Create the three files that Claude reads on every session, on every project, for the entire program. Do this once — it applies everywhere.
The previous page created a CLAUDE.md inside one test folder. That file only applies when you are in that folder. What you need is a global profile — a set of files that Claude reads regardless of which project you are working on. Once created, these files load automatically at the start of every single Claude Code session for the rest of the program.
There are three things to create:
~/.claude/CLAUDE.md — your permanent developer profile (who you are, your rules, your tech stack, how to access your credentials)
Four skill files in ~/.claude/skills/ — expert instruction sets Claude loads when it recognises a task type
Nothing else — the MCP connection you set up in the previous section already handles credential access automatically
This takes about 15 minutes. Do it once, and every future session starts with Claude already knowing everything about how you work.
The accountancy analogy: Your global profile is your firm's standard operating procedure document — except Claude reads it perfectly every time and never forgets it. The skill files are your specialised procedure checklists for specific engagement types. Together they turn Claude from a generic assistant into a developer who knows your standards and follows your process.
On Windows, press Windows key + R, type %USERPROFILE%\.claude and press Enter. If the folder does not exist, press Windows key + R, type %USERPROFILE% and press Enter, then create a new folder called .claude.
Inside the .claude folder, right-click → New → Text Document. Name it CLAUDE.md (not CLAUDE.md.txt — make sure Windows is not hiding the .txt extension).
Open the file in VS Code (code %USERPROFILE%\.claude\CLAUDE.md from Command Prompt). Select everything and replace with the template below — this is your complete global profile for the program.
Copy the entire block below — do not skip any section:
# My Developer Profile — Global## Who I AmBackground: Chartered Accountant / Finance ProfessionalProgram: Sahinov AI TrainingGoal: Building real, working software products using React and SupabaseCoding experience: Beginner — approach all explanations accordingly## Response Style- Keep explanations brief and practical — lead with the answer- When I ask why, explain in 1–2 sentences using plain English- Use accountancy analogies where they make things clearer- No trailing summaries after completing a task — I can read the diff- No emojis unless I ask for them- For small decisions, make a reasonable choice and proceed — do not ask## Core Rules (Never Break These)- Never use TypeScript `any` — use proper types or `unknown`- Never disable Row Level Security on any Supabase table- Never hard-delete rows — always soft-delete (`is_deleted = true`)- Never put the Supabase service role key in frontend code- Never commit `.env` or `.env.local` files to git- Never hardcode API keys or credentials in source files- Store all money amounts as integers (paise, not rupees)- Always handle three states in every data component: loading, error, empty- Functional React components and hooks only — no class components- React Query for all data fetching — never call Supabase directly in a component## Tech Stack| Layer | Technology ||-------|-----------|| Frontend | React 18 (functional components + hooks only) || Language | TypeScript strict mode — no `any`, no `@ts-ignore` || Build tool | Vite || Backend / DB | Supabase (auth, database, storage, edge functions) || Styling | Tailwind CSS || Forms | React Hook Form + Zod validation || Data fetching | TanStack Query (React Query) || Icons | lucide-react || Routing | React Router v6 |## Credentials & API KeysAll credentials — API keys, passwords, tokens, secrets — are stored in VaultMate.VaultMate is connected as a tool via MCP.Lookup order:1. Check `.env.local` for the key first2. If not there, use VaultMate MCP: get_credential(project_name, title)3. Save to `.env.local` after retrieving — do not call VaultMate again in the same project4. If not found anywhere, ask me — do not guess or leave blankRules:- VaultMate must be open and unlocked. If the call fails, tell me to open and unlock it, then retry- Never hardcode credentials in source files- Never commit `.env` or `.env.local` to git## Indian Locale Defaults- Timezone: IST (UTC+5:30) — all displayed dates and times in IST- Phone numbers: 10 digits, must start with 6–9. Validation: /^[6-9][0-9]{9}$/- Currency display: Indian format — ₹1,23,456.78 not ₹123,456.78- Currency storage: integers in paise. ₹100.50 is stored as 10050- GSTIN: 15 characters, format 22AAAAA0000A1Z5- PAN: 10 characters, format AAAAA1234A## Git Conventions- Commit messages: imperative mood — "add login page" not "added login page"- Commit after every meaningful unit of work — not at end of day- Stage specific files by name — never `git add .` blindly- Never commit `.env` or `.env.local`- Working branch: `development` for daily work → pull request to `main` to go live## Skill RoutingWhen starting any task, check this table and load the matching skill file from ~/.claude/skills/ before beginning.| Task contains these words | Skill to load ||--------------------------|--------------|| build, add, create, implement, new page, new form | new-feature.md || fix, bug, broken, error, not working, crash, wrong | bug-fix.md || database, table, schema, migration, RLS, column | supabase-migration.md || audit, pre-launch, check everything, ready to ship | pre-launch-audit.md |After loading a skill, announce which skill you are using before starting work.
Your Turn — After saving the file, open Command Prompt and run claude. Type: What are my core rules? Claude should list the rules from your global CLAUDE.md. If it does, the global profile is loading correctly. Exit with Ctrl+C.
Create each file below inside C:\Users\[yourname]\.claude\skills\. The process is the same for each: create the file, open in VS Code, paste the content, save.
Create all four files now, even if you do not understand all the content yet. These skill files contain battle-tested sequences developed on real projects. Claude will load them automatically when a task matches — you do not need to know the sequence yourself. You will understand it more deeply as you use it across the program.
Create the file:%USERPROFILE%\.claude\skills\new-feature.md
Paste this content:
# New Feature Skill## When to LoadTask contains: build, add, create, implement, new page, new form, new component## Sequence — Follow This Order Every Time1. Extract requirements as a numbered list — confirm with user before writing any code2. Check existing database structure before proposing any schema changes3. Build in this order: database migration (if needed) → data hook → UI component4. All data fetching via React Query hooks — never call Supabase directly in a component5. Add Zod schema for all user inputs before building the form6. Handle three states in every data-displaying component: - Loading: skeleton placeholders, not spinners - Error: friendly message with what went wrong - Empty: helpful message telling the user what to do next7. Run the quality checklist before saying the task is done## Quality Checklist (Run Before Every "Done")- TypeScript types are correct — no `any` anywhere- RLS is enabled on any new Supabase tables- At least one SELECT and one INSERT/UPDATE policy on each new table- Loading, error, and empty states all handled- Form validates with Zod before submitting- Responsive on mobile (375px) — check with browser DevTools- No hardcoded credentials or API keys- No service role key in frontend code## Anti-Patterns — Never Do These- Calling Supabase directly in a component (use React Query hooks)- Using `any` for TypeScript types- Hard-deleting rows (use `is_deleted = true`)- Putting service role key in frontend code- Missing loading or error states — users must always know what is happening
Create the file:%USERPROFILE%\.claude\skills\bug-fix.md
Paste this content:
# Bug Fix Skill## When to LoadTask contains: fix, bug, broken, error, not working, crash, wrong output, incorrect## Sequence — Follow This Order Every Time1. Define expected vs actual behaviour before touching any code2. Investigate in this exact order — do not skip steps: a. Read the component where the problem is visible b. Check the React Query hook that supplies the data c. Check the Supabase table — column names, RLS policies, data types d. Check recent changes: `git log --oneline -10` e. Check browser console for JavaScript errors3. Identify the root cause — not just the symptom4. Fix the root cause — not a workaround5. Verify the fix in the browser with real data — not just by reading the code6. Check whether the same bug could exist in other similar components## Anti-Patterns — Never Do These- Adding `as any` to silence TypeScript errors (this hides bugs, it does not fix them)- Empty catch blocks (`catch {}` with no error handling)- Fixing the symptom while leaving the root cause untouched- Not verifying in the browser after the fix- Marking a fix as done without checking for similar issues elsewhere
Create the file:%USERPROFILE%\.claude\skills\supabase-migration.md
Paste this content:
# Supabase Migration Skill## When to LoadTask contains: database, table, schema, migration, RLS, column, foreign key, add field## Sequence — Follow This Order Every Time1. Answer data design questions before writing any SQL: - What is stored in this table? (one sentence) - Who reads it? (everyone / signed-in users / specific role) - Who writes it? (same question) - How does it connect to other tables? (foreign key relationships)2. Write the migration SQL — create the file in `supabase/migrations/` with a timestamp prefix Example filename: `20260601120000_add_invoices_table.sql`3. Every new table must include ALL of the following: - All columns with correct types and NOT NULL where appropriate - `id UUID PRIMARY KEY DEFAULT gen_random_uuid()` - `created_at TIMESTAMPTZ DEFAULT now()` - `updated_at TIMESTAMPTZ DEFAULT now()` - `is_deleted BOOLEAN DEFAULT false` (soft-delete — never hard-delete) - `ALTER TABLE [table] ENABLE ROW LEVEL SECURITY` - RLS policies for each operation: SELECT, INSERT, UPDATE, DELETE - At minimum: a SELECT policy for who can read, an INSERT policy for who can write4. Apply the migration using the Supabase MCP tool — do not ask the user to run it manually5. After applying: regenerate TypeScript types6. Update any React Query hooks or components that query the affected tables## Anti-Patterns — Never Do These- Creating a table without RLS enabled- Missing `is_deleted` column (hard-deletes cause data loss)- Storing money as DECIMAL or FLOAT (always INTEGER — paise)- Storing passwords in your own table (Supabase Auth handles authentication)- Foreign keys without an index (slows down queries)- RLS policies that are too permissive (check the policy logic carefully)
Create the file:%USERPROFILE%\.claude\skills\pre-launch-audit.md
Paste this content:
# Pre-Launch Audit Skill## When to LoadTask contains: audit, pre-launch, check everything, ready to ship, before release, go live## Sequence — Run Every Check Before Recommending Launch### 1. Security Check- Search all source files for the service role key- Search for hardcoded API keys or passwords in source files- Confirm `.env` and `.env.local` are listed in `.gitignore`- Confirm `.env` files are NOT tracked by git (`git status`)- Search for TypeScript `any` in production source files### 2. Database Check- List all Supabase tables — confirm RLS is enabled on every user-data table- Confirm at least one SELECT policy and one INSERT/UPDATE policy per table- Confirm `is_deleted` column exists on all user-data tables- No tables storing passwords directly### 3. Code Quality Check- `console.log` statements left in production code- Empty `catch` blocks with no error handling- Build passes cleanly: `npm run build`- TypeScript passes: `npx tsc --noEmit`- No unused imports or dead code in files that were modified### 4. UI and Flow Check- Core pages load without errors- Sign up and login flow works end-to-end- Forms validate correctly and show errors below the field- Core feature flow works with real data- Error messages shown to users are human-readable (not technical)- Pages work on mobile: test at 375px width in browser DevTools### 5. ClassificationClassify every finding as:- **Critical** — must fix before launch (security holes, broken core flow, data loss risk)- **Important** — fix before next session- **Nice to have** — add to backlog### 6. ReportList all findings with their classification before recommending whether to launch.Never recommend launch if any Critical findings exist.
After creating all files, your .claude folder should look like this:
C:\Users\[yourname]\.claude\├── CLAUDE.md ← your global developer profile└── skills\ ├── new-feature.md ← building new things ├── bug-fix.md ← fixing problems ├── supabase-migration.md ← database changes └── pre-launch-audit.md ← checking before going live
Your Turn — Open Command Prompt, navigate to any folder (not a project), and run claude. Type: What skill would you load if I asked you to fix a broken login form? Claude should answer: the bug-fix skill, because the task contains "fix" and "broken". If it answers correctly, your skill routing table is working. Exit with Ctrl+C.
From this point forward, every Claude Code session on every project will start with Claude already knowing:
You are a CA professional learning to code — it adjusts its explanations accordingly
Your exact tech stack — it writes code using React Query hooks, not bare Supabase calls
Your hard rules — it never uses any, never disables RLS, never hard-deletes
Where your credentials are — it checks VaultMate automatically, not bothering you
Indian locale conventions — IST, rupee format, phone validation without asking
Which expert sequence to follow — it loads the right skill file for the task type
When you start your first real project (Aurora Public School), you will create one more file — a project-level CLAUDE.md inside the project folder. That file will add the project-specific details: the Supabase project reference, the database tables, the routes. The global profile handles everything universal; the project file handles everything specific.
You do not need to understand every line of these files right now. They are working instructions that Claude follows. As you build across the program, you will recognise the patterns — why data hooks come before UI, why Zod validation runs before form submission, why loading and error states are always required. Each rule exists because skipping it caused real problems on real projects. Trust the process and the understanding will follow.