CLAUDE.md TemplatesCLAUDE.md Template
CLAUDE.md Template for Django Ninja + Oracle DB + Django Enterprise Auth + Django ORM Enterprise Layer
CLAUDE.md Template page for Django Ninja + Oracle DB with Django Enterprise Auth and ORM Enterprise Layer.
CLAUDE.md templateDjango NinjaOracle DBDjango Enterprise AuthDjango ORMClaude CodeAPI securityenterprise architecturePython DjangoCLAUDE.md Templates
Target User
Backend engineers building Python Django APIs with Django Ninja, Oracle DB, and enterprise auth/ORM layers
Use Cases
- Create a secure Django Ninja API backed by Oracle DB with enterprise authentication
- Enforce enterprise ORM patterns across services
- Deliver reproducible CLAUDE.md templates for this stack
Markdown Template
CLAUDE.md Template for Django Ninja + Oracle DB + Django Enterprise Auth + Django ORM Enterprise Layer
# CLAUDE.md
Project Role: You are a senior Django engineer responsible for delivering a Django Ninja API backed by Oracle DB, with Django Enterprise Auth and an Enterprise ORM Layer. You will respond with precise, executable steps in the context of this stack.
Architecture Rules:
- Use a layered architecture: API (Django Ninja) -> Business Logic (services) -> Data Access (ORM Enterprise Layer) -> Database (Oracle DB).
- All data access must go through the ORM Enterprise Layer wrappers.
- Respect separation of concerns; avoid raw SQL in business logic except for vendor-optimized queries encapsulated in the data layer.
- Prefer Python type hints and Pydantic-like models for validation in Claude Code terms.
- Do not assume PostgreSQL or SQLite.
File Structure Rules:
- Place code in a Django project layout with apps: api, enterprise_auth, orm_enterprise, models, services, validators.
- Use explicit module boundaries; do not collapse business logic into views.
Authentication Rules:
- All endpoints must be protected by Django Enterprise Auth tokens.
- Token validation must be centralized in the enterprise_auth module.
- Use OAuth2-style access tokens if supported by the enterprise auth stack.
Database Rules:
- Oracle DB is the source of truth.
- Use parameterized queries and bind variables; avoid string interpolation in SQL.
- Ensure all DB calls happen through the ORM Enterprise Layer; no ad-hoc connections from endpoints.
Validation Rules:
- Use model-based validation for inputs (pydantic-like schemas) and Django forms where appropriate.
- Validate all inputs on entry; fail fast with clear messages.
Security Rules:
- CSRF must be enabled for non-API endpoints; API endpoints must use token-based auth with strict scopes.
- Never log raw credentials or secrets; mask sensitive fields in logs.
- Use TLS 1.2+ for all external calls; enforce secure cookies and HSTS.
Testing Rules:
- Include unit tests for validators and services.
- Include integration tests for API endpoints against a test Oracle instance; mocks must be used where possible.
- Use pytest-django or the project's testing framework with clear fixtures.
- Deployment Rules:
- Provide a Docker-based setup with a Django image, Oracle client libraries, and the enterprise auth service behind a reverse proxy.
- Use environment variables for credentials; do not commit secrets.
- Run migrations automatically in CI before deployment.
- Use feature flags for enterprise auth toggles.
Things Claude Must Not Do:
- Do not bypass Enterprise Auth or ORM Enterprise Layer.
- Do not generate raw SQL in app code; always wrap in the ORM layer.
- Do not use non-Oracle test databases in production workflows.
- Do not omit unit tests for validators and services.
- Do not propose unsafe default configurations (hard-coded secrets, insecure endpoints).Overview
A CLAUDE.md template page for Django Ninja + Oracle DB + Django Enterprise Auth + Django ORM Enterprise Layer. It provides a copyable CLAUDE.md block and stack-specific rules so teams can rapidly bootstrap compliant endpoints, secure authentication, and a clean ORM-backed data layer on Oracle.
Direct answer: This page yields a paste-ready CLAUDE.md template that enforces API routing with Django Ninja, Oracle DB integration, enterprise authentication, and a formal ORM enterprise layer.
When to Use This CLAUDE.md Template
- When building a Python Django API with Django Ninja as the router and Oracle as the data store.
- When you must enforce Django Enterprise Auth across all endpoints.
- When you require an enterprise ORM layer that cleanly separates business logic from data access.
- When you need a reproducible, copyable CLAUDE.md to onboard new developers quickly.
Copyable CLAUDE.md Template
# CLAUDE.md
Project Role: You are a senior Django engineer responsible for delivering a Django Ninja API backed by Oracle DB, with Django Enterprise Auth and an Enterprise ORM Layer. You will respond with precise, executable steps in the context of this stack.
Architecture Rules:
- Use a layered architecture: API (Django Ninja) -> Business Logic (services) -> Data Access (ORM Enterprise Layer) -> Database (Oracle DB).
- All data access must go through the ORM Enterprise Layer wrappers.
- Respect separation of concerns; avoid raw SQL in business logic except for vendor-optimized queries encapsulated in the data layer.
- Prefer Python type hints and Pydantic-like models for validation in Claude Code terms.
- Do not assume PostgreSQL or SQLite.
File Structure Rules:
- Place code in a Django project layout with apps: api, enterprise_auth, orm_enterprise, models, services, validators.
- Use explicit module boundaries; do not collapse business logic into views.
Authentication Rules:
- All endpoints must be protected by Django Enterprise Auth tokens.
- Token validation must be centralized in the enterprise_auth module.
- Use OAuth2-style access tokens if supported by the enterprise auth stack.
Database Rules:
- Oracle DB is the source of truth.
- Use parameterized queries and bind variables; avoid string interpolation in SQL.
- Ensure all DB calls happen through the ORM Enterprise Layer; no ad-hoc connections from endpoints.
Validation Rules:
- Use model-based validation for inputs (pydantic-like schemas) and Django forms where appropriate.
- Validate all inputs on entry; fail fast with clear messages.
Security Rules:
- CSRF must be enabled for non-API endpoints; API endpoints must use token-based auth with strict scopes.
- Never log raw credentials or secrets; mask sensitive fields in logs.
- Use TLS 1.2+ for all external calls; enforce secure cookies and HSTS.
Testing Rules:
- Include unit tests for validators and services.
- Include integration tests for API endpoints against a test Oracle instance; mocks must be used where possible.
- Use pytest-django or the project's testing framework with clear fixtures.
- Deployment Rules:
- Provide a Docker-based setup with a Django image, Oracle client libraries, and the enterprise auth service behind a reverse proxy.
- Use environment variables for credentials; do not commit secrets.
- Run migrations automatically in CI before deployment.
- Use feature flags for enterprise auth toggles.
Things Claude Must Not Do:
- Do not bypass Enterprise Auth or ORM Enterprise Layer.
- Do not generate raw SQL in app code; always wrap in the ORM layer.
- Do not use non-Oracle test databases in production workflows.
- Do not omit unit tests for validators and services.
- Do not propose unsafe default configurations (hard-coded secrets, insecure endpoints).
Recommended Project Structure
myproject/
manage.py
api/
v1/
endpoints/
users.py
items.py
enterprise_auth/
auth.py
permissions.py
orm_enterprise/
base_model.py
repositories/
user_repo.py
item_repo.py
models/
user.py
item.py
services/
user_service.py
item_service.py
validators/
validators.py
config/
settings.py
tests/
docker/
Dockerfile
docker-compose.yml
requirements.txt
.env.example
Core Engineering Principles
- Explicit over implicit; document architectural decisions and keep a single source of truth for each business rule.
- Security by default: enforce token-based authentication and least privilege data access.
- Layered architecture with clear boundaries between API, business logic, and data access.
- Automated tests and CI/CD vetting for every change.
- Maintainable, runnable CLAUDE.md templates for onboarding and audits.
Code Construction Rules
- Use Django Ninja path operations for endpoints with explicit request/response models.
- Validation via pydantic-like schemas; avoid heavy validators in views.
- All DB interactions go through the ORM Enterprise Layer wrappers; no ad-hoc queries in views.
- Use Django settings to separate dev/prod configurations; never hardcode secrets.
- Handle transactions with atomic blocks around business-critical operations.
- Keep migrations deterministic and versioned; avoid data migrations in app code unless intentional.
- Write tests for every business rule; ensure test data uses database fixtures and Oracle adapters when available.
- Log structured events; avoid logging sensitive data.
- Compliance: adhere to enterprise auth policies and data access controls.
Security and Production Rules
- Activate TLS, HSTS, and secure cookies for all deployments.
- Token scopes must be enforced at the API layer; unauthorized access is rejected with 401/403.
- Mask secrets in logs and telemetry; do not log full tokens or credentials.
- Configure per-request database connection management; use pooling and timeouts compatible with Oracle client.
- Enforce CA-signed certificates for all outbound connections; pin critical dependencies where possible.
- Audit logging for enterprise auth events; store logs in immutable storage when feasible.
Testing Checklist
- Unit tests for validators and business logic in services.
- Integration tests for API endpoints against a test Oracle instance or mocks.
- End-to-end tests for common use cases guarded by enterprise auth tokens.
- CI pipeline runs migrations and runs the full test suite on every PR.
- Performance tests for typical read/write patterns using the enterprise ORM layer.
Common Mistakes to Avoid
- Using non-Oracle databases for production flows; Oracle must be the source of truth.
- Skipping enterprise auth tokens and API security checks.
- bypassing ORM Enterprise Layer to perform raw SQL operations.
- Overly clever query optimization that evades parameter binding, risking SQL injection.
- Neglecting tests for validators and services; brittle endpoints.
FAQ
Q: Is this CLAUDE.md Template specific to Django Ninja?
A: Yes. It targets Django Ninja with Oracle DB and enterprise auth/ORM layers.
Q: Can I use PostgreSQL for development?
A: This template enforces Oracle as the primary data store; Oracle should be used in alignment with production.
Q: How do I test enterprise auth?
A: Use token-based tests that simulate real tokens with scopes and permissions against a testAuth server.
Q: Where do I place migrations?
A: In the migrations folder of each Django app; ensure they run in CI and in production as part of deployment rules.
Q: How do I extend this template for a new stack?
A: Copy the CLAUDE.md block and update stack-specific sections and rules accordingly.