scripte/ai-coding-starter-kit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7c8a2c3622af4d032de2aae751e9bebe2a5a5cc9
ai-coding-starter-kit/.claude/rules/backend.md
T
“alexvisualmakers” 600552c858 feat: Migrate from agent markdown files to Skills, Rules, and Sub-Agents 
Replace the manual "read .claude/agents/*.md" workflow with native
Claude Code features for a more efficient, scalable development experience:

- **Skills** (.claude/skills/): 7 auto-discovered slash commands
  (/requirements, /architecture, /frontend, /backend, /qa, /deploy, /help)
  with forked sub-agents for heavy tasks and inline execution for interactive ones
- **Rules** (.claude/rules/): 4 modular rule files (general, frontend, backend,
  security) auto-applied based on file context
- **Sub-Agents** (.claude/agents/): Lightweight configs for frontend-dev,
  backend-dev, and qa-engineer with model, tool, and turn limit settings
- **Context Engineering**: Layered context loading, context isolation via
  forked skills, built-in context recovery after compaction, and
  "always read, never guess" rules to prevent hallucinated code references
- **CLAUDE.md**: Auto-loaded project context replacing PROJECT_CONTEXT.md
- **Feature tracking**: features/INDEX.md as persistent state across sessions
- **Production guides**: docs/production/ for error tracking, security,
  performance, database optimization, and rate limiting
- **Init Mode**: /requirements detects empty PRD and bootstraps full project
  setup (PRD + all feature specs) from a single project description

Removed: 6 monolithic agent files, PROJECT_CONTEXT.md, HOW_TO_USE_AGENTS.md,
TEMPLATE_CHANGELOG.md

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13 10:15:27 +01:00

925 B
Raw Blame History

Backend Development Rules

Database (Supabase)

  • ALWAYS enable Row Level Security on every table
  • Create RLS policies for SELECT, INSERT, UPDATE, DELETE
  • Add indexes on columns used in WHERE, ORDER BY, and JOIN clauses
  • Use foreign keys with ON DELETE CASCADE where appropriate
  • Never skip RLS - security first

API Routes

  • Validate all inputs using Zod schemas before processing
  • Always check authentication: verify user session exists
  • Return meaningful error messages with appropriate HTTP status codes
  • Use .limit() on all list queries

Query Patterns

  • Use Supabase joins instead of N+1 query loops
  • Use unstable_cache from Next.js for rarely-changing data
  • Always handle errors from Supabase responses

Security

  • Never hardcode secrets in source code
  • Use environment variables for all credentials
  • Validate and sanitize all user input
  • Use parameterized queries (Supabase handles this)
Reference in New Issue View Git Blame Copy Permalink