Claude Code Governance Templates
Ready-to-use governance templates for Claude Code, organized by tech stack.
Rules load automatically on every session: no prompting required.
If this saves you time, consider giving it a β: it helps others find the project.
Why this exists
Without structure, Claude Code generates inconsistent code, ignores your conventions, and repeats the same mistakes across sessions. This project fixes that with a hierarchy of CLAUDE.md files that load automatically: no prompting required.
What you get:
- Consistent code that respects your architecture and naming conventions
- Security rules enforced by default (no IDOR, no raw SQL, no hardcoded secrets)
- Cost control: precise diffs instead of full rewrites, right model for the right task
- Behavior adapted to the developer's experience level (Junior β Tech Lead)
Installation
Via plugin marketplace (recommended):
/plugin marketplace add datallmhub/claude-governance
/plugin install claude-governance
Then run /setup in any project: select your stack, governance files are copied automatically, and rules inject at every session start.
Local / development:
git clone https://github.com/datallmhub/claude-governance.git
claude --plugin-dir /path/to/claude-governance
Manual (no plugin):
- Copy the stack folder into your project root
- Update
CLAUDE.md with your project name and stack versions
- Copy
CLAUDE.local.md.example β CLAUDE.local.md (do not commit)
- Set your experience level in
dev-level.md
Available stacks
Java
| Stack | Folder | Status |
|---|
| Java (Spring Boot) + React (TypeScript) | java-react/ | β
Ready |
| Java (Spring Boot) + Angular | java-angular/ | π Coming |
| Java (Spring Boot) + Vue.js | java-vue/ | π Coming |
| Java (Spring Boot) API only | java-only/ | π Coming |
JavaScript / TypeScript
Python
| Stack | Folder | Status |
|---|
| Python (FastAPI) + React | python-fastapi-react/ | β
Ready |
| Python (Django) + React | python-django-react/ | π Coming |
| Python (FastAPI) API only | python-fastapi-only/ | π Coming |
.NET / Go / PHP
| Stack | Folder | Status |
|---|
| .NET (ASP.NET Core) + React | dotnet-react/ | π Coming |
| Go (Gin / Echo) + React | go-react/ | π Coming |
| Laravel + React | laravel-react/ | π Coming |
| Symfony + React | symfony-react/ | π Coming |
What's inside each template
<stack>/
βββ CLAUDE.md # Project context: always loaded
βββ CLAUDE.local.md.example # Personal overrides (copy locally, never commit)
βββ .claude/
β βββ settings.json # SessionStart hook: injects rules at session start
β βββ rules/
β β βββ backend.md # Backend rules: scoped to backend files only
β β βββ frontend.md # Frontend rules: scoped to frontend files only
β β βββ database.md # DB / migration rules
β β βββ testing.md # Testing standards
β β βββ security.md # Security rules: loaded on every file
β β βββ governance.md # Git, PR, versioning, release process
β β βββ dev-level.md # Behavior by experience level
β βββ architecture/
β βββ overview.md # System architecture + key decisions
β βββ api.md # REST API contract
β βββ data-model.md # Database schema
βββ samples/ # Code examples applying all the rules
Load order
~/.claude/CLAUDE.md β personal preferences (your machine)
./CLAUDE.md β project rules (committed, shared)
./CLAUDE.local.md β personal overrides (gitignored)
.claude/rules/*.md β scoped rules (loaded per file path)
Security
security.md loads on every file automatically. It enforces:
- No IDOR:
public_id UUID in all URLs, never internal sequential IDs
- No hardcoded secrets: all credentials via environment variables
- Safe tokens: JWT in memory, refresh token in
HttpOnly; Secure cookie
- Injection prevention: parameterized queries, input validated at system boundary
- CORS locked down: explicit origin whitelist, never
allowedOrigins("*")
Developer Experience Levels
One setting in dev-level.md: Claude adapts its verbosity automatically.
'%20stop-opacity%3D'0.16'%2F%3E%3Cstop%20offset%3D'1'%20stop-color%3D'rgb(200%2C90%2C60)'%20stop-opacity%3D'0.03'%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D'320'%20height%3D'200'%20fill%3D'url(%23g)'%2F%3E%3Ccircle%20cx%3D'250'%20cy%3D'56'%20r%3D'92'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.06'%2F%3E%3Ccircle%20cx%3D'64'%20cy%3D'172'%20r%3D'58'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.05'%2F%3E%3C%2Fsvg%3E)
lifedever
Marcel-Bich
poshan0126
rohitg00
hivellm
marshall0524