CLAUDE.md TemplatesCLAUDE.md Template

CLAUDE.md Template - SvelteKit + Cloudflare D1 + Lucia Auth + Drizzle ORM Edge Router | CLAUDE.md template

A CLAUDE.md template page for SvelteKit at the edge using Cloudflare D1, Lucia Auth, Drizzle ORM, and Edge Router. Includes a copyable CLAUDE.md block.

CLAUDE.md templateSvelteKitCloudflare D1Lucia AuthDrizzle ORMEdge RouterClaude Codeedge deploymentCloudflare WorkersEdge Runtime

Target User

Developers building a SvelteKit app on Cloudflare Edge with D1, Lucia Auth, Drizzle ORM, and Edge Router

Use Cases

  • Rapidly scaffold a full stack SvelteKit app at the edge
  • Implement authentication with Lucia Auth and D1
  • Model data with Drizzle ORM on Cloudflare D1
  • Leverage Edge Router for low latency deployments

Markdown Template

CLAUDE.md Template - SvelteKit + Cloudflare D1 + Lucia Auth + Drizzle ORM Edge Router | CLAUDE.md template

# CLAUDE.md

Project Role: You are a senior SvelteKit engineer building a cloud native app at the edge using Cloudflare D1, Drizzle ORM, Lucia Auth, and Edge Router.

Architecture Rules:
- Run at the Cloudflare edge using the SvelteKit adapter and Edge Router
- Cloudflare D1 as the primary database; Drizzle ORM is used for models and migrations
- Lucia Auth handles authentication; support signup, login, and protected routes
- All business logic lives in src/lib and API boundaries in src/routes
- Use environment vars for secrets; never commit credentials
- Favor stateless SSR where possible; use cached data for hot paths

File Structure Rules:
- src/routes for pages and endpoints
- src/lib/db.ts for D1 client and Drizzle integration
- src/lib/auth.ts for Lucia setup and session handling
- drizzle/ with drizzle.config.ts and migrations/
- components/ for UI primitives; hooks/ for utilities
- +layout.server.ts and +page.server.ts for server side logic
- wrangler.toml for edge deployment

Authentication Rules:
- Lucia Auth with D1 adapter; secure cookie handling for sessions
- Hash passwords with a strong algorithm; never store plain text
- Protect private endpoints with isAuthenticated redirects
- Implement CSRF protection for mutating requests

Database Rules:
- Define User and Session models with Drizzle; migrations tracked in drizzle/migrations
- Use D1 connection from src/lib/db.ts; use pool if available
- Enforce unique emails for users; index email field

Validation Rules:
- Validate all inputs with a strict schema (eg. zod) in server routes
- Normalize and trim strings; reject invalid data early

Security Rules:
- HttpOnly, Secure, SameSite=strict cookies for sessions
- Do not expose DB credentials or secrets in client
- Validate origin and disable unnecessary headers in edge responses
- Do not bypass SSR boundaries or expose internal endpoints

Testing Rules:
- Unit tests for utilities and validation schemas
- Integration tests for signup, login, and protected routes
- End-to-end checks using a lightweight test server if feasible

Deployment Rules:
- Deploy to Cloudflare Workers via wrangler
- Use edge routing patterns for path prefixes
- Ensure environment variables are supplied in the Cloudflare deployment

Things Claude Must Not Do:
- Do not use insecure libraries or remote code execution patterns
- Do not store secrets in repo or commit histories
- Do not bypass Lucias auth checks or skip session validation
- Do not hard code D1 credentials or connection strings

Overview

Direct answer: This CLAUDE.md template is crafted for a SvelteKit app deployed at the Cloudflare edge, backed by Cloudflare D1, using Drizzle ORM for data modeling, and Lucia Auth for authentication, with Edge Router handling routing. It provides concrete Claude Code instructions you can paste directly into CLAUDE.md to generate a complete, production-ready implementation.

When to Use This CLAUDE.md Template

  • You need an edge-first SvelteKit app with minimal cold start and latency.
  • You require a relational data store on Cloudflare D1 managed via Drizzle ORM migrations.
  • You want robust authentication with Lucia Auth and sessions stored in secure cookies.
  • You deploy behind Cloudflare Edge Router and expose a clean API surface in src/routes.
  • You want a repeatable pattern that can be pasted into CLAUDE.md and extended safely.

Copyable CLAUDE.md Template

# CLAUDE.md

Project Role: You are a senior SvelteKit engineer building a cloud native app at the edge using Cloudflare D1, Drizzle ORM, Lucia Auth, and Edge Router.

Architecture Rules:
- Run at the Cloudflare edge using the SvelteKit adapter and Edge Router
- Cloudflare D1 as the primary database; Drizzle ORM is used for models and migrations
- Lucia Auth handles authentication; support signup, login, and protected routes
- All business logic lives in src/lib and API boundaries in src/routes
- Use environment vars for secrets; never commit credentials
- Favor stateless SSR where possible; use cached data for hot paths

File Structure Rules:
- src/routes for pages and endpoints
- src/lib/db.ts for D1 client and Drizzle integration
- src/lib/auth.ts for Lucia setup and session handling
- drizzle/ with drizzle.config.ts and migrations/
- components/ for UI primitives; hooks/ for utilities
- +layout.server.ts and +page.server.ts for server side logic
- wrangler.toml for edge deployment

Authentication Rules:
- Lucia Auth with D1 adapter; secure cookie handling for sessions
- Hash passwords with a strong algorithm; never store plain text
- Protect private endpoints with isAuthenticated redirects
- Implement CSRF protection for mutating requests

Database Rules:
- Define User and Session models with Drizzle; migrations tracked in drizzle/migrations
- Use D1 connection from src/lib/db.ts; use pool if available
- Enforce unique emails for users; index email field

Validation Rules:
- Validate all inputs with a strict schema (eg. zod) in server routes
- Normalize and trim strings; reject invalid data early

Security Rules:
- HttpOnly, Secure, SameSite=strict cookies for sessions
- Do not expose DB credentials or secrets in client
- Validate origin and disable unnecessary headers in edge responses
- Do not bypass SSR boundaries or expose internal endpoints

Testing Rules:
- Unit tests for utilities and validation schemas
- Integration tests for signup, login, and protected routes
- End-to-end checks using a lightweight test server if feasible

Deployment Rules:
- Deploy to Cloudflare Workers via wrangler
- Use edge routing patterns for path prefixes
- Ensure environment variables are supplied in the Cloudflare deployment

Things Claude Must Not Do:
- Do not use insecure libraries or remote code execution patterns
- Do not store secrets in repo or commit histories
- Do not bypass Lucias auth checks or skip session validation
- Do not hard code D1 credentials or connection strings

Recommended Project Structure

/my-app
├── package.json
├── wrangler.toml
├── drizzle
│   ├── drizzle.config.ts
│   └── migrations/
├── src
│   ├── routes
│   │   ├── +page.svelte
│   │   ├── +page.server.ts
│   │   └── api
│   │       └── [id].ts
│   ├── components
│   │   └── UI
│   ├── lib
│   │   ├── db.ts
│   │   └── auth.ts
│   ├── hooks.server.ts
│   └── app.css
└── README.md

Core Engineering Principles

  • Edge-first design with deterministic deployment and cold start considerations
  • Strong typing and explicit contracts between server and client
  • Clear separation of concerns between data access, auth, and UI
  • Idempotent migrations and migration-safe schemas
  • Secure by default; minimize surface area exposed to clients

Code Construction Rules

  • Use TypeScript throughout; strictly type route handlers and models
  • All data access via Drizzle ORM models defined under src/lib/db.ts
  • Authentication via Lucia Auth with D1 adapter; protect protected routes in +server.ts
  • Keep business logic in src/lib; UI in src/routes/+page.svelte and components
  • Endpoint handlers in src/routes/api and use request.locals for user data
  • Validate all input with a strict schema before processing
  • Do not bypass edge router boundaries; do not hard code URLs

Security and Production Rules

  • Use HttpOnly Secure SameSite cookies for sessions
  • Store secrets in environment variables; do not commit them
  • Enable CSRF protection for state changing requests
  • Audit logs in production; avoid leaking stack traces to clients
  • Lock down endpoints; return minimal error information

Testing Checklist

  • Unit tests for validators and small utilities
  • Integration tests for authentication flows and protected routes
  • Migration tests to ensure Drizzle migrations apply correctly
  • End-to-end checks for login, data access, and logout behavior

Common Mistakes to Avoid

  • Relying on client-side validation for security critical rules
  • Storing credentials or secrets in code or repo history
  • Neglecting edge specific constraints and latency issues
  • Overusing global state or localStorage for session data

FAQ

Q: What stack does this CLAUDE.md template target?

A: SvelteKit at the Cloudflare edge with Cloudflare D1, Drizzle ORM, Lucia Auth, and Edge Router.

Q: How do I use the copyable CLAUDE.md block?

A: Copy the code block under Copyable CLAUDE.md Template and paste it into CLAUDE.md in your project.

Q: How do I deploy to Cloudflare?

A: Use wrangler publish after configuring wrangler.toml with your account and environment variables.

Q: How do I add a new model or endpoint?

A: Extend Drizzle models in drizzle/config and add corresponding route handlers in src/routes/api. Run migrations to apply changes.

Q: How is authentication secured?

A: Lucia Auth with D1, secure cookies, and CSRF protection for mutating requests.