CLAUDE.md Guide — The Perfect Setup for Every Project Type (2026)

# Project: [Name]
Next.js 14 App Router with TypeScript, Tailwind CSS, and Prisma.

## Tech Stack
- Next.js 14 (App Router, NOT Pages Router)
- TypeScript strict mode
- Tailwind CSS (no CSS modules)
- Prisma ORM with PostgreSQL
- Deployed on Vercel

## Commands
- Dev:        npm run dev
- Build:      npm run build
- Test:       npx jest --watch
- Lint:       npm run lint
- DB migrate: npx prisma migrate dev
- DB studio:  npx prisma studio

## Code Style
- Named exports (not default exports) for all components
- "use client" only when hooks or browser APIs are needed
- Server Components are default — don't add "use client" unnecessarily
- ES module imports only — never require()
- Destructure: import { useState } from "react"
- All API input validated with Zod

## Architecture Rules
- NEVER edit /prisma/migrations/ directly
- All API routes in app/api/ return NextResponse.json()
- API routes must validate input with Zod before DB calls
- Environment vars: .env.local (never commit .env)
- Images: next/image only — never raw <img>
- Singleton Prisma client lives in lib/db.ts

## File Structure
- app/         Pages and API routes (App Router)
- components/  Reusable React components
- lib/         Utilities and shared logic
- lib/db.ts    Prisma singleton — use this everywhere
- prisma/      Schema and migrations
- public/      Static assets

## Current Focus
- [What you're working on right now]

# Project: [Name]
Django 5.x REST API + PostgreSQL. Serves a React frontend via DRF.

## Tech Stack
- Python 3.12 / Django 5.1
- Django REST Framework (DRF) for API
- PostgreSQL via psycopg2-binary
- Redis for caching and Celery
- Black formatter, isort, mypy for type checking
- Virtual env: .venv (activate: source .venv/bin/activate)

## Commands
- Dev server:    python manage.py runserver
- Shell:         python manage.py shell_plus
- Migrate:       python manage.py migrate
- Make migration:python manage.py makemigrations
- Tests:         python manage.py test --verbosity=2
- Coverage:      coverage run -m pytest && coverage report
- Celery worker: celery -A config worker -l info

## Code Style
- Type hints on all function signatures (PEP 484)
- Black formatting (line length 88) — run before every commit
- isort for import ordering
- Docstrings on all public methods (Google style)
- snake_case for variables and functions
- Use Django ORM — never raw SQL unless explicitly needed
- All API views use DRF serializers — no manual response dicts

## Architecture Rules
- NEVER run migrations in production directly — always review first
- Settings split: config/settings/base.py, local.py, production.py
- Secrets via environment variables — never hardcode
- All model changes require migration files committed with the change
- Use select_related / prefetch_related — NEVER query inside loops
- Custom managers in models.py — not raw .filter() in views

## File Structure
- config/       Django project settings and URLs
- apps/         All Django apps (one app per domain concept)
- apps/users/   Auth, user model (custom AbstractUser)
- templates/    Django templates (admin only — DRF handles API)
- requirements/ base.txt, dev.txt, prod.txt

## Current Focus
- [Current sprint / active feature]

# Project: [Name]
Node.js + Express REST API. TypeScript. PostgreSQL via Knex.

## Tech Stack
- Node 20 LTS / TypeScript 5.4
- Express 4.x
- Knex.js query builder + PostgreSQL
- Zod for request validation
- Jest + Supertest for testing
- ESLint + Prettier

## Commands
- Dev (hot reload): npm run dev        (uses tsx watch)
- Build:            npm run build      (tsc)
- Start prod:       npm start
- Test:             npm test
- Test watch:       npm run test:watch
- Migrate:          npm run db:migrate
- Rollback:         npm run db:rollback
- Seed:             npm run db:seed

## Code Style
- All route handlers are async — always try/catch or use asyncHandler wrapper
- Standard error response: { success: false, error: string, code?: string }
- Standard success response: { success: true, data: T }
- Validate ALL request bodies/params with Zod schemas at route level
- Middleware order: cors → auth → validate → handler → errorHandler
- Named exports — never default exports from route files

## Architecture Rules
- NEVER write raw SQL — use Knex builder
- NEVER return database error messages to clients — sanitize first
- Auth middleware must run before any protected route handler
- Rate limiting applied at router level, not individual routes
- All DB queries go through repository functions in /repositories
- NEVER access req.user without running auth middleware first

## File Structure
- src/routes/       Express route definitions
- src/controllers/  Request handlers (thin — delegate to services)
- src/services/     Business logic
- src/repositories/ Database queries (Knex)
- src/middleware/   Auth, validation, error handling
- src/lib/          DB connection, logger, config

## Current Focus
- [Current active work]

# Project: [Name]
Flutter app (iOS + Android). Riverpod for state management.

## Tech Stack
- Flutter 3.24 / Dart 3.5
- Riverpod 2.x (code generation enabled)
- go_router for navigation
- Dio for HTTP (with interceptors)
- Freezed + json_serializable for models
- Hive for local storage

## Commands
- Run:          flutter run
- Build Android: flutter build apk --release
- Build iOS:    flutter build ios --release
- Test:         flutter test
- Analyze:      flutter analyze
- Pub get:      flutter pub get
- Code gen:     dart run build_runner build --delete-conflicting-outputs

## Code Style
- Always run dart run build_runner after model changes
- Use Freezed for all data classes — never plain Dart classes for models
- Riverpod providers: prefer AsyncNotifierProvider for server data
- No setState in stateful widgets — use Riverpod ConsumerWidget
- Platform-specific code goes in platform/ with conditional imports
- Widget files: one widget per file, PascalCase filename

## Architecture Rules
- NEVER call APIs directly from widgets — go through a repository
- ALL API calls must handle DioException — never let them bubble raw
- Avoid BuildContext across async gaps — use mounted check
- Navigation only through go_router — never Navigator.push directly
- Local storage keys defined as constants in lib/constants/storage.dart

## File Structure
- lib/features/    Feature-based modules (auth, home, profile)
- lib/shared/      Reusable widgets and utilities
- lib/core/        App config, theme, router, DI
- lib/data/        Repositories and API services
- assets/          Images, fonts, translations

## Current Focus
- [Active feature or platform]

# Project: [Name]
Go REST API. Standard library net/http + chi router. PostgreSQL via pgx.

## Tech Stack
- Go 1.23
- chi v5 router
- pgx v5 for PostgreSQL (no ORM)
- sqlc for type-safe SQL queries
- golang-migrate for migrations
- golangci-lint for linting
- testify for assertions

## Commands
- Run:           go run ./cmd/server
- Build:         go build -o bin/server ./cmd/server
- Test:          go test ./... -v
- Test coverage: go test ./... -coverprofile=coverage.out
- Lint:          golangci-lint run
- Generate SQL:  sqlc generate
- Migrate up:    migrate -path db/migrations -database $DATABASE_URL up
- Format:        gofmt -w . && goimports -w .

## Code Style
- Always run gofmt — non-negotiable, CI will fail without it
- Error handling: check every error, no _ for error values
- Errors wrap with context: fmt.Errorf("getUserByID: %w", err)
- Use structured logging via slog (stdlib) — never fmt.Println in production
- Table-driven tests for all pure functions
- No panic() outside of main initialization

## Architecture Rules
- NEVER use ORM — SQL goes through sqlc-generated functions only
- All DB queries in internal/store/ — never in handlers
- Handlers are thin: parse → validate → call service → respond
- Middleware applied to router groups, not individual routes
- Config loaded from environment via os.Getenv — no config files in repo
- NEVER log sensitive data (passwords, tokens, PII)

## File Structure
- cmd/server/     main.go entry point
- internal/       All application code (not exported)
- internal/api/   HTTP handlers and router
- internal/store/ sqlc-generated DB layer
- internal/service/ Business logic
- db/migrations/  SQL migration files
- db/queries/     SQL queries for sqlc

## Current Focus
- [Active module or feature]

# Project: [Name] Monorepo
Turborepo monorepo. Web (Next.js), API (Express), shared packages.

## Workspace Structure
- apps/web        Next.js 14 frontend
- apps/api        Express REST API
- packages/ui     Shared component library
- packages/types  Shared TypeScript types
- packages/utils  Shared utility functions
- packages/config Shared ESLint, TS, Tailwind configs

## Tech Stack
- Node 20 / TypeScript 5.4
- Turborepo for task orchestration
- pnpm workspaces (ALWAYS use pnpm — never npm or yarn in this repo)
- Changesets for versioning packages

## Commands
- Dev all:      pnpm dev           (turbo runs all dev tasks)
- Dev web only: pnpm --filter web dev
- Dev api only: pnpm --filter api dev
- Build all:    pnpm build
- Test all:     pnpm test
- Lint all:     pnpm lint
- Add dep:      pnpm --filter [app] add [package]
- Add shared:   pnpm --filter [app] add @repo/ui

## Code Style
- Imports from shared packages: @repo/ui, @repo/types, @repo/utils
- NEVER copy-paste code between apps — create a shared package
- All shared types live in packages/types — never duplicate
- Component exports from packages/ui follow named export pattern

## Architecture Rules
- NEVER install the same dependency in two apps — extract to packages/
- Cross-package changes must run: pnpm build in affected packages first
- Internal packages use workspace: * versioning
- API types shared via packages/types — always keep in sync
- NEVER import from apps/ directory in packages/ (one-way dependency)

## Which Package to Touch
- UI change:         packages/ui → then apps that use it
- New API endpoint:  apps/api + packages/types (for response types)
- New page:          apps/web only
- Shared logic:      packages/utils

## Current Focus
- [Current cross-package work or migration]

# Project: [Name] — WordPress
Custom WordPress theme + plugin. PHP 8.2. WooCommerce.

## Tech Stack
- WordPress 6.7 / PHP 8.2
- Custom theme: wp-content/themes/[theme-name]
- Custom plugin: wp-content/plugins/[plugin-name]
- WooCommerce 9.x
- WP-CLI for automation
- Composer for PHP dependencies
- Node + webpack for asset bundling (npm run build)

## Commands
- Dev assets:    npm run dev        (webpack watch)
- Build assets:  npm run build
- WP CLI:        wp [command]       (from /var/www/html)
- Install plugin: wp plugin install [slug] --activate
- Export DB:     wp db export backup.sql
- Cache flush:   wp cache flush
- PHP lint:      vendor/bin/phpcs --standard=WordPress .

## Code Style
- Follow WordPress Coding Standards (WPCS) — CI enforces this
- snake_case for all PHP functions and variables
- Prefix ALL functions, hooks, and classes: [prefix]_function_name
- Enqueue scripts/styles via wp_enqueue_scripts hook — never inline
- Use wp_nonce_field() for all forms — CSRF protection required
- Escape ALL output: esc_html(), esc_attr(), esc_url(), wp_kses_post()
- Sanitize ALL input: sanitize_text_field(), absint(), etc.

## Architecture Rules
- NEVER modify core WordPress files or WooCommerce files directly
- Extend WooCommerce via hooks/filters — never edit plugin files
- All custom DB tables use $wpdb with proper escaping
- Custom post types registered in [prefix]-post-types.php
- NEVER use short PHP tags: <?php only
- Meta values stored with update_post_meta — no custom tables for simple data

## File Structure (Theme)
- functions.php     Autoloader + hook registration
- inc/              PHP includes (post types, taxonomies, helpers)
- template-parts/   Reusable template fragments
- assets/src/       Raw JS and SCSS
- assets/dist/      Built assets (gitignored)

## WP Hooks Reference
- Init logic:       add_action('init', ...)
- Admin pages:      add_action('admin_menu', ...)
- WC cart change:   add_action('woocommerce_add_to_cart', ...)

## Current Focus
- [Active theme/plugin feature]