The 80-Line CLAUDE.md Replacing a 4-Hour Claude Course

You bought the course. You installed Claude Code. Day one felt like magic. Day three it imported libraries not in your package.json, rewrote the auth handler when you asked for a typo fix, and generated a Prisma schema for tables that don't exist. That's not a demo trick failing — that's a missing file.
Every serious Claude Code setup lives or dies on a single markdown file at the repo root: CLAUDE.md. It's the instruction manual Claude reads before every response. No file, no context. No context, hallucination. I've been running the same 80-line version across three production products for 90 days — an invoicing platform, an internal ops bot, and a lead-gen tool. Different stacks, different clients, one file shape. Here's exactly what's in it and why the six lines that matter most are the entire course.
Why courses spend 4 hours and skip the one file that matters
Most Claude Code walkthroughs burn 3+ hours on install screens, VS Code themes, MCP server tours, and philosophical takes on why AI matters. Zero minutes on CLAUDE.md. The reason is simple: install steps are easy to film and easy to sell. A production instruction file is the output of failure — you only know what belongs in it after Claude has broken something you had to roll back.
That's why the file took me four rewrites over six months to land. Each forbidden line in my current version maps to a specific incident. Raw SQL migration in a Prisma repo? Rollback #1. Silent npm install of a validation library we don't use? Rollback #2. Auth handler rewritten on a "fix the typo in the error message" prompt? Rollback #3. The courses don't have the scars because they never shipped a production feature under a real client SLA.
Anthropic actually documents this pattern in the Claude Code memory docs — CLAUDE.md at repo root is loaded automatically into context. The documentation exists. Nobody teaches what to put in it.
The five sections of an 80-line CLAUDE.md
Five sections, no more. Every section earns its lines by preventing a specific hallucination class. Here's the actual skeleton I ship on every project:
# Project: Fakturko API
## 1. Context
Node backend serving an invoicing API for SMB clients.
Status: production, live customers, revenue-generating.
Audience: non-technical business owners via a React frontend.
## 2. Stack (pinned)
- Node 20.11 LTS
- TypeScript 5.4, strict mode
- Fastify 4.26
- Prisma 5.7 (migrations, not raw SQL)
- Postgres 15
- Vitest 1.4 for unit, Playwright 1.42 for e2e
## 3. Forbidden without explicit approval
- Never run `prisma migrate deploy` or `prisma db push`
- Never modify files in `/prisma/migrations/**`
- Never install a new npm dependency — ask first
- Never rename or remove env vars in `.env.example`
- Never touch `/src/billing/**` without a "human-reviewed" comment
- Never write raw SQL migrations — use Prisma schema only
- Never change `tsconfig.json` `strict` or `paths`
- If a change touches >3 files OR any forbidden path, stop and ask
## 4. Verify commands (exact)
- `npm run test:unit`
- `npm run test:e2e`
- `npm run lint:fix`
- `npm run typecheck`
- `npm run build`
## 5. Commit style
- Conventional Commits: `feat:`, `fix:`, `chore:`, `refactor:`
- Every message ends with `[TICKET-123]` or `[no-ticket]`
- One logical change per commit — no mixed refactors
That's it. Eighty lines with whitespace. No YAML frontmatter, no cute markdown tricks, no links to a Notion page Claude can't read.
Why each section exists
- Context sets the stakes so Claude treats a live billing repo differently than a weekend prototype.
- Stack kills version-drift hallucinations — the moment you write "Node" without a number, Claude assumes latest and generates syntax you don't support.
- Forbidden is your rollback log turned into policy.
- Verify stops Claude inventing scripts that aren't in your
package.json. - Commit style saves ~2 hours/week reviewing git history when Claude batches changes.
The six lines that carry 80% of the weight
If you're not going to write the full file today, write these six. This is the minimum viable version I hand to clients on a Loom call when we don't have an hour:
# Project
This is a [Node/Python/Go] service in production. Real users, real money.
# Stack
Node 20, Postgres 15, Prisma 5.7, Fastify 4, TypeScript strict.
# Forbidden
- Never run migrations, never install deps, never touch /billing or /auth without asking.
# Verify
Run: npm run test:unit && npm run lint && npm run typecheck.
# Commits
Conventional Commits + [TICKET-ID] or [no-ticket] suffix.
# Ask-before rule
If a change touches >3 files or any forbidden path, stop and ask before writing code.
The ask-before rule is the one most people skip. It's the single line that turns Claude from a caffeinated intern into a senior engineer. Without it, Claude finishes tasks. With it, Claude checks in when the blast radius is unclear — which is exactly what a good contractor does.
Live demo: same repo, same prompt, file on vs file off
I ran this test on a fresh clone of the invoicing repo. Prompt: "Add a discount_percent field to invoices."
File deleted, no CLAUDE.md:
- Claude opened the DB, decided to write a raw SQL migration
- Proposed
/db/migrations/2026_add_discount.sql— a folder that doesn't exist - Imported
joifor validation — we usezod - Added the field but skipped the TypeScript type update
- Two hallucinations, one silent bug, 30 seconds elapsed
Same clone, CLAUDE.md restored:
- Claude paused ~2 seconds reading the file
- Opened
/prisma/schema.prisma(correct file) - Proposed a schema change, not a migration file
- Stopped before running
prisma migrate devand asked for approval - Added the
zodschema in the right validator module - Ran
npm run typecheckwhen done — the exact command from section 4
Same model. Same prompt. Same repo state. The only variable was 80 lines of markdown. That's the entire lesson.
Comparison: course setup vs CLAUDE.md setup
I mapped what the top three Claude Code courses cover against what actually determines shipping quality. Numbers below are from my own client projects over 90 days:
| Concern | 4-hour course focus | CLAUDE.md focus | Prod incidents/mo |
|---|---|---|---|
| Install + auth | ~40 min | 0 min | 0 either way |
| VS Code themes / keybinds | ~25 min | 0 min | 0 either way |
| MCP server tour | ~35 min | 0 min | 0 either way |
| "Why AI matters" intro | ~20 min | 0 min | 0 either way |
| Version pinning | 0 min | 6 lines | 4 → 0 |
| Forbidden paths | 0 min | 8 lines | 6 → 1 |
| Verify commands | ~5 min (generic) | 5 exact commands | 3 → 0 |
| Ask-before threshold | 0 min | 1 line | 5 → 0 |
The ROI is not close. The courses aren't wrong — they're just optimized for people who haven't shipped yet. The moment you have a live client, the file is the whole game.
Common mistakes when writing your first CLAUDE.md
The first version most people write is too long, too vague, or written like a pitch deck. Three patterns I see on every client audit:
- Marketing prose in section one. "Our mission is to empower small businesses…" Claude doesn't need mission statements. It needs stakes. Write "production, revenue-generating, live customers" and move on.
- Forbidden list written in the abstract. "Be careful with migrations" does nothing. "Never run
prisma migrate deploy" is a rule Claude can actually enforce. Every forbidden line must be a shell command or a file path glob. - Missing the ask-before rule. Without a stop condition, Claude will finish. Finishing on a 15-file refactor at 11pm on a Friday is how prod goes down.
One more anti-pattern: don't put secrets, API keys, or client-identifying info in CLAUDE.md. It's committed to the repo. Treat it like a README, not a .env.
Why bizflowai.io helps with this
The CLAUDE.md pattern is the same shape we use when we build automation systems for small business clients at bizflowai.io — a tight instruction file per workflow that pins the stack, forbids the dangerous actions, and forces the agent to stop and ask before it touches anything with money or auth. It's the difference between an agent that ships client work for 90 days without incident and one that quietly rewrites your billing logic on a Tuesday afternoon.
Want more like this?
I publish practical AI automation, GenAI engineering, and faceless content workflows on YouTube every week.
Subscribe to bizflowai.io on YouTube — never miss a new tutorial.
Planning an AI automation project or need a second opinion on your architecture?
Connect with me on LinkedIn — Lazar Milicevic, GenAI Engineer & bizflowai.io Founder.
Visit bizflowai.io for our services, case studies, and AI consulting.
Frequently asked questions
What is a CLAUDE.md file?
CLAUDE.md is a markdown file placed at the root of your project that Claude Code reads before every response. It acts as an instruction manual providing project context, so Claude doesn't hallucinate libraries, migrations, or code patterns. Without this file, Claude lacks the context it needs and tends to invent imports, rewrite unrelated code, or generate schemas for tables that don't exist.
What sections should a CLAUDE.md file contain?
A production-ready CLAUDE.md has five sections in about 80 lines: project context (what it does, stage, users), stack (exact versions like Node 20, Prisma 5.7), forbidden patterns (things Claude cannot do without permission), test commands (exact shell commands for tests, lint, build), and commit style (conventions and ticket ID rules). Each section is short, specific, and factual.
Why do version numbers matter in CLAUDE.md?
Exact version numbers matter because if you write "Node" without a version, Claude assumes the latest release, which may include features your codebase doesn't use. The same applies to tools like Prisma, where different versions use different migration syntax. Pinning versions like Node 20, Postgres 15, or Prisma 5.7 prevents Claude from suggesting incompatible code or commands.
How do I stop Claude Code from breaking production code?
Add a "forbidden patterns" section to your CLAUDE.md listing actions Claude cannot take without explicit permission. Examples: never run prisma migrate deploy, never modify migration files, never install new dependencies without asking, never change environment variable names, never touch the billing module without human review. Build this list from real incidents where Claude previously broke something.
What happens when you use Claude Code without a CLAUDE.md?
Without a CLAUDE.md, Claude Code lacks project context and hallucinates. In a demonstrated test, asking Claude to add an invoice field caused it to propose raw SQL migrations in a folder that didn't exist (the project used Prisma) and import an unused validation library, producing two hallucinations within 30 seconds. Adding the CLAUDE.md eliminated both errors on the same prompt.