CLAUDE.md TemplatesTemplate
CLAUDE.md Template for Next.js AI Blog Platform with Supabase, Clerk, Stripe
CLAUDE.md Template for building a complete AI Blog Platform with Next.js, TypeScript, Supabase, Clerk, Stripe, AI SEO, markdown editor, newsletter, and analytics.
CLAUDE.md templateCLAUDE.md TemplateNext.jsTypeScriptSupabaseClerkStripeAI SEOMarkdown EditorNewsletterAnalyticsClaude Code
Target User
Developers building an AI-powered blog platform with Next.js stack
Use Cases
- Full-stack boilerplate for AI blog platform
- Prototype AI blog features
- Guide to integrating Supabase auth, Clerk, Stripe, AI SEO, and analytics
Markdown Template
CLAUDE.md Template for Next.js AI Blog Platform with Supabase, Clerk, Stripe
# CLAUDE.md
Project Role: You are a senior full-stack developer building an AI blog platform with Next.js, TS, Supabase, Clerk, Stripe, AI SEO, markdown editor, newsletter, and analytics.
Architecture Rules:
- Use Next.js App Router with TypeScript strict mode
- Separate UI, API routes, and server components
- Secrets in environment variables; never commit keys
- Follow clean architecture with defined domain boundaries
File Structure Rules:
- app/ for UI routes including blog and editor
- components/ for UI building blocks
- lib/ for integrations (supabase.ts, clerk.ts, stripe.ts)
- lib/db/ for data access helpers
- styles/ for global CSS
Authentication Rules:
- Clerk for authentication; implement multi-tenant friendly sign-in/up
- Protect API routes with middleware and server components
- Store user roles in a dedicated RBAC table
Database Rules:
- Supabase Postgres schema with orgs, users, posts, subscriptions, newsletters
- Row Level Security policies on all sensitive tables
- Validate data at API and DB layers
Validation Rules:
- Validate input shapes on client and server; enforce required fields
- Use strict typing for payloads and responses
Security Rules:
- Do not expose secrets; use environment vaults
- Enforce CSRF protection for state-changing endpoints
- Enforce RBAC for admin endpoints
Testing Rules:
- Unit tests for utilities and data mappers
- Integration tests for auth, checkout, and newsletter flows
- End-to-end tests for blog publish and analytics events
Deployment Rules:
- Deploy to Vercel with proper environment vars
- Enable preview deployments for PRs
- Enable analytics and SEO rendering in production
Things Claude Must Not Do:
- Do not hardcode API keys or secrets
- Do not bypass server-side validation
- Do not mix client and server logic in API routesOverview
CLAUDE.md template describes how to scaffold a complete AI Blog Platform using Next.js, TypeScript, Supabase, Clerk, Stripe, AI SEO, a markdown editor, newsletter, and analytics. This CLAUDE.md Template is tailored for Claude Code to generate a ready-to-run project and documentation for this stack.
Direct answer: You can paste the Copyable CLAUDE.md Template block into CLAUDE.md in your project to bootstrap the platform described here.
When to Use This CLAUDE.md Template
- Starting a new AI blog platform with the specified stack
- Seeking a consistent project structure and secure integration templates
- Needing a copyable Claude Code blueprint for rapid iteration
- Implementing auth, payments, and analytics with a repeatable approach
Copyable CLAUDE.md Template
# CLAUDE.md
Project Role: You are a senior full-stack developer building an AI blog platform with Next.js, TS, Supabase, Clerk, Stripe, AI SEO, markdown editor, newsletter, and analytics.
Architecture Rules:
- Use Next.js App Router with TypeScript strict mode
- Separate UI, API routes, and server components
- Secrets in environment variables; never commit keys
- Follow clean architecture with defined domain boundaries
File Structure Rules:
- app/ for UI routes including blog and editor
- components/ for UI building blocks
- lib/ for integrations (supabase.ts, clerk.ts, stripe.ts)
- lib/db/ for data access helpers
- styles/ for global CSS
Authentication Rules:
- Clerk for authentication; implement multi-tenant friendly sign-in/up
- Protect API routes with middleware and server components
- Store user roles in a dedicated RBAC table
Database Rules:
- Supabase Postgres schema with orgs, users, posts, subscriptions, newsletters
- Row Level Security policies on all sensitive tables
- Validate data at API and DB layers
Validation Rules:
- Validate input shapes on client and server; enforce required fields
- Use strict typing for payloads and responses
Security Rules:
- Do not expose secrets; use environment vaults
- Enforce CSRF protection for state-changing endpoints
- Enforce RBAC for admin endpoints
Testing Rules:
- Unit tests for utilities and data mappers
- Integration tests for auth, checkout, and newsletter flows
- End-to-end tests for blog publish and analytics events
Deployment Rules:
- Deploy to Vercel with proper environment vars
- Enable preview deployments for PRs
- Enable analytics and SEO rendering in production
Things Claude Must Not Do:
- Do not hardcode API keys or secrets
- Do not bypass server-side validation
- Do not mix client and server logic in API routesRecommended Project Structure
root/
app/
layout.tsx
page.tsx
blog/
[slug]/
page.tsx
editor/
page.tsx
analytics/
page.tsx
components/
Header.tsx
RichTextEditor.tsx
NewsletterSignup.tsx
lib/
supabase.ts
clerk.ts
stripe.ts
seo.ts
lib/db/
index.ts
styles/
globals.css
Core Engineering Principles
- Type-safe contracts across client and server with clear data models
- Security by default: RBAC, least privilege, and secret hygiene
- Composable components with observable APIs for SEO and analytics
- Defensive coding: validations, explicit errors, and testability
Code Construction Rules
- Follow the Next.js App Router pattern; feature-based routing
- Enable TypeScript strict mode; avoid any
- All API payloads validated against a shared schema
- Authentication via Clerk; protect routes with middleware
- Supabase schema uses RBAC; policies enforced
- Stripe payments handled server-side with webhook verification
- Markdown rendering with a safe parser; sanitize user input
- AI SEO hints baked into page metadata; avoid black-hat practices
- Do not import client-only libraries in server code
Security and Production Rules
- Store secrets in environment variables; never commit keys
- Use CSRF tokens for state-changing requests
- Enforce strict Content Security Policy
- Signed cookies for sessions in Next.js
- Audit admin actions; monitor for anomalies
Testing Checklist
- Unit tests for utilities and data mappers
- Integration tests for auth, Stripe checkout, and newsletter flows
- End-to-end tests for blog publish and analytics events
- Performance tests for SSR rendering of posts
Common Mistakes to Avoid
- Skipping RBAC or exposing admin endpoints
- Hardcoding secrets in frontend code
- Overloading API routes with client logic
- Lack of type safety across API boundaries
Related implementation resources: AI Use Case for Software Agencies Using Github Copilot To Accelerate Boilerplate Code Generation for New Client Mvps and Designing secure Server Actions with mandatory input schema validations at the server boundary.
FAQ
What stack does this CLAUDE.md Template cover?
Next.js with TypeScript, Supabase, Clerk, Stripe, AI SEO, a markdown editor, newsletter, and analytics.
How do I start using the template?
Copy the CLAUDE.md block from the Copyable CLAUDE.md Template section and paste into CLAUDE.md in your project. Then install dependencies and configure services.
Which files are created by the template?
Next app skeleton, auth with Clerk, Stripe checkout, Supabase schema, API routes, markdown editor, and newsletter/analytics hooks.
What are the security considerations?
Store secrets in environment variables, restrict API routes, use role-based access, validate inputs, and avoid exposing keys in code.
Can I adapt this for a different stack?
Yes, but you should adjust the CLAUDE.md template accordingly and update the project structure and integrations.