What is the purpose of this CLAUDE.md Template?

To provide a copyable Claude Code block and guidance for building an Angular Material + FastAPI multi-tenant SaaS starter.

Which stack does this template target?

Angular Material frontend with a FastAPI backend, designed for a multi-tenant SaaS architecture.

How is multi-tenancy enforced?

Tenant context is resolved at the earliest middleware layer using a tenant header or subdomain, with per-tenant data isolation in PostgreSQL.

What should I customize first?

Implement tenant resolution, authentication, and data access rules in both frontend and backend, then wire migrations and tests.

How do I deploy this starter in production?

Use Docker Compose for local development and a Kubernetes or cloud-based deployment with managed Postgres, secret management, and CI/CD pipelines.

CLAUDE.md Template: Angular Material + FastAPI Multi Tenant SaaS Starter | Suhas Bhairav

Overview

CLAUDE.md Template for Angular Material + FastAPI Multi Tenant SaaS provides a ready-to-paste Claude Code instruction block to scaffold a multi-tenant SaaS with a polished Angular Material frontend and a FastAPI backend.

Stack: Angular Material (frontend) + FastAPI (backend) with a multi-tenant architecture.

When to Use This CLAUDE.md Template

Starting a new multi-tenant SaaS project with a polished UI and scalable backend.
Ensuring a consistent CLAUDE.md exercise for onboarding engineers.
Enforcing a repeatable frontend-backend integration pattern using Claude Code.
Sharing best practices for tenancy isolation, authentication, and data access.

Copyable CLAUDE.md Template

# CLAUDE.md

- Project role: You are Claude, a coding assistant. Produce a concrete CLAUDE.md block tailored to Angular Material + FastAPI multi-tenant SaaS. Do not include unrelated stack details.
- Architecture rules: Use a frontend Angular Material SPA and a FastAPI backend; implement multi-tenant using X-Tenant-ID header with per-tenant data separation; JWT-based authentication; separate services; stateless backend APIs; CI/CD friendly.
- File structure rules: Respect the provided project structure in the "Recommended Project Structure" section. Do not create unused files.
- Authentication rules: OAuth2 / JWT for API access; tokens must be validated on every protected endpoint; refresh tokens with rotation; store tokens securely.
- Database rules: PostgreSQL; per-tenant schema or database; migrations via Alembic; ensure tenant isolation; migrations run on startup or via admin tooling.
- Validation rules: Pydantic models on backend; Angular forms with validation; server-side validation on API endpoints.
- Security rules: Do not expose secret keys; enable HTTPS; CORS limited to trusted origins; avoid storing credentials in local storage; enforce input sanitization.
- Testing rules: Unit tests for FastAPI endpoints; integration tests covering multi-tenant data access; frontend unit tests; end-to-end tests with Cypress or Playwright; CI pipeline with tests run on PRs.
- Deployment rules: Docker Compose for local dev; separate services for frontend and backend; health checks; migrations on startup; environment variables for secrets; use non-root user in containers.
- Things Claude must not do:
  - Do not implement non-tenant-aware schemas or hardcode tenant values.
  - Do not use Mongoose, Prisma, or other ORMs that contradict the stack. Use SQLAlchemy for FastAPI.
  - Do not generate insecure code or store secrets in source.
  - Do not assume a single-tenant deployment in a multi-tenant context.

Recommended Project Structure

frontend/                                # Angular Material SPA
  src/
    app/
      core/
        auth/
        interceptors/
      tenants/
      shared/
      features/
  index.html
  angular.json
  package.json
  tsconfig.json
backend/                                 # FastAPI + multi-tenant backend
  app/
    api/
      v1/
        endpoints/
    models/
    core/
    schemas/
    main.py
  alembic/
  requirements.txt
  Dockerfile
  docker-compose.yml

Core Engineering Principles

Explicit tenancy: tenant isolation by id with strict access controls.
Declarative contracts: strong typing on API and forms (Pydantic + Angular validators).
Environment-driven configuration: avoid hard-coded values; use env vars for secrets.
Automation: CI/CD, migrations, and tests automated on PRs.
Security by default: least privilege, secure storage, and strict CORS.

Code Construction Rules

Frontend must use Angular Material components for UI patterns (dialogs, forms, navigation).
Backend endpoints must be defined with explicit schemas and request validators.
Tenant resolution must occur at the earliest layer (middleware) and be enforced on all endpoints.
Use PostgreSQL and per-tenant schema; apply migrations via Alembic; ensure migrations are idempotent.
Authentication uses OAuth2 with JWT tokens; tokens must be validated on every protected endpoint.
All data model inputs must be validated on server side and client side.
Do not cache sensitive data in insecure storage; use HTTP-only cookies or secure in-memory stores where possible.

Security and Production Rules

Enable HTTPS; enforce secure headers; implement CSRF protection for state-changing operations on the frontend if cookies are used.
Rate limiting and attack surface reduction for the API; monitor for anomalous tenant access patterns.
Secret management via environment variables and secret stores; rotate keys regularly.
Implement audit logging for tenant operations.

Testing Checklist

Unit tests for each FastAPI endpoint with tenant-scoped tests.
Integration tests covering multi-tenant data access and RBAC.
Frontend unit tests for Angular components and services.
End-to-end tests for tenant onboarding flow using Cypress/Playwright.
Migration tests to ensure idempotent migrations across tenants.
CI linting and type checking for both frontend and backend.

Common Mistakes to Avoid

Assuming a single-tenant mindset in a multi-tenant architecture.
Storing tenant context in memory without validation; bypassing tenancy checks.
Overexposing tenant data via shared schemas or insecure queries.
Hardcoding secrets or using insecure defaults in Docker images.

FAQ

What is the purpose of this CLAUDE.md Template?: To provide a copyable Claude Code block and guidance for building an Angular Material + FastAPI multi-tenant SaaS starter.
Which stack does this template target?: Angular Material frontend with a FastAPI backend, designed for a multi-tenant SaaS architecture.
How is multi-tenancy enforced?: Tenant context is resolved at the earliest middleware layer using a tenant header (X-Tenant-ID) or subdomain, with per-tenant data isolation in PostgreSQL.
What should I customize first?: Implement tenant resolution, authentication, and data access rules in both frontend and backend, then wire migrations and tests.
How do I deploy this starter in production?: Use Docker Compose for local development and a Kubernetes or cloud-based deployment with managed Postgres, secret management, and CI/CD pipelines.

Angular Material + FastAPI Multi Tenant SaaS CLAUDE.md Template

Target User

Use Cases