CLAUDE.md TemplatesTemplate
CLAUDE.md Template: Video Course Platform with Next.js, TypeScript, Supabase, Clerk, Stripe
CLAUDE.md Template to scaffold a complete Video Course Platform using Next.js, TypeScript, Supabase, Clerk, Stripe, with AI lesson summaries, quizzes, progress tracking, and certificates. Copyable CLAUDE.md block included.
CLAUDE.md TemplateVideo Course PlatformNext.jsTypeScriptSupabaseClerkStripeClaude CodeAI summariesquizzescertificates
Target User
Developers building a modern video course platform
Use Cases
- Build a complete, production-ready video course platform with authentication, payments, progress tracking, AI summaries, quizzes, and certificates.
Markdown Template
CLAUDE.md Template: Video Course Platform with Next.js, TypeScript, Supabase, Clerk, Stripe
# CLAUDE.md
Project role: Platform Engineer building a complete Video Course Platform using Next.js, TypeScript, Supabase, Clerk, Stripe, AI lesson summaries, quizzes, progress tracking, and certificates.
Architecture rules:
- Use Next.js App Router with TypeScript, server components where appropriate, and a lean client bundle.
- Supabase handles data storage, auth flows, and Row Level Security with policies.
- Clerk manages user sessions, multi-factor auth, and user profiles; Stripe handles all billing and subscriptions.
- AI features should run server-side or via secure API routes; avoid leaking API keys to the client.
- All APIs must be typed; use Zod for runtime validation; prefer server actions and API routes for data mutations.
- Secrets and keys must be stored in environment variables; never commit to VCS.
- All data flows must be auditable with versioned schemas and migrations.
File structure rules:
- apps/web/src/app defines app routes; components live under apps/web/src/components; lib contains adapters for Supabase, Clerk, and Stripe.
- Keep server-only code in server/ or app/server; avoid shipping DB secrets to the client.
- Use a single source of truth for data models and API contracts; share types via /lib/types.ts.
Authentication rules:
- Clerk handles authentication; enforce role-based access for students, instructors, and admins.
- Protect all sensitive endpoints with server-side checks; never rely on client-only checks.
- Use httpOnly cookies when storing session data on the server.
Database rules:
- Tables: users, courses, videos, lessons, enrollments, progress, quizzes, questions, quiz_results, AI_summaries, certificates, payments, refunds, invoices.
- Enforce RLS with policies for read/write based on roles and enrollment status.
- Store only necessary metadata; avoid duplicate data; keep audit fields (created_at, updated_at).
Validation rules:
- Validate all inputs with strict schemas (e.g., Zod) before DB operations.
- Ensure payment amounts are positive integers; enforce currency codes.
- Validate IDs with UUIDs; normalize strings; trim inputs server-side.
Security rules:
- Verify Stripe webhook signatures using the secret in the environment and validate payloads.
- Always enforce authentication and authorization for API routes.
- Do not log sensitive data; redact tokens in logs.
- Use CSRF protection for state-changing operations on web routes.
Testing rules:
- Unit tests for data validation and business logic.
- Integration tests for enrollment, payment flow, and AI summary generation using mocks.
- End-to-end tests for user signup, course enrollment, lesson access, quiz submission, and certificate issuance.
Deployment rules:
- Deploy on a provider that supports serverless functions (e.g., Vercel) with edge-enabled API routes where appropriate.
- Use environment-specific configs for Stripe keys, API endpoints, and AI service endpoints.
- Set up webhook endpoints behind a secure path and verify signatures.
Things Claude must not do:
- Do not bypass authentication or authorization checks.
- Do not hardcode private keys or credentials.
- Do not generate or store payment card data in plaintext.
- Do not rely on client-side validation as the sole source of security.
- Do not implement custom auth schemes to replace Clerk/Stripe.Overview
Direct answer: This CLAUDE.md Template provides a complete, copy-paste Claude Code blueprint to build a production-ready Video Course Platform using Next.js with TypeScript, Supabase for the backend, Clerk for authentication, Stripe for payments, and integrated AI features for lesson summaries, quizzes, progress tracking, and certificates.
This CLAUDE.md Template focuses on a modern stack: Next.js 13+ App Router with TypeScript, Supabase as the data and auth layer, Clerk for session management, Stripe for billing, and Claude Code instructions to implement core features end-to-end. It includes architecture rules, file structure, security constraints, testing guidance, and deploy-ready rules so a developer can paste the included CLAUDE.md block into a project repository and start implementing immediately.
When to Use This CLAUDE.md Template
- You need a scalable, production-grade video course platform with user authentication, enrollments, and payments.
- You want AI-assisted features such as automatic lesson summaries and adaptive quizzes.
- You require robust progress tracking, achievement certificates, and secure payment webhooks.
- You are using Next.js + TypeScript, Supabase, Clerk, and Stripe and want a clean, repeatable blueprint.
- You need a copyable CLAUDE.md template to pair with your CI/CD and infrastructure as code.
Copyable CLAUDE.md Template
# CLAUDE.md
Project role: Platform Engineer building a complete Video Course Platform using Next.js, TypeScript, Supabase, Clerk, Stripe, AI lesson summaries, quizzes, progress tracking, and certificates.
Architecture rules:
- Use Next.js App Router with TypeScript, server components where appropriate, and a lean client bundle.
- Supabase handles data storage, auth flows, and Row Level Security with policies.
- Clerk manages user sessions, multi-factor auth, and user profiles; Stripe handles all billing and subscriptions.
- AI features should run server-side or via secure API routes; avoid leaking API keys to the client.
- All APIs must be typed; use Zod for runtime validation; prefer server actions and API routes for data mutations.
- Secrets and keys must be stored in environment variables; never commit to VCS.
- All data flows must be auditable with versioned schemas and migrations.
File structure rules:
- apps/web/src/app defines app routes; components live under apps/web/src/components; lib contains adapters for Supabase, Clerk, and Stripe.
- Keep server-only code in server/ or app/server; avoid shipping DB secrets to the client.
- Use a single source of truth for data models and API contracts; share types via /lib/types.ts.
Authentication rules:
- Clerk handles authentication; enforce role-based access for students, instructors, and admins.
- Protect all sensitive endpoints with server-side checks; never rely on client-only checks.
- Use httpOnly cookies when storing session data on the server.
Database rules:
- Tables: users, courses, videos, lessons, enrollments, progress, quizzes, questions, quiz_results, AI_summaries, certificates, payments, refunds, invoices.
- Enforce RLS with policies for read/write based on roles and enrollment status.
- Store only necessary metadata; avoid duplicate data; keep audit fields (created_at, updated_at).
Validation rules:
- Validate all inputs with strict schemas (e.g., Zod) before DB operations.
- Ensure payment amounts are positive integers; enforce currency codes.
- Validate IDs with UUIDs; normalize strings; trim inputs server-side.
Security rules:
- Verify Stripe webhook signatures using the secret in the environment and validate payloads.
- Always enforce authentication and authorization for API routes.
- Do not log sensitive data; redact tokens in logs.
- Use CSRF protection for state-changing operations on web routes.
Testing rules:
- Unit tests for data validation and business logic.
- Integration tests for enrollment, payment flow, and AI summary generation using mocks.
- End-to-end tests for user signup, course enrollment, lesson access, quiz submission, and certificate issuance.
Deployment rules:
- Deploy on a provider that supports serverless functions (e.g., Vercel) with edge-enabled API routes where appropriate.
- Use environment-specific configs for Stripe keys, API endpoints, and AI service endpoints.
- Set up webhook endpoints behind a secure path and verify signatures.
Things Claude must not do:
- Do not bypass authentication or authorization checks.
- Do not hardcode private keys or credentials.
- Do not generate or store payment card data in plaintext.
- Do not rely on client-side validation as the sole source of security.
- Do not implement custom auth schemes to replace Clerk/Stripe.
Recommended Project Structure
/
apps/
web/
src/
app/
layout.tsx
page.tsx
courses/
[courseId]/
page.tsx
lessons/
[lessonId]/
page.tsx
components/
lib/
supabase.ts
clerk.ts
stripe.ts
hooks/
utils/
styles/
public/
db/
seed.ts
scripts/
next.config.js
tsconfig.json
Core Engineering Principles
- Type-safety everywhere: TypeScript for API shapes and data models.
- Clear boundaries: separate concerns across app, data, and domain logic.
- Security by default: RBAC, secure cookies, and server-side validation.
- Fail fast and observable: structured logging, metrics, and error boundaries.
- Accessibility and performance: semantic markup, responsive design, and optimized bundles.
Code Construction Rules
- Use Supabase as the canonical data source; access via server-side APIs with typed contracts.
- Leverage Clerk for authentication; enforce role-based access in all protected routes.
- Stripe integration must implement checkout, subscriptions, webhook verification, and secure webhook handlers.
- AI features (summaries, quizzes) must consume tokens securely; do not expose API keys to the client.
- All mutations go through server actions or API routes with input validation (Zod).
- Environment variables must be present in all environments and not committed.
Security and Production Rules
- Validate Stripe webhooks with signature verification; verify endpoint authenticity.
- Use role-based access control for all endpoints; never rely on client state alone.
- Encrypt sensitive data at rest where appropriate; minimize sensitive fields in logs.
- Implement rate limiting and input sanitization to prevent abuse and injection threats.
- Monitor deployment health; enable tracing, metrics, and error reporting in production.
Testing Checklist
- Unit tests for validators, course and lesson models, and AI summary generation logic.
- Integration tests for user signup, enrollment, progress updates, and quiz scoring.
- Payment flow tests with Stripe test mode; verify webhooks and idempotency keys.
- End-to-end tests for course creation, content access, and certificate issuance.
- Performance tests on critical paths (loading course pages, AI summary compute).
Common Mistakes to Avoid
- Assuming client-side checks are sufficient for security.
- Storing secrets in code or exposing API keys in the front end.
- Neglecting webhooks validation or mismanaging Stripe event handling.
- Overcomplicating the data model without necessary indices and constraints.
- Skipping accessibility considerations in course UI and quizzes.
Related implementation resources: AI Use Case for Software Agencies Using Github Copilot To Accelerate Boilerplate Code Generation for New Client Mvps and Designing secure Server Actions with mandatory input schema validations at the server boundary.
FAQ
Q1: What stack is this CLAUDE.md Template for?
A: Next.js with TypeScript, Supabase for backend, Clerk for auth, Stripe for payments, plus AI-driven summaries and quizzes.
Q2: Can I replace AI services with a different provider?
A: Yes, the template is provider-agnostic for the AI layer; swap in your preferred AI service with minimal changes to the CLAUDE.md block.
Q3: How are certificates generated?
A: Certificates are issued post-completion when a user meets the quiz and course progress criteria, stored in the database, and accessible from the user profile UI.
Q4: How do I test Stripe integration?
A: Use Stripe test keys, simulate checkout sessions, and verify webhook handling with fake events and idempotent processing.
Q5: Where do I start after pasting the CLAUDE.md template?
A: Install dependencies, configure environment variables for Supabase, Clerk, Stripe, and AI provider, then run development server and follow the sections in this template to implement features step by step.