CLAUDE.md Template: Angular Material + Django PostgreSQL (CLAUDE.md template)

Overview

CLAUDE.md template for developers combining Angular Material frontend with a Django REST Framework backend and PostgreSQL database. This page provides a copyable CLAUDE.md template you can paste directly into CLAUDE.md to bootstrap the stack with architecture, rules, and deployment guidance.

When to Use This CLAUDE.md Template

• Starting a new project with an Angular Material UI and a Django API backend.
• Rapidly provisioning a secure, testable full-stack with PostgreSQL.
• Demonstrating Claude Code principles for this stack in a repeatable template.

Copyable CLAUDE.md Template

# CLAUDE.md

Project role: You are Claude Code, providing a complete, copy-paste CLAUDE.md template for an Angular Material + Django PostgreSQL stack. The template should be actionable and self-contained.

Architecture rules:
- Frontend: Angular (with Angular Material) SPA consuming a Django REST Framework API.
- Backend: Django project with DRF, PostgreSQL as the database, and JWT authentication.
- Separation: clear API boundary between frontend and backend; no server-side rendering in frontend; backend serves JSON API only.
- Deploy: containerized (Docker) with separate services for frontend and backend.

File structure rules:
- frontend/: Angular project skeleton (src/app, components, services, modules)
- backend/: Django project with apps (api, core), plus DRF serializers/views/urls
- docker-compose.yml to orchestrate frontend and backend during dev

Authentication rules:
- Use JWT (refresh token) or Django token auth; authenticate endpoints under /api/auth/
- Protect sensitive endpoints; require valid tokens for protected resources

Database rules:
- PostgreSQL with proper migrations; use psycopg2-binary; configure DATABASE_URL via env
- Do not connect to SQLite in production

Validation rules:
- DRF serializers validate all input; model validators on save(); return clear error messages

Security rules:
- CSRF enabled for stateful sessions; CORS restricted to the SPA origin; secure cookies in prod
- Do not disable security headers; forbid inline scripts in templates

Testing rules:
- Django tests for models, serializers, and views; DRF APIClient tests; frontend tests with Jasmine/Karma
- CI should run linting, type checks, and tests on PRs

Deployment rules:
- Use docker-compose for local dev; for production, use a proper Kubernetes or cloud deployment; run migrations on startup

Things Claude must not do:
- Do not bypass authentication or permissions checks
- Do not include hard-coded secrets or credentials
- Do not propose unsafe dependencies or insecure network configs

Recommended Project Structure

frontend/
  angular.json
  package.json
  src/
    app/
      components/
      modules/
      services/
      app.module.ts
      app.component.ts
backend/
  manage.py
  requirements.txt
  django_project/
    settings.py
    wsgi.py
  api/
    models.py
    serializers.py
    views.py
    urls.py
db/
  init.sql
docker-compose.yml

Core Engineering Principles

• Single source of truth: data models and API contracts are defined once and reused by frontend and backend.
• Explicit dependencies and strict typing to reduce runtime errors.
• Incremental, test-driven development with automated tests for backend and frontend.
• Secure-by-default: proper authentication, authorization, and secret management.
• Clear separation of concerns between UI, API, and data access layers.

Code Construction Rules

• Frontend: Angular with Angular Material components; use strong typing (TypeScript) and strict templates.
• Backend: Django REST Framework with ModelViewSets; serializers validate input; use DRF routers.
• Database: PostgreSQL; migrations must be created and applied in deployment; avoid raw SQL in application code.
• Authentication: JWT or token-based; protect endpoints with proper permissions.
• Environment: all secrets via environment variables; do not hard-code keys; use Django-environ or python-dotenv.
• Testing: unit tests for models/serializers, integration tests for API endpoints, and basic frontend tests.
• Logging: structured JSON logs; mask sensitive fields in logs.
• Deployment: use Docker; separate frontend/backend; migrations run on startup in prod-safe way.

Security and Production Rules

• HTTPS enforced; HSTS enabled; CSRF protection enabled for stateful sessions.
• CORS configured to only allow the Angular app origin.
• Use secure cookies; set cookie flags (HttpOnly, Secure, SameSite).
• SECRET_KEY and DB credentials stored in environment variables; rotate secrets regularly.
• Regular dependency audits and security patches; pin versions where possible.

Testing Checklist

• Backend unit tests for models and serializers; DRF API tests with APIClient.
• Frontend unit tests for components/services; end-to-end tests if possible.
• Integration tests to verify DB migrations and API contracts.
• CI: lint/tsc, pytest/django tests, and build checks.

Common Mistakes to Avoid

• Assuming frontend and backend evolve independently without a shared API contract.
• Storing secrets in code or repository; not refreshing tokens properly.
• Skipping migrations in production; running in a misconfigured environment.
• Overly permissive CORS or unsecured API endpoints.

FAQ