Full-Stack SaaS Template — CLAUDE.md Template

Add to Claude Code

265 adds

Install this CLAUDE.md template.
Name: Full-Stack SaaS Template
Save to: ./CLAUDE.md in the current project

---
# CLAUDE.md — Full-Stack SaaS

## Project overview
<!-- Brief description. Example: B2B project management tool with Stripe subscriptions. -->

## Monorepo structure
```
apps/
  web/          # Next.js 15 frontend (port 3000)
  api/          # Express/Hono backend (port 4000)
packages/
  db/           # Prisma schema + client (shared)
  ui/           # Shared component library
  utils/        # Shared TypeScript utilities
```

## Tech stack
| Layer         | Technology                          |
|---------------|-------------------------------------|
| Frontend      | Next.js 15, TypeScript, Tailwind v4 |
| Backend       | Hono (Node 22), Zod                 |
| Database      | PostgreSQL, Prisma ORM              |
| Auth          | NextAuth v5 + JWT API tokens        |
| Billing       | Stripe (Checkout + Webhooks)        |
| Email         | Resend                              |
| Monorepo      | Turborepo + npm workspaces          |

## Development commands
```bash
npm run dev               # start all apps in parallel
npm run dev --filter=web  # start only frontend
npm run build             # build all packages
npm run test              # run all test suites
npm run db:migrate        # run Prisma migrations
npm run db:seed           # seed demo data
npm run stripe:listen     # forward Stripe webhooks locally
```

## Multi-tenancy model
- Every resource belongs to an `Organization`
- The `organizationId` is validated on **every** DB query — never skip this
- Use the `withOrg(organizationId)` Prisma extension (in `packages/db`) which auto-appends the tenant filter
- Row-level security is enforced in Postgres as a secondary safety net

## Stripe integration
- **Checkout**: `POST /api/billing/create-checkout` → redirect to Stripe
- **Portal**: `POST /api/billing/create-portal` → redirect to Stripe
- **Webhooks**: `POST /api/webhooks/stripe` — always verify the signature
- Subscription status is cached in `Organization.subscriptionStatus`
- Re-sync via `npm run billing:sync` if the cache drifts

## Critical rules
1. Never access DB without a tenant filter (`organizationId`)
2. Always verify Stripe webhook signatures before trusting event data
3. Never log PII (emails, names) in production
4. API tokens (Bearer) and session cookies are separate auth flows — don't conflate them
5. Use `packages/ui` components; don't create one-off UI in `apps/web`

## Environment variables (root `.env`)
```
DATABASE_URL=
NEXTAUTH_SECRET=
GITHUB_ID=
GITHUB_SECRET=
STRIPE_SECRET_KEY=
STRIPE_WEBHOOK_SECRET=
RESEND_API_KEY=
NEXT_PUBLIC_APP_URL=http://localhost:3000
```

Paste into Claude Code to add this template. Back up any existing CLAUDE.md first.

Share View raw →