinguishes read and write operations but maps them both to the same scope check, so the implementation is halfway there.
> Go with the read/write split. Update the Allium first, then refactor the scope checks to match.

Without Allium, the LLM would likely have implemented a simple is_admin check. Instead, the conversation surfaced a scoping model, explored its implications for a second team, and arrived at a design that aligns the behavioural model with a distinction the code already made but never formalised.

Distillation catches drift

A developer asks the LLM to check whether the code still matches the Allium.

Claude Code
> Can you check whether our authentication code matches the Allium?
I found a divergence. Your Allium says LoginAttempt requires user.failed_attempts < max_login_attempts, with a default of 5. But auth/login.py line 47 hardcodes the limit at 3 and doesn't reset the counter after a successful login. The Allium says UserAuthenticates ensures user.failed_attempts = 0.
Either the code drifted or the Allium is aspirational. Which should we trust?
> The Allium is right. Fix the code to match.

Code and intent diverge silently over time. Allium gives the LLM something to check against, turning “does this look right?” into a concrete comparison with a definitive answer. See the distillation guide for a structured approach to catching drift, and the elicitation guide for building specs from conversations like the ones above.