π‘ Summary
Claude Bootstrap is a TDD-first project initialization system that enhances AI-generated code with security and simplicity.
π― Target Audience
π€ AI Roast: βPowerful, but the setup might scare off the impatient.β
Risk: Medium. Review: shell/CLI command execution; outbound network access (SSRF, data egress); API keys/tokens handling and storage; filesystem read/write scope and path traversal; dependency pinning and supply-chain risk. Run with least privilege and audit before enabling in production.
Claude Bootstrap
An opinionated project initialization system for Claude Code. TDD-first, iterative loops, security-first, AI-native.
The bottleneck has moved from code generation to code comprehension. AI can generate infinite code, but humans still need to review, understand, and maintain it. Claude Bootstrap provides guardrails that keep AI-generated code simple, secure, and verifiable.
Core Philosophy
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β ITERATIVE LOOPS BY DEFAULT β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Every task runs in a self-referential loop until tests pass. β
β Claude iterates autonomously. You describe what, not how. β
β Powered by Ralph Wiggum - iteration > perfection. β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β TESTS FIRST, ALWAYS β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Features: Write tests β Watch them fail β Implement β Pass β
β Bugs: Find test gap β Write failing test β Fix β Pass β
β No code ships without a test that failed first. β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β SIMPLICITY IS NON-NEGOTIABLE β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β 20 lines per function β 200 lines per file β 3 params max β
β If you can't understand the whole system in one session, β
β it's too complex. β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β SECURITY BY DEFAULT β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β No secrets in code β No secrets in client env vars β
β Dependency scanning β Pre-commit hooks β CI enforcement β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β CODE REVIEWS ARE MANDATORY β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Every commit requires /code-review before push. β
β π΄ Critical + π High = blocked β π‘ Medium + π’ Low = can ship β
β AI catches what humans miss. Humans catch what AI misses. β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Why This Exists
After hundreds of AI-assisted projects across Node, React, Python, and React Native, patterns emerged:
- Engineers struggle with Claude Code not because of the tool, but because of how they instruct it - The delta is in the guardrails
- Complexity has a ceiling - There's a point where AI loses coherent understanding of the system. That's a signal, not a failure
- Restart is a feature, not failure - When fixing something increases complexity, restart with learnings. Each iteration is faster
This toolkit encodes those learnings into reusable skills.
Quick Start
# Clone and install git clone https://github.com/alinaqi/claude-bootstrap.git ~/.claude-bootstrap cd ~/.claude-bootstrap && ./install.sh # In any project directory claude > /initialize-project
Claude will:
- Validate tools - Check gh, vercel, supabase CLIs
- Ask questions - Language, framework, AI-first?, database
- Set up repository - Create or connect GitHub repo
- Create structure - Skills, security, CI/CD, specs, todos
- Prompt for specs - Transition to defining first feature
Automatic Iterative Loops (Ralph Wiggum)
You talk naturally. Claude automatically runs iterative TDD loops.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β You say: "Add email validation to signup" β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Claude automatically: β
β 1. Extracts requirements from your request β
β 2. Structures as TDD loop with completion criteria β
β 3. Runs /ralph-loop with tests as exit condition β
β 4. Iterates until all tests pass + lint clean β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
No need to manually invoke /ralph-loop. Just describe what you want:
| You Say | Claude Does | |---------|-------------| | "Add user authentication" | Loops until auth tests pass | | "Fix the login bug" | Finds test gap β writes test β loops until fixed | | "Build a REST API for todos" | Loops until all endpoint tests pass | | "Refactor the auth module" | Loops with tests as safety net |
Opt-out phrases (for when you don't want loops):
- "Just explain..." β explanation only
- "Quick fix..." β one-liner, no loop
- "Don't loop..." β explicit opt-out
Setup Ralph Wiggum Plugin
# Install from official marketplace (in Claude Code) /plugin install ralph-loop@claude-plugins-official
Troubleshooting: "Source path does not exist: .../ralph-wiggum"
The plugin was renamed from ralph-wiggum to ralph-loop in the marketplace. If you see this error, the cache references the old name but the plugin folder uses the new name. Fix with a symlink:
ln -s ~/.claude/plugins/marketplaces/claude-plugins-official/plugins/ralph-loop \ ~/.claude/plugins/marketplaces/claude-plugins-official/plugins/ralph-wiggum
Then retry /plugin install ralph-loop@claude-plugins-official.
Commit Hygiene (Automatic PR Size Management)
Claude monitors your changes and advises when to commit before PRs become too large.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β COMMIT SIZE THRESHOLDS β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β π’ OK: β€ 5 files, β€ 200 lines β
β π‘ WARN: 6-10 files, 201-400 lines β "Commit soon" β
β π΄ STOP: > 10 files, > 400 lines β "Commit NOW" β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Claude automatically checks and advises:
| Status | Claude Says | |--------|-------------| | 3 files, 95 lines | β Tests passing. Good time to commit! | | 7 files, 225 lines | π‘ Approaching threshold. Consider committing. | | 12 files, 400 lines | β οΈ Changes too large! Commit now. |
Why this matters:
- PRs < 200 lines: 15% defect rate
- PRs 200-400 lines: 23% defect rate
- PRs > 400 lines: 40%+ defect rate (rubber-stamped, not reviewed)
Atomic commit principle: If you need "and" to describe your commit, split it.
Agentic Ad Optimization (Reddit Ads)
Run automated Reddit ad campaigns with AI-powered optimization.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β BACKGROUND SERVICE (runs every 4-6 hours) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β 1. Fetch performance data (CTR, CPA, ROAS) β
β 2. Claude analyzes and recommends actions β
β 3. Auto-execute: pause, scale, adjust bids, rotate ads β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
AI-driven actions:
| Action | Trigger | Result |
|--------|---------|--------|
| PAUSE | CTR < 0.3%, no conversions | Stop wasting budget |
| SCALE | CTR > 1%, CPA < target | Increase budget 1.5x |
| ADJUST_BID | Moderate performance | Tweak bids Β±10-20% |
| ROTATE_CREATIVE | Declining CTR 3+ days | Flag for new creative |
Deploy as Docker service:
docker-compose up -d reddit-ads-optimizer
Multi-Repo Workspace Awareness
Claude Code now understands your entire workspace - monorepo or multi-repo.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β /analyze-workspace β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Discovers: Modules, dependencies, contracts β
β Generates: TOPOLOGY.md, CONTRACTS.md, KEY_FILES.md β
β Tracks: API contracts, shared types, cross-repo changes β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Generated context artifacts:
| Artifact | Purpose |
|----------|---------|
| TOPOLOGY.md | What modules exist, their roles, tech stacks |
| CONTRACTS.md | API endpoints, shared types, validation status |
| DEPENDENCY_GRAPH.md | Who calls whom, change order |
| KEY_FILES.md | What to load for each context |
| CROSS_REPO_INDEX.md | Search capabilities before reimplementing |
Contract freshness (automatic):
| Trigger | Action | Time | |---------|--------|------| | Session start | Staleness check | ~5s | | Post-commit | Auto-sync if contracts changed | ~15s | | Pre-push | Validation gate | ~10s |
Cross-repo change detection:
β οΈ CROSS-REPO CHANGE DETECTED
This change affects: apps/api
Recommended order: shared-types β backend β frontend
Code Reviews (Mandatory Guardrail)
Every push requires code review. No exceptions.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β WORKFLOW: Code β Test β Commit β Push β Review blocks β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Run manually: /code-review β
β Enforced: Pre-push hook blocks on Critical/High β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Enable pre-push hook in any project:
~/.claude/install-hooks.sh
Severity levels:
| Level | Action | Can Push? | |-------|--------|-----------| | π΄ Critical | Must fix now | β BLOCKED | | π High | Must fix now | β BLOCKED | | π‘ Medium | Fix soon | β Advisory | | π’ Low | Nice to have | β Advisory |
What it catches:
- Security vulnerabilities (SQL injection, XSS, secrets)
- Performance issues (N+1 queries, memory leaks)
- Architecture problems (coupling, SOLID violations)
- Code quality (complexity, dupli
Pros
- Encourages TDD and iterative development.
- Enhances code security and simplicity.
- Automates project initialization.
- Facilitates code reviews and commit hygiene.
Cons
- May require a learning curve for new users.
- Dependency on specific tools and plugins.
- Complexity in setup for larger projects.
- Potential for over-reliance on AI.
Related Skills
useful-ai-prompts
AβA treasure trove of prompts, but donβt expect them to write your novel for you.β
fastmcp
AβFastMCP: because who doesn't love a little complexity with their AI?β
python-pro
AβPowerful, but the setup might scare off the impatient.β
Disclaimer: This content is sourced from GitHub open source projects for display and rating purposes only.
Copyright belongs to the original author alinaqi.
