outbuild ← all apps

Building with Claude

Personal exploration of how to work with Claude Code — documenting learnings as I go for reference.

A working framework

Building apps
with Claude

At a glance — click any section to jump to detail

PRE
Prerequisites — CLAUDE.md
Set boundaries & guardrails before a single line of code
01 · Define
Define the idea
1.1Create the PRD
1.2Grill me
1.3Build plan
02 · Stack
Choose your stack
2.1Tech stack
2.2Tools & integrations
2.3Env & secrets
03 · Scaffold
Set up & scaffold
3.1GitHub repo
3.2Scaffold project
3.3Scaffold review
3.4Test suite
04 · Build
Build
4.1Chunk + review loop
4.2PRD drift check
4.3Error handling
4.4Security audit
4.5Pre-launch
Ongoing → Backlog

↓ scroll for detail  ·  use the nav bar to jump between phases

Detail — expand prompts as needed

Prerequisite — before you start
Create a CLAUDE.md file do this first
Claude Code reads CLAUDE.md automatically at the start of every session. Write your ground rules here once and they apply everywhere — no need to repeat them per conversation. Essential on a work laptop, shared machine, or any environment where unintended changes would be costly.
CLAUDE.md lives in your project root. It's the single best protection against vibe-coding landmines — set it up before a single line of code is written.
These are suggestions — not everything will apply to every project. Pick what's relevant and adapt to your setup, team, and tech stack.
File access
Scope restriction — only read and write files within a defined project folder. Never touch anything outside it.
Ask before editing — show what you plan to change and wait for confirmation. No silent edits.
No deleting files without asking — deletions are irreversible outside git.
Planning & transparency
Explain before doing — for any non-trivial action, explain what you're about to do, why, and what the risks are.
Ask, don't assume — ask clarifying questions rather than fill gaps with assumptions.
Be explicit about uncertainty — distinguish between Verified, Assumed, and Estimated. Never present a guess as a fact.
Don't claim something works unless it was tested — if it wasn't run, say so.
Change management
One thing at a time — make one change, confirm it works, then move on.
Prefer incremental, reversible changes — favour changes that can be undone over rewrites that can't.
Ask before significant changes — confirm before modifying many files, refactoring, changing auth, modifying DB schema, or replacing working functionality.
Prefer simple, maintainable solutions — avoid premature optimisation and unnecessary complexity.
Security
No secrets in code — never hardcode API keys, tokens, or credentials. Always use environment variables.
Warn before auth changes — flag any change to authentication, API keys, or tokens before touching them.
Dependencies
No package installs without asking — confirm before adding any dependency. On a work machine this can trigger security alerts.
Justify new dependencies — explain why it's needed, what alternatives were considered, and the tradeoffs. Keep the dependency set lean.
Git
No git pushes without asking — never run git push automatically. Confirm before anything leaves the local machine.
Use branches for significant work — descriptive names with fix/, feat/, or chore/ prefixes.
Never merge to main without permission — always get explicit sign-off before merging.
Completion summary
End every significant task with a summary — what changed and why, test results, known risks, what couldn't be verified, recommended next steps, and a confidence score (1–10).
"Help me create a CLAUDE.md file for my project. This file will set the ground rules for how you work in this codebase. Ask me a few questions first so the rules fit my situation — for example: am I on a work laptop or personal machine? Is this project in a shared repo or local only? Do I have a preferred tech stack or is that TBD? Are there any tools, APIs, or services I know I'll be using? Based on my answers, generate a CLAUDE.md covering the areas that are relevant: file access boundaries, how you should handle edits and confirmations, secrets and security rules, dependency management, git workflow, and how you should communicate uncertainty or summarise completed work. Note which rules are project-specific and which are general best practice, so I can update them easily as the project evolves."

Phase 01

Define the idea

1.1
Create the PRD
Ask Claude to generate a Product Requirements Document — have it ask clarifying questions to sharpen the idea before writing anything down.
"I want to build [idea]. Before writing the PRD, ask me any clarifying questions you need to fully understand the product. Then generate a PRD covering: goals, users, core features, out of scope, and success metrics."
1.2
Grill me
Pressure-test your brief. Claude interrogates what you've provided and surfaces anything missing or underspecified.
"Read the PRD above and grill me on it. What's underspecified, contradictory, or missing? Don't let me off the hook — push hard on anything vague."
1.3
Create a build plan
Separate from the PRD — defines how and in what order you'll build. Save as BUILDPLAN.md in your repo.
PRD = what you're building  ·  Build plan = how and in what order
"Based on this PRD, create a step-by-step build plan. Break it into logical chunks that can each be built and tested independently. Order them so each chunk builds on verified work. Save as BUILDPLAN.md."

Phase 02

Choose your stack

2.1
Tech stack conversation
Share your PRD and ask Claude to recommend a framework, database, and hosting. Let it justify choices against your requirements.
"Based on this PRD, recommend a tech stack — framework, database, hosting, and any key libraries. Justify each choice against the requirements. Flag any trade-offs I should know about."
2.2
Tools & integrations
Decide on specific third-party tools — Resend, Stripe, Clerk, etc. Write these back into the PRD before any code is written.
"I want to use [Resend / Stripe / Clerk / etc.] for [email / payments / auth]. Are these good fits for this stack? What else do I need to decide before we start building? Update the PRD with all confirmed tools."
2.3
Environment & secrets setup
Define all required environment variable names before any code runs. Claude needs to know the key names (not values) to reference them correctly.
A missing env variable will silently block everything downstream.
"List every environment variable this project will need based on our stack and integrations. Give me the variable names and what each is for. I'll supply the values — just make sure the code references them correctly everywhere."

Phase 03

Set up & scaffold

3.1
Create the GitHub repo
Set up your repository. Claude Code can do this for you if needed.
3.2
Scaffold the project
Ask Claude to build the empty structure — no content, just the skeleton. Verify it builds cleanly before writing a single feature.
"Scaffold the project based on our agreed stack. Empty structure only — no features, no placeholder content. It should build without errors and connect to GitHub. Include BUILDPLAN.md in the root."
3.3
Scaffold review
Before writing any features, ask Claude to review the empty scaffold — structure, dependencies, config. A bad scaffold silently breaks everything built on top.
"Review this scaffold before we start building. Check: folder structure, dependencies, config files, and environment variable wiring. Flag anything misconfigured or that will cause problems later."
3.4
Set up the test suite
Get a test suite in place before any features are written. Map critical user paths, write unit and integration tests, set up a test runner.
"Before we write any features, set up a test suite. Map the critical user paths from the PRD, write unit and integration tests covering those paths, and configure a test runner. Goal: every future chunk can be verified without manually clicking through everything."

Phase 04

Build

4.1
Chunk by chunk — with review loop
Paste one section of the build plan at a time. After each chunk, run the loop before committing.
The loop — repeat for every chunk
01 →
Build — one chunk from the build plan
02 →
Claude reviews — bugs, edge cases, security, PRD alignment
03 →
Run tests — suite should still pass after every chunk
04 →
You test manually — run it, click it, break it
05 →
Commit — every green chunk is a safe point to return to
"Review the code you just wrote. Check for: bugs, edge cases, security issues, anything that doesn't match the PRD, and anything that will cause problems for later chunks."
4.2
PRD drift check
Every few chunks, compare what's been built against the original PRD. Scope creep is silent — catch it before it gets expensive.
"Compare the current codebase against the original PRD. Flag: anything that drifts from the requirements, features added outside scope, and anything in the PRD we haven't addressed yet."
4.3
Error handling pass
At the end of each major feature, run a dedicated error handling pass. Always missing if you don't ask for it explicitly.
"Go through the code written so far and add proper error handling everywhere it's missing. Don't assume happy paths. Cover: failed API calls, missing data, auth errors, and unexpected user input."
4.4
Security & secrets audit review diffs
Dedicated security pass before pre-launch. Common landmines: hardcoded API keys, missing auth checks, no input validation, SQL injection openings, secrets in git history.
⚠ Do not auto-accept these changes. Review every diff manually.
"Do a focused security and secrets audit of the full codebase. Look for: → API keys or secrets hardcoded anywhere, especially client-side → Secrets that may have been committed to git history → Endpoints missing auth or authorisation checks → Missing or insufficient input validation → SQL injection or command injection openings → Any other obvious security gaps For each issue: show me where it is, explain the risk, and propose the fix. Don't auto-apply — I'll review each change before accepting."
4.5
Pre-launch checklist
Final sweep before shipping. Security covered by 4.4 — this catches everything else not production-ready.
"Do a full pre-launch review of the codebase. Assume a security audit has already been run. Check for: console.log statements, missing environment variables, hardcoded values that should be configurable, performance issues, and anything else not ready for production. Give me a prioritised list of what needs fixing."

Ongoing throughout

Running habits

The backlog
Maintain a BACKLOG.md in your repo — separate from the PRD and build plan. When a new idea surfaces mid-build, log it here instead of acting on it. Periodically ask Claude to organise it into waves so related changes are addressed together.
Backlog ≠ PRD. The PRD is the agreed spec. The backlog is everything you thought of after that.
Adding an item: "Add this to BACKLOG.md: [idea]. Don't implement it now — just log it." Organising into waves: "Review the backlog and organise it into waves — group related items together and order the waves so each one builds logically on the last. Flag any items that conflict with the PRD."
Building with Claude · v10 Prerequisites + 4 phases + ongoing

© 2026 Outbuild