CLAUDE.md TemplatesTemplate

CLAUDE.md Template: Angular Material + FastAPI GDPR Ready App

A CLAUDE.md template starter for a GDPR-ready app using Angular Material on the frontend and FastAPI on the backend.

CLAUDE.md templateAngular MaterialAngularFastAPIGDPRClaude CodeWeb SecurityData PrivacyFrontendBackendFull Stack

Target User

Developers building GDPR-ready web apps with Angular Material for the UI and FastAPI for the API.

Use Cases

  • Develop GDPR-compliant UI with Angular Material components
  • Build secure FastAPI endpoints with Pydantic schemas
  • Implement consent capture and data processing rules
  • Audit-ready logging and GDPR-compliant data handling

Markdown Template

CLAUDE.md Template: Angular Material + FastAPI GDPR Ready App

# CLAUDE.md

Project role: Frontend: Angular Material UI; Backend: FastAPI; GDPR compliance engineer; responsible for data handling and consent flows.

Architecture rules:
- Use a clean separation between frontend and backend; API contracts via Pydantic models.
- Ensure typing and validation on both sides; no loose data shapes.
- All GDPR-sensitive operations must be auditable and consent-tracked.

File structure rules:
- frontend/ for Angular app; backend/ for FastAPI app.
- src/app/ modules mirror backend services via API contracts.

Authentication rules:
- Use OAuth 2.0 / OpenID Connect for user authentication; implement PKCE for public clients.
- Access tokens stored in httpOnly secure cookies.
- CSRF protection enabled.

Database rules:
- PostgreSQL with rows versioning; avoid storing PII in Redis.
- Use encrypted columns for sensitive fields; ensure GDPR data retention rules are configurable.

Validation rules:
- Backend: Pydantic models for all request/response payloads.
- Frontend: Angular form validation with reactive forms and async validators.

Security rules:
- Do not log raw sensitive data; mask PII in logs.
- Use TLS everywhere; enforce HSTS.
- Do not expose secret keys in code; use environment variables.

Testing rules:
- Unit tests for FastAPI endpoints; integration tests for consent flows.
- End-to-end tests simulating GDPR data subject access requests.
- Frontend tests cover Material components and form validations.

Deployment rules:
- Dockerize frontend and backend; orchestrate with Docker Compose or Kubernetes.
- Use separate configs for dev/staging/prod; enable TLS termination.
- Provide migration scripts for GDPR-related schema changes.

Things Claude must not do:
- Do not bypass consent prompts or store consent in localStorage.
- Do not skip server-side validation.
- Do not assume user locale or language without explicit selection.

Overview

The CLAUDE.md template is a copyable Claude Code blueprint designed for a GDPR-ready app stack: Angular Material on the frontend and FastAPI on the backend. This page provides a ready-to-paste CLAUDE.md block and a stack-specific project layout to guide implementation.

When to Use This CLAUDE.md Template

  • You are building a GDPR-compliant SPA with Angular Material UI.
  • You need a FastAPI backend with strict data handling, validation, and security rules.
  • You want a copyable Claude Code instruction set to guide a team and ensure consistent architecture.
  • You require a documented project structure and deployment steps for prod readiness.

Copyable CLAUDE.md Template

# CLAUDE.md

Project role: Frontend: Angular Material UI; Backend: FastAPI; GDPR compliance engineer; responsible for data handling and consent flows.

Architecture rules:
- Use a clean separation between frontend and backend; API contracts via Pydantic models.
- Ensure typing and validation on both sides; no loose data shapes.
- All GDPR-sensitive operations must be auditable and consent-tracked.

File structure rules:
- frontend/ for Angular app; backend/ for FastAPI app.
- src/app/ modules mirror backend services via API contracts.

Authentication rules:
- Use OAuth 2.0 / OpenID Connect for user authentication; implement PKCE for public clients.
- Access tokens stored in httpOnly secure cookies.
- CSRF protection enabled.

Database rules:
- PostgreSQL with rows versioning; avoid storing PII in Redis.
- Use encrypted columns for sensitive fields; ensure GDPR data retention rules are configurable.

Validation rules:
- Backend: Pydantic models for all request/response payloads.
- Frontend: Angular form validation with reactive forms and async validators.

Security rules:
- Do not log raw sensitive data; mask PII in logs.
- Use TLS everywhere; enforce HSTS.
- Do not expose secret keys in code; use environment variables.

Testing rules:
- Unit tests for FastAPI endpoints; integration tests for consent flows.
- End-to-end tests simulating GDPR data subject access requests.
- Frontend tests cover Material components and form validations.

Deployment rules:
- Dockerize frontend and backend; orchestrate with Docker Compose or Kubernetes.
- Use separate configs for dev/staging/prod; enable TLS termination.
- Provide migration scripts for GDPR-related schema changes.

Things Claude must not do:
- Do not bypass consent prompts or store consent in localStorage.
- Do not skip server-side validation.
- Do not assume user locale or language without explicit selection.

Recommended Project Structure

frontend/
  angular.json
  package.json
  src/
    app/
      components/
      services/
      pages/
      app.module.ts
backend/
  app/
    main.py
    api/
    models/
    schemas/
    core/
    gdpr/
docs/
  GDPR.md

Core Engineering Principles

  • Privacy by design and data minimization.
  • Explicit consent capture and auditability.
  • Security by default; least privilege.
  • Idempotent, observable deployments and rollbacks.
  • Reproducible builds and strict typing across stack.

Code Construction Rules

  • Frontend components must use Angular Material guidelines and accessible components (aria-labels, keyboard navigation).
  • Backend endpoints typed with Pydantic; input validated server-side.
  • API contracts versioned; avoid breaking changes without deprecation path.
  • Do not rely on browser localStorage for sensitive data; use secure cookies.

Security and Production Rules

  • GDPR-ready data retention policy and data subject access tooling.
  • Encrypt sensitive fields; enable audit logs and access controls.
  • TLS everywhere; rotate secrets; implement proper CORS and CSRF protections.

Testing Checklist

  • Unit tests for API models and services.
  • Integration tests for GDPR flows (consent, erasure).
  • End-to-end tests simulating GDPR data subject access requests in a Material UI context.
  • Deployment smoke tests in staging before prod.

Common Mistakes to Avoid

  • Storing PII in client storage or logs.
  • Skipping server-side validation for API payloads.
  • Over-privileging service accounts or API keys.
  • Ignoring GDPR data subject access requests in the design.

FAQ

What is CLAUDE.md Template?

A copyable Claude Code blueprint for a stack-specific setup that ensures consistent architecture and GDPR readiness.

Which stack is covered?

Angular Material frontend with a FastAPI backend, designed for GDPR compliance.

How do I use this template?

Copy the CLAUDE.md block and adapt project roles, rules, and file structure to your repo.

Does this template enforce GDPR?

Yes, it includes consent, audit trails, and secure data handling guidelines suitable for GDPR compliance.

Can I customize the project structure?

Yes. You can adjust the recommended structure to fit your deployment and CI/CD while preserving the CLAUDE.md rules.