You are not just building an app.<\/p>\n\n\n\n
You are building a repeatable engineering system<\/strong> where:<\/p>\n\n\n\n This tutorial gives you that system.<\/p>\n\n\n\n Most teams fail because they do one of these:<\/p>\n\n\n\n That creates fake speed.<\/p>\n\n\n\n Real speed comes from this sequence:<\/p>\n\n\n\n Use Claude when you need:<\/p>\n\n\n\n Claude Code is explicitly built around an agentic loop of gathering context, taking action, and verifying results, and it reads Use Codex when you need:<\/p>\n\n\n\n Official Codex guidance emphasizes durable repo instructions in Use this rule:<\/p>\n\n\n\n That is the cleanest operating model.<\/p>\n\n\n\n For a serious project, do not rely only on chat history.<\/p>\n\n\n\n Create these files in the repository root:<\/p>\n\n\n\n This is the contract<\/strong>.<\/p>\n\n\n\n It defines:<\/p>\n\n\n\n This is Claude\u2019s persistent repo memory that you write<\/strong>.<\/p>\n\n\n\n Official Claude Code docs say This is Codex\u2019s durable repo guide<\/strong>.<\/p>\n\n\n\n OpenAI\u2019s Codex docs recommend using This is the truth document<\/strong> before deployment.<\/p>\n\n\n\n It states:<\/p>\n\n\n\n This file is not mandated by the vendors. It is a high-value engineering practice.<\/p>\n\n\n\n This is where your original notes are already strong.<\/p>\n\n\n\n You wrote:<\/p>\n\n\n\n That is exactly the right backbone.<\/p>\n\n\n\n Before any code, answer these:<\/p>\n\n\n\n Prompt:<\/p>\n\n\n\n This is discovery, not implementation.<\/p>\n\n\n\n Your note said:<\/p>\n\n\n\n CLAUDE – READ my all of code without missing each file<\/p>\n<\/blockquote>\n\n\n\n That is exactly the right instinct.<\/p>\n\n\n\n But make it systematic.<\/p>\n\n\n\n Do not simply say \u201cread the codebase.\u201d<\/p>\n\n\n\n Instead:<\/p>\n\n\n\n Claude Code is explicitly designed to search files, understand codebases, and follow project instructions from Claude\u2019s official docs say Put in:<\/p>\n\n\n\n Do not put in:<\/p>\n\n\n\n For For OpenAI\u2019s docs position This is the center of the whole workflow.<\/p>\n\n\n\n If This part from your notes is gold.<\/p>\n\n\n\n After Do not<\/strong> code yet.<\/p>\n\n\n\n Ask Claude for a hard gate.<\/p>\n\n\n\n\n
\n\n\n\nPart 1 \u2014 The right mental model<\/h1>\n\n\n\n
Why most AI-assisted app builds fail<\/h2>\n\n\n\n
\n
\n
\n\n\n\nPart 2 \u2014 Divide responsibilities between Claude and Codex<\/h1>\n\n\n\n
Use Claude for these jobs<\/h2>\n\n\n\n
\n
CLAUDE.md<\/code><\/li>\n\n\n\nSPEC.md<\/code><\/li>\n\n\n\nCLAUDE.md<\/code> at the start of sessions as persistent project guidance. (Claude<\/a>)<\/p>\n\n\n\nUse Codex for these jobs<\/h2>\n\n\n\n
\n
AGENTS.md<\/code>, giving verification steps, running lint and pre-commit checks, and breaking complex work into smaller focused tasks. (OpenAI Developers<\/a>)<\/p>\n\n\n\nThe simplest split<\/h2>\n\n\n\n
\n
\n\n\n\nPart 3 \u2014 The file system of control<\/h1>\n\n\n\n
Myhospital\/\n CLAUDE.md\n AGENTS.md\n SPEC.md\n RELEASE_READINESS.md\n svc1\/\n CLAUDE.md\n svc2\/\n CLAUDE.md\n svc3\/\n CLAUDE.md\n svc4\/\n CLAUDE.md\n<\/code><\/pre>\n\n\n\nWhat each file does<\/h2>\n\n\n\n
SPEC.md<\/code><\/h3>\n\n\n\n\n
CLAUDE.md<\/code><\/h3>\n\n\n\nCLAUDE.md<\/code> is loaded at the start of every session and should contain things Claude cannot infer on its own, such as bash commands, code style, workflow rules, architecture decisions, and review expectations. They also recommend keeping it concise and using more specific files deeper in the directory tree when needed. (Claude<\/a>)<\/p>\n\n\n\nAGENTS.md<\/code><\/h3>\n\n\n\nAGENTS.md<\/code> as the place to encode repo layout, run instructions, build\/test\/lint commands, engineering conventions, constraints, and what \u201cdone\u201d means. (OpenAI Developers<\/a>)<\/p>\n\n\n\nRELEASE_READINESS.md<\/code><\/h3>\n\n\n\n\n
\n\n\n\nPart 4 \u2014 From idea initiation to a real requirement set<\/h1>\n\n\n\n
\n
Step 1: Turn the idea into a requirement brief<\/h2>\n\n\n\n
Product<\/h3>\n\n\n\n
\n
Business<\/h3>\n\n\n\n
\n
Security<\/h3>\n\n\n\n
\n
UX<\/h3>\n\n\n\n
\n
Data<\/h3>\n\n\n\n
\n
Operations<\/h3>\n\n\n\n
\n
\n\n\n\nStep 2: Ask Claude to turn the rough idea into a structured brief<\/h2>\n\n\n\n
I want to build [APP NAME].\n\nTurn this into a complete product brief.\n\nInclude:\n1. problem statement\n2. user personas\n3. user flow\n4. admin flow\n5. authentication model\n6. authorization model\n7. UX requirements\n8. search\/filter\/pagination needs\n9. validation rules\n10. feature list grouped into MVP \/ v2 \/ later\n11. non-functional requirements\n12. security concerns\n13. deployment assumptions\n14. open questions\n\nDo not write code yet.\nBe strict and identify what is missing.\n<\/code><\/pre>\n\n\n\n
\n\n\n\nPart 5 \u2014 If the project already exists, audit the repository first<\/h1>\n\n\n\n
\n
The correct repo-audit method<\/h2>\n\n\n\n
\n
\n
CLAUDE.md<\/code>; Claude docs also recommend using concise persistent instructions and path-specific guidance where necessary. (Claude<\/a>)<\/p>\n\n\n\nStrong audit prompt for Claude<\/h2>\n\n\n\n
Audit this repository completely.\n\nRules:\n- Start from the tracked source-file inventory.\n- Ignore generated\/build\/vendor files unless referenced by source code.\n- Account for every important source file.\n- Produce:\n\n1. top-level architecture summary\n2. directory layout\n3. service-by-service responsibility map\n4. feature inventory\n5. which features appear working\n6. which features appear broken\n7. which features are unknown or unverified\n8. missing test coverage\n9. missing validation\n10. missing lint\/type enforcement\n11. security risks\n12. API or schema mismatches\n13. priority-ranked recommendations\n\nAt the end include:\n- total reviewed files\n- excluded files\n- not reviewed files\n- confidence level by service\n<\/code><\/pre>\n\n\n\n
\n\n\n\nPart 6 \u2014 Write
CLAUDE.md<\/code> the right way<\/h1>\n\n\n\nCLAUDE.md<\/code> should contain instructions that matter every session, stay concise, and be used for rules Claude cannot infer from the code alone. They also support placing CLAUDE.md<\/code> files at multiple levels, where more specific local guidance takes precedence. (Claude<\/a>)<\/p>\n\n\n\nWhat belongs in
CLAUDE.md<\/code><\/h2>\n\n\n\n\n
\n
Root
CLAUDE.md<\/code> template<\/h2>\n\n\n\n# Project: MyHospital\n\n## Purpose\nMulti-service hospital platform.\n\n## Repo layout\n- svc1: auth and identity\n- svc2: patient and appointment flows\n- svc3: billing and payments\n- svc4: admin, analytics, reporting\n\n## Global rules\n- Do not change public contracts without updating SPEC.md first.\n- Prefer small, reviewable changes.\n- Preserve backward compatibility unless SPEC.md explicitly allows breaking change.\n- Every code change must include validation, tests, and lint\/type correctness.\n- Do not bypass security checks for convenience.\n\n## Commands\n- install: [command]\n- dev: [command]\n- test: [command]\n- lint: [command]\n- typecheck: [command]\n- integration-test: [command]\n\n## Security rules\n- All protected endpoints require server-side authorization checks.\n- Never trust client-provided roles.\n- Validate all input at the request boundary.\n- Sensitive data must not be logged.\n\n## Output format for implementation tasks\nFor each task, report:\n1. files changed\n2. what changed\n3. tests added or updated\n4. risk introduced\n5. follow-up work\n\n## Definition of done\nA task is done only if:\n- implementation is complete\n- validation is enforced\n- tests pass\n- lint\/typecheck pass\n- affected user\/admin flows still work\n- SPEC.md remains accurate\n<\/code><\/pre>\n\n\n\nService-level
CLAUDE.md<\/code><\/h2>\n\n\n\nsvc1\/CLAUDE.md<\/code>:<\/p>\n\n\n\n# svc1: auth and identity\n\n## Responsibility\nAuthentication, authorization, session handling, roles, permissions.\n\n## Must not break\n- login\n- logout\n- session renewal\n- password reset\n- role enforcement\n- unauthorized access handling\n\n## Required tests\n- auth success\n- auth failure\n- invalid credentials\n- expired token\n- insufficient permissions\n- session timeout behavior\n\n## Required validation\n- email\n- password policy\n- token format\n- permission checks\n<\/code><\/pre>\n\n\n\nsvc2\/CLAUDE.md<\/code>:<\/p>\n\n\n\n# svc2: patient and appointment workflows\n\n## Responsibility\nPatient search, appointment booking, rescheduling, cancellation, provider assignment.\n\n## Must not break\n- patient search\n- appointment creation\n- reschedule flow\n- cancellation flow\n- pagination and filtering\n- validation feedback\n\n## Required validations\n- required fields\n- date\/time validity\n- provider availability\n- duplicate booking prevention\n<\/code><\/pre>\n\n\n\n
\n\n\n\nPart 7 \u2014 Write
AGENTS.md<\/code> for Codex<\/h1>\n\n\n\nAGENTS.md<\/code> as the durable place for Codex repo instructions, including repo layout, commands, constraints, and what \u201cdone\u201d means. They also note that \/init<\/code> can scaffold a starter AGENTS.md<\/code>, but that you should refine it to match real team workflows. (OpenAI Developers<\/a>)<\/p>\n\n\n\nAGENTS.md<\/code> template<\/h2>\n\n\n\n# AGENTS.md\n\n## Repo overview\nMyHospital is a multi-service application with service boundaries that must be preserved.\n\n## Services\n- svc1: auth and authorization\n- svc2: appointments and patient flows\n- svc3: billing and invoicing\n- svc4: admin dashboards and reporting\n\n## Commands\n- install: [command]\n- dev: [command]\n- unit-tests: [command]\n- integration-tests: [command]\n- lint: [command]\n- typecheck: [command]\n\n## Engineering conventions\n- Prefer minimal diffs.\n- Reuse existing patterns before introducing new abstractions.\n- Do not rename files or functions unless necessary.\n- Keep API changes backward compatible unless SPEC.md says otherwise.\n\n## Constraints\n- Do not change infra or deployment manifests unless task explicitly asks.\n- Do not touch unrelated services.\n- Do not skip tests.\n- Do not leave TODOs in completed work unless listed in follow-up.\n\n## Validation rules\n- Implement request validation and business-rule validation.\n- Add negative test cases for invalid input and permission failures.\n\n## Done means\n- code compiles\n- tests pass\n- lint\/typecheck pass\n- changed behavior is verified\n- risk is stated clearly\n<\/code><\/pre>\n\n\n\n
\n\n\n\nPart 8 \u2014 Create
SPEC.md<\/code> before you write code<\/h1>\n\n\n\nSPEC.md<\/code> is weak, the whole build will drift.<\/p>\n\n\n\nWhat
SPEC.md<\/code> must contain<\/h2>\n\n\n\n# SPEC: [Feature Name]\n\n## Objective\nWhat are we building and why?\n\n## Scope\nIncluded:\nExcluded:\n\n## Users\n- user\n- admin\n- support\/internal ops\n\n## Functional requirements\n1. Authentication\n2. Authorization\n3. User flow\n4. Admin flow\n5. Search\/filter\/pagination\n6. Validation\n7. Feature 1\n8. Feature 2\n9. Feature 3\n\n## UX requirements\n- loading states\n- empty states\n- error states\n- unauthorized states\n- form validation states\n\n## Data model impact\n- tables\n- fields\n- migrations\n- compatibility concerns\n\n## API\/contracts\n- endpoints\n- request schema\n- response schema\n- failure modes\n\n## Security\n- role rules\n- audit logging\n- sensitive data handling\n\n## Test plan\n- unit\n- integration\n- end-to-end\n- negative cases\n- regression cases\n\n## Rollout plan\n- dev\n- staging\n- production\n\n## Rollback plan\n- revert method\n- migration reversal or mitigation\n- feature flag fallback\n\n## Definition of done\n- implementation complete\n- tests passing\n- lint\/typecheck passing\n- staging validated\n- docs updated\n<\/code><\/pre>\n\n\n\n
\n\n\n\nPart 9 \u2014 The approval gate: \u201cClaude yes\/no\u201d<\/h1>\n\n\n\n
SPEC.md<\/code> is written, stop.<\/p>\n\n\n\nPrompt<\/h2>\n\n\n\n
Review SPEC.md and repository context.\n\nAnswer only in this format:\n\nREADY: yes\/no\n\nIf no, list only blockers.\n\nCheck for:\n- missing requirements\n- missing edge cases\n- missing validation rules\n- missing security rules\n- missing error states\n- missing test cases\n- unclear service ownership\n- missing deployment or rollback concerns\n<\/code><\/pre>\n\n\n\n