A complete, stack-agnostic setup for Claude Code with a minimal router CLAUDE.md, 5 behavioral rules, 16 custom skills, 3 automation hooks, and the obra/superpowers plugin — all configured globally so every project gets them automatically.
CLAUDE.md is a ~20-line router — not a knowledge dump. It contains compaction recovery instructions and core behavioral pointers. All detailed rules live in ~/.claude/rules/ where they load automatically into context.
Why? Based on How To Be A World-Class Agentic Engineer: skill/agent lists in CLAUDE.md are redundant (they're auto-discovered), and behavioral rules need to survive context compaction.
Rules load automatically from ~/.claude/rules/ into every session. They survive compaction because Claude re-reads them on recovery.
| Rule | Purpose |
|---|---|
coding.md |
Anti-patterns (no unnecessary deps), security (parameterized queries), style (simplicity over abstraction) |
commits.md |
Commit frequency (every meaningful change), format (conventional commits), push cadence |
research.md |
Research vs implementation separation, anti-sycophancy, neutral prompting |
completion.md |
Task completion contracts — tests pass, no debug artifacts, clean diffs |
project-setup.md |
Spec-driven dev, orchestration, session discipline |
Skills are reusable instruction sets that Claude follows when triggered. They live in ~/.claude/skills/ and are available across all projects.
| Skill | Command | Description |
|---|---|---|
| ask-first | (background) | Clarifies vague/ambiguous requirements before writing any code. Rates request specificity and asks targeted multiple-choice questions. Prevents building the wrong thing. |
| planning | /planning [task] |
Decomposes work into small (2-5 min), verifiable, independently testable steps. Surfaces risks early. Each step touches max 3 files and leaves the codebase working. |
| code-review | /code-review [path] |
Structured review across 5 dimensions: correctness, security, performance, maintainability, and testing gaps. Findings rated as CRITICAL / WARNING / NIT with file:line references. |
| security-review | /security-review [target] |
Deep security audit covering OWASP top 10: input validation, auth/authz, secrets, data protection, dependencies, and infrastructure. Outputs findings by severity with specific remediation steps. |
| tdd | /tdd [feature] |
Enforces strict RED-GREEN-REFACTOR test-driven development. Writes one failing test, makes it pass with minimal code, refactors, repeats. Shows test output at each stage. |
| testing | /testing [target] |
Test writing patterns for unit, integration, and E2E. Auto-detects the project's test framework and matches existing conventions. Prioritizes business logic, error handling, and edge cases. |
| debug | /debug [error] |
Systematic 5-step debugging: reproduce, locate, narrow down, root cause analysis, and structured report. Categorizes bugs (data/logic/environment/integration). Won't suggest fixes below MEDIUM confidence. |
| refactor | /refactor [target] |
Safe refactoring with pre-checks: reads code, checks for tests, identifies all callers. Applies extraction, simplification, and structural improvements. One refactor per commit, preserves public interfaces. |
| performance | /performance [target] |
Measure-first optimization. Profiles to find bottlenecks, categorizes as CPU/memory/IO/network-bound, applies fixes in priority order (index > cache > batch > algorithm > architecture), benchmarks before and after. |
| api-design | /api-design [endpoint] |
REST/GraphQL conventions: URL structure, HTTP methods, response envelopes, error formats, pagination, versioning, rate limiting, idempotency. Flags deviations and suggests corrections. |
| figma | /figma [link or task] |
Figma x Claude integration — design-to-code from Figma files via MCP, and code-to-canvas for turning live UI into editable Figma frames. Covers MCP server setup (remote and desktop), prompting strategies, and design token extraction. |
| webmcp | /webmcp [component] |
Adds WebMCP tools to web apps — exposes frontend functionality as structured, callable tools for AI agents via Chrome's navigator.modelContext API. Includes Chrome DevTools MCP setup, tool registration patterns, and design guidelines. 89% fewer tokens vs screenshot-based agents. |
| Skill | Command | Description |
|---|---|---|
| git-workflow | /git-workflow [action] |
Conventional Commits format, branch naming (type/description), and structured PR descriptions. Reads the actual diff before writing commit messages. |
| parallel-agents | /parallel-agents [tasks] |
Dispatches up to 5 concurrent subagents for independent tasks. Verifies no file overlap, provides each agent scoped context, integrates results, and runs tests after merge. |
| document | /document [target] |
Generates documentation by reading the actual code first. Supports inline docs, component READMEs, API docs, and Architecture Decision Records (ADRs). Never invents behavior. |
| skill-creator | /skill-creator [name] |
Meta-skill for building new skills. Walks through purpose, settings, tool permissions, and content. Scaffolds the folder, writes SKILL.md, and updates the global CLAUDE.md. |
Superpowers by Jesse Vincent is a complete software development methodology built as composable skills. These auto-activate based on context and enforce disciplined workflows.
| Skill | When It Activates |
|---|---|
| brainstorming | Before any creative work — explores intent via Socratic questioning |
| test-driven-development | Before writing implementation — enforces TDD cycles |
| systematic-debugging | When encountering bugs — 4-phase root cause process |
| writing-plans | When specs exist — decomposes into bite-sized tasks |
| executing-plans | When plans exist — follows steps with review checkpoints |
| subagent-driven-development | During implementation — delegates with two-stage review |
| dispatching-parallel-agents | For 2+ independent tasks — concurrent git worktree work |
| requesting-code-review | After completing features — structured review against the plan |
| receiving-code-review | When getting feedback — requires verification, not blind agreement |
| verification-before-completion | Before claiming done — must run tests and show evidence |
| finishing-a-development-branch | After implementation — merge, PR, or cleanup options |
| using-git-worktrees | Starting feature work — creates isolated worktrees |
| using-superpowers | Session start — establishes skill routing |
| writing-skills | Creating/editing skills — proper structure and testing |
Hooks are event-driven scripts that run automatically in response to Claude Code actions. They use Node.js for JSON parsing (no jq dependency).
Runs before every file edit. Blocks writes to:
.env*files (environment secrets)credentials.json,secrets.yaml, etc.- Lock files (
package-lock.json,yarn.lock,Cargo.lock, etc.) .git/internals
Returns exit code 2 with an explanation, which prevents the edit and shows the message to Claude.
Runs after every file edit. Auto-detects the project's formatter:
| Language | Formatter Priority |
|---|---|
| JS/TS/CSS/HTML | Prettier > Biome > ESLint |
| Python | Ruff > Black |
| Go | gofmt |
| Rust | rustfmt |
Walks up from the edited file to find the project root, checks for formatter config files, and runs the first match. Does nothing if no formatter is configured.
Runs before Claude claims completion. Auto-detects the test runner:
| Project Type | Test Command |
|---|---|
| Node.js (with test script) | npm test |
| Python (with pytest) | pytest --tb=short -q |
| Go | go test ./... |
| Rust | cargo test |
If tests fail, returns exit code 1 which blocks Claude from finishing and feeds the failure output back so it must fix the issue first.
Loaded into every Claude Code session. A minimal ~20-line router with compaction recovery instructions, core behavioral pointers, and a reference to ~/.claude/rules/. Skills and agents are auto-discovered — they are not listed here.
Registers:
- 3 enabled plugins (frontend-design, github, superpowers)
- 3 hooks (PreToolUse, PostToolUse, Stop)
- Model preference (opus)
- Custom status line showing project name and git branch
git clone https://github.com/YOUR_USERNAME/claude-code-setup.git
cd claude-code-setup
bash install.sh-
Copy skills:
cp -r skills/* ~/.claude/skills/
-
Copy rules:
mkdir -p ~/.claude/rules cp rules/*.md ~/.claude/rules/
-
Copy hooks:
mkdir -p ~/.claude/hooks cp hooks/*.sh ~/.claude/hooks/ chmod +x ~/.claude/hooks/*.sh
-
Copy global CLAUDE.md:
cp CLAUDE.md ~/.claude/CLAUDE.md -
Merge settings (don't overwrite — merge the
hookssection into your existingsettings.json):# Review settings.json and manually merge into ~/.claude/settings.json -
Install superpowers plugin:
claude plugin marketplace add obra/superpowers-marketplace claude plugin install superpowers@superpowers-marketplace
-
Restart Claude Code for hooks to take effect.
The router architecture keeps idle cost minimal while ensuring rules survive compaction:
| Component | Idle Cost (always loaded) | On-Demand Cost |
|---|---|---|
| CLAUDE.md (router) | ~500 chars | — |
| 5 rule files | ~2,500 chars | — |
| 16 skill descriptions (auto-discovered) | ~1,400 chars | — |
| Single skill invocation | — | ~1,500–3,500 chars |
| Total idle overhead | ~4,400 chars | — |
With a ~200K token context window (~800K chars), the idle cost is ~0.5% of capacity. The slight increase over the old ~2,100 chars is worth it — rules now survive compaction and enforce consistent behavior throughout long sessions.
Use the built-in meta-skill:
/skill-creator my-new-skill — does X when Y happens
Or manually:
mkdir ~/.claude/skills/my-skill
# Write ~/.claude/skills/my-skill/SKILL.md with YAML frontmatter + instructions
# Skills are auto-discovered — no need to update CLAUDE.mdRemove or comment out the hook entry in ~/.claude/settings.json under the hooks key.
Add disable-model-invocation: true to any skill's YAML frontmatter to make it manual-only.
~/.claude/
├── CLAUDE.md # Minimal router (~20 lines)
├── settings.json # Hooks, plugins, preferences
├── rules/
│ ├── coding.md # Anti-patterns, security, style
│ ├── commits.md # Commit frequency, format, push cadence
│ ├── research.md # Research/impl separation, anti-sycophancy
│ ├── completion.md # Task completion contracts
│ └── project-setup.md # Spec-driven dev, session discipline
├── hooks/
│ ├── auto-format.sh # PostToolUse formatter
│ ├── block-sensitive-files.sh # PreToolUse security guard
│ └── test-enforcement.sh # Stop hook test runner
├── skills/
│ ├── ask-first/SKILL.md # Requirement clarification
│ ├── planning/SKILL.md # Task decomposition
│ ├── code-review/SKILL.md # Structured review
│ ├── security-review/SKILL.md # Security audit
│ ├── tdd/SKILL.md # Test-driven development
│ ├── testing/SKILL.md # Test writing patterns
│ ├── debug/SKILL.md # Root cause analysis
│ ├── figma/SKILL.md # Figma design integration
│ ├── refactor/SKILL.md # Safe refactoring
│ ├── performance/SKILL.md # Profiling & optimization
│ ├── api-design/SKILL.md # API conventions
│ ├── git-workflow/SKILL.md # Git standards
│ ├── parallel-agents/SKILL.md # Concurrent subagents
│ ├── document/SKILL.md # Documentation generation
│ ├── skill-creator/SKILL.md # Meta-skill builder
│ └── webmcp/SKILL.md # WebMCP agent-friendly tools
└── plugins/
└── superpowers/ # obra/superpowers plugin
└── skills/ # 14 methodology skills
- obra/superpowers by Jesse Vincent — development methodology plugin
- Trail of Bits — inspiration for the
ask-firstskill - Anthropic — official skills format and reference implementations
- Figma MCP Server — official Figma integration for AI coding agents
- WebMCP — Chrome's browser-native API for AI agent tool exposure
- Chrome DevTools MCP — browser automation MCP server