CLAUDE.md TemplatesTemplate
CLAUDE.md Template: Next.js + TypeScript Resume Builder with Supabase, Clerk, Stripe (CLAUDE.md template)
CLAUDE.md template page for a full-stack AI Resume Builder SaaS using Next.js and TypeScript with Supabase, Clerk, and Stripe, including resume scoring, templates, and exports.
CLAUDE.md templateNext.jsTypeScriptSupabaseClerkStripeResume BuilderExportTemplatesResume scoringCLAUDE CodeSaaS
Target User
Developers building a complete AI Resume Builder SaaS stack
Use Cases
- Build a multi-tenant AI resume builder
- Generate resumes and cover letters
- Manage templates and exports
- Integrate resume scoring
- Handle payments via Stripe
Markdown Template
CLAUDE.md Template: Next.js + TypeScript Resume Builder with Supabase, Clerk, Stripe (CLAUDE.md template)
# CLAUDE.md
Project role: You are an automation and engineering assistant building a complete AI Resume Builder SaaS using Next.js, TypeScript, Supabase, Clerk, Stripe. Your output must be production-grade, repeatable, and copy-pasteable for Claude Code.
Architecture rules:
- Build a Next.js app (App Router) with TypeScript, hosted behind Clerk authentication and Stripe payments.
- Use Supabase for authentication, data, and storage with Row-Level Security (RLS).
- Use Clerk for UI authentication and session management; protect API routes.
- Implement resume scoring, cover letter generation, templates, and export (PDF/JSON) capabilities.
- Data flows: client -> API routes -> Supabase / stripe webhooks; avoid client secrets in browser code.
- Separate concerns: domain logic in src/domain, infra in src/infra, UI in src/ui.
File structure rules:
- Place all source under src/ with subfolders: app, components, lib, services, models, styles.
- API routes live under src/app/api (or src/pages/api if you prefer) and are fully typed.
- Provide a single source of truth for data models and validation.
Authentication rules:
- Use Clerk middleware to require authentication for sensitive endpoints.
- Store session tokens securely; do not expose API keys to the client.
- Implement role-based access for admin vs user features.
Database rules:
- Use Supabase Postgres; enable Row Level Security on relevant tables: users, resumes, templates, cover_letters, exports, scores.
- Enforce tenant isolation via a tenant_id column; ensure queries filter by tenant_id.
- Index critical fields: user_id, tenant_id, resume_id, template_id.
Validation rules:
- Use Zod to validate all input payloads (server and API).
- Enforce required fields for resume and cover letter creation (name, email, experience, skills, summary, template_id).
- Validate export formats (pdf, json, txt) and ensure consistent payload structures.
Security rules:
- Do not embed secrets in client code; store them in environment variables.
- Validate Stripe webhooks using signature verification.
- Sanitize all inputs and apply server-side validation before DB writes.
- Use CSRF protection for unsafe state-changing operations.
Testing rules:
- Unit test domain logic (scoring, template selection) with Vitest.
- Integration tests for REST/GraphQL endpoints; mock Stripe/webhook events.
- E2E tests with Playwright for signup, resume creation, and export flows.
- Ensure 95%+ code coverage for critical modules.
Deployment rules:
- Deploy to Vercel or similar; configure environment variables (SUPABASE_URL, SUPABASE_ANON_KEY, CLERK_FRONTEND_API, STRIPE_WEBHOOK_SECRET, STRIPE_SECRET_KEY).
- Enable Preview Deployments; wire Stripe webhooks to the deployment environment.
- Use CI to run tests and type checks before merging to main.
Things Claude must not do:
- Do not reveal secrets in client bundles.
- Do not bypass Clerk authentication or circumvent API route protections.
- Do not skip tenant isolation checks.
- Do not rely on client side validation as the sole validation layer.Overview
A CLAUDE.md template for building a complete AI Resume Builder SaaS using Next.js, TypeScript, Supabase, Clerk, Stripe, resume scoring, templates, and exports. It includes a copyable CLAUDE.md block you can paste into CLAUDE.md to scaffold the stack for production use.
Direct answer: This CLAUDE.md template delivers a production-ready blueprint for a multi-tenant Next.js + TypeScript SaaS with authentication (Clerk), data (Supabase), payments (Stripe), resume scoring, templates, and export workflows, with concrete Claude Code instructions and a ready-to-paste project blueprint.
When to Use This CLAUDE.md Template
- You are building a multi-tenant AI resume builder SaaS with Next.js and TypeScript.
- You plan to use Supabase for data, Clerk for authentication, and Stripe for payments.
- You need resume scoring, cover letter generation, templates, and export (PDF/JSON) capabilities.
- You want a copyable CLAUDE.md block that bootstraps architecture, DB schema, and validation rules.
- You want stack-specific project structure and security guidance ready for production.
Copyable CLAUDE.md Template
# CLAUDE.md
Project role: You are an automation and engineering assistant building a complete AI Resume Builder SaaS using Next.js, TypeScript, Supabase, Clerk, Stripe. Your output must be production-grade, repeatable, and copy-pasteable for Claude Code.
Architecture rules:
- Build a Next.js app (App Router) with TypeScript, hosted behind Clerk authentication and Stripe payments.
- Use Supabase for authentication, data, and storage with Row-Level Security (RLS).
- Use Clerk for UI authentication and session management; protect API routes.
- Implement resume scoring, cover letter generation, templates, and export (PDF/JSON) capabilities.
- Data flows: client -> API routes -> Supabase / stripe webhooks; avoid client secrets in browser code.
- Separate concerns: domain logic in src/domain, infra in src/infra, UI in src/ui.
File structure rules:
- Place all source under src/ with subfolders: app, components, lib, services, models, styles.
- API routes live under src/app/api (or src/pages/api if you prefer) and are fully typed.
- Provide a single source of truth for data models and validation.
Authentication rules:
- Use Clerk middleware to require authentication for sensitive endpoints.
- Store session tokens securely; do not expose API keys to the client.
- Implement role-based access for admin vs user features.
Database rules:
- Use Supabase Postgres; enable Row Level Security on relevant tables: users, resumes, templates, cover_letters, exports, scores.
- Enforce tenant isolation via a tenant_id column; ensure queries filter by tenant_id.
- Index critical fields: user_id, tenant_id, resume_id, template_id.
Validation rules:
- Use Zod to validate all input payloads (server and API).
- Enforce required fields for resume and cover letter creation (name, email, experience, skills, summary, template_id).
- Validate export formats (pdf, json, txt) and ensure consistent payload structures.
Security rules:
- Do not embed secrets in client code; store them in environment variables.
- Validate Stripe webhooks using signature verification.
- Sanitize all inputs and apply server-side validation before DB writes.
- Use CSRF protection for unsafe state-changing operations.
Testing rules:
- Unit test domain logic (scoring, template selection) with Vitest.
- Integration tests for REST/GraphQL endpoints; mock Stripe/webhook events.
- E2E tests with Playwright for signup, resume creation, and export flows.
- Ensure 95%+ code coverage for critical modules.
Deployment rules:
- Deploy to Vercel or similar; configure environment variables (SUPABASE_URL, SUPABASE_ANON_KEY, CLERK_FRONTEND_API, STRIPE_WEBHOOK_SECRET, STRIPE_SECRET_KEY).
- Enable Preview Deployments; wire Stripe webhooks to the deployment environment.
- Use CI to run tests and type checks before merging to main.
Things Claude must not do:
- Do not reveal secrets in client bundles.
- Do not bypass Clerk authentication or circumvent API route protections.
- Do not skip tenant isolation checks.
- Do not rely on client side validation as the sole validation layer.Recommended Project Structure
src/
app/
layout.tsx
page.tsx
/resume/
page.tsx
components/
lib/
supabaseClient.ts
clerkClient.ts
stripeClient.ts
models/
resume.ts
user.ts
services/
scoring/
score.ts
heuristics.ts
exports/
exportService.ts
styles/
globals.css
Core Engineering Principles
- Domain-driven, typed design with a clear domain boundary and single source of truth for data and rules.
- TypeScript-first development with strict typing and runtime validation (Zod).
- Separation of concerns: domain, infra, and UI layers; API layer is a thin, typed surface.
- Security-by-default: enforce RBAC, tenant isolation, input validation, and secret management.
- Observability: structured logs, metrics, and tracing for API and background tasks.
- E2E-tested features with reliable mocks for external services.
Code Construction Rules
- Define domain models in a dedicated domain layer; keep UI logic out of domain code.
- Use strict TS config and ESLint with actionable rules; enable noUnusedLocals and noImplicitOverride.
- Validate all inputs on the server using Zod; never rely on client-side validation for security.
- Implement Row-Level Security in Supabase and always include tenant_id in queries.
- Use server-side APIs for Stripe webhooks and sensitive operations; avoid client secrets in the frontend.
- Keep API routes stateless and idempotent where possible; implement proper error handling.
- Use a single export path for resumes and letters in a consistent format (PDF/JSON) with a stable API surface.
- Document APIs and user flows in the CLAUDE.md template for easy onboarding.
Security and Production Rules
- Enforce Row-Level Security on all multi-tenant tables; require tenant_id in all writes and reads.
- Validate Stripe webhooks with signature verification and store only safe event data.
- Never expose API keys or secrets to the client; rely on environment variables.
- Use CSRF protection for state-changing operations and authenticated endpoints.
- Enable HSTS, TLS, and secure cookies for all environments.
- Rotate keys periodically and use separate keys per environment.
Testing Checklist
- Unit tests for scoring logic and template selection with Vitest.
- Integration tests for resume, cover letter, and export APIs; mock external services.
- E2E tests for signup, resume creation, and export flows with Playwright.
- Static type checks and linting in CI; ensure 95%+ coverage on critical modules.
- Test migrations and DB schema changes in a staging environment.
Common Mistakes to Avoid
- Skipping tenant isolation or failing to filter by tenant_id in every query.
- Storing secrets in frontend code or exposing keys via environment variables in client bundles.
- Relying solely on client-side validation for security or data integrity.
- Overloading API routes with business logic; keep domain logic in the domain layer.
- Ignoring accessibility and responsive design in UI components.
Related implementation resources: AI Use Case for Software Agencies Using Github Copilot To Accelerate Boilerplate Code Generation for New Client Mvps and Designing secure Server Actions with mandatory input schema validations at the server boundary.
FAQ
- Q: What is this CLAUDE.md template for?
A: It provides a production-ready blueprint to build a multi-tenant AI resume builder SaaS using Next.js, TypeScript, Supabase, Clerk, Stripe, resume scoring, templates, and export workflows. - Q: Which stack does this template cover?
A: Next.js with App Router and TypeScript, Supabase, Clerk, Stripe, plus features for resume scoring, cover letters, templates, and exports. - Q: How do I use the included CLAUDE.md block?
A: Copy the block under Copyable CLAUDE.md Template and paste it into CLAUDE.md to bootstrap architecture, rules, and file layout for your project. - Q: How is multi-tenancy enforced?
A: Tenant isolation is enforced via a tenant_id column and Row-Level Security in Supabase; all queries must filter by tenant_id. - Q: What about security and deployment?
A: Use environment variables, validate Stripe webhooks, implement CSRF protections, and configure secure deployments with proper Stripe webhooks and env vars.