🔓 unclaimed — this page was auto-generated from GitHub. Are you the creator?
Claim this page →
claude-governance
Claude Code governance templates by tech stack : CLAUDE.md, scoped rules, architecture docs, cost control & dev-level adaptation
git clone https://github.com/datallmhub/claude-governance
Claude Code Governance Templates
Ready-to-use governance templates for Claude Code, organized by tech stack. Rules load automatically on every session: no prompting required.
If this saves you time, consider giving it a ⭐: it helps others find the project.
Why this exists
Without structure, Claude Code generates inconsistent code, ignores your conventions, and repeats the same mistakes across sessions. This project fixes that with a hierarchy of CLAUDE.md files that load automatically: no prompting required.
What you get:
- Consistent code that respects your architecture and naming conventions
- Security rules enforced by default (no IDOR, no raw SQL, no hardcoded secrets)
- Cost control: precise diffs instead of full rewrites, right model for the right task
- Behavior adapted to the developer's experience level (Junior → Tech Lead)
Installation
Via plugin marketplace (recommended):
/plugin marketplace add datallmhub/claude-governance
/plugin install claude-governance
Then run /setup in any project: select your stack, governance files are copied automatically, and rules inject at every session start.
Local / development:
git clone https://github.com/datallmhub/claude-governance.git
claude --plugin-dir /path/to/claude-governance
Manual (no plugin):
- Copy the stack folder into your project root
- Update
CLAUDE.mdwith your project name and stack versions - Copy
CLAUDE.local.md.example→CLAUDE.local.md(do not commit) - Set your experience level in
dev-level.md
Available stacks
Java
| Stack | Folder | Status |
|---|---|---|
| Java (Spring Boot) + React (TypeScript) | java-react/ | ✅ Ready |
| Java (Spring Boot) + Angular | java-angular/ | 🔜 Coming |
| Java (Spring Boot) + Vue.js | java-vue/ | 🔜 Coming |
| Java (Spring Boot) API only | java-only/ | 🔜 Coming |
JavaScript / TypeScript
| Stack | Folder | Status |
|---|---|---|
| React / TypeScript only | react-only/ | ✅ Ready |
| Angular only | angular-only/ | ✅ Ready |
| Vue.js only | vue-only/ | ✅ Ready |
| Next.js (full-stack) | nextjs/ | ✅ Ready |
| Node.js (Express) + React | node-express-react/ | 🔜 Coming |
| Node.js (NestJS) + React | nestjs-react/ | ✅ Ready |
Python
| Stack | Folder | Status |
|---|---|---|
| Python (FastAPI) + React | python-fastapi-react/ | ✅ Ready |
| Python (Django) + React | python-django-react/ | 🔜 Coming |
| Python (FastAPI) API only | python-fastapi-only/ | 🔜 Coming |
.NET / Go / PHP
| Stack | Folder | Status |
|---|---|---|
| .NET (ASP.NET Core) + React | dotnet-react/ | 🔜 Coming |
| Go (Gin / Echo) + React | go-react/ | 🔜 Coming |
| Laravel + React | laravel-react/ | 🔜 Coming |
| Symfony + React | symfony-react/ | 🔜 Coming |
What's inside each template
<stack>/
├── CLAUDE.md # Project context: always loaded
├── CLAUDE.local.md.example # Personal overrides (copy locally, never commit)
├── .claude/
│ ├── settings.json # SessionStart hook: injects rules at session start
│ ├── rules/
│ │ ├── backend.md # Backend rules: scoped to backend files only
│ │ ├── frontend.md # Frontend rules: scoped to frontend files only
│ │ ├── database.md # DB / migration rules
│ │ ├── testing.md # Testing standards
│ │ ├── security.md # Security rules: loaded on every file
│ │ ├── governance.md # Git, PR, versioning, release process
│ │ └── dev-level.md # Behavior by experience level
│ └── architecture/
│ ├── overview.md # System architecture + key decisions
│ ├── api.md # REST API contract
│ └── data-model.md # Database schema
└── samples/ # Code examples applying all the rules
Load order
~/.claude/CLAUDE.md ← personal preferences (your machine)
./CLAUDE.md ← project rules (committed, shared)
./CLAUDE.local.md ← personal overrides (gitignored)
.claude/rules/*.md ← scoped rules (loaded per file path)
Security
security.md loads on every file automatically. It enforces:
- No IDOR:
public_id UUIDin all URLs, never internal sequential IDs - No hardcoded secrets: all credentials via environment variables
- Safe tokens: JWT in memory, refresh token in
HttpOnly; Securecookie - Injection prevention: parameterized queries, input validated at system boundary
- CORS locked down: explicit origin whitelist, never
allowedOrigins("*")
Developer Experience Levels
One setting in dev-level.md: Claude adapts its verbosity automatically.
| Level | Behavior |
|---|---|
JUNIOR | Step-by-step, full context, pitfalls flagged |
SENIOR | Solution-first, 3 sentences max per concept |
EXPERT | Code only, no explanations unless asked |
TECH_LEAD | 1 sentence max, no prose, no fundamentals |
GovEval: Validate your governance
GovEval is to governance rules what unit tests are to code.
It does not test Claude in isolation. It tests Claude as configured by this repo — CLAUDE.md + .claude/rules/ + dev-level + everything else loaded automatically.
The developer prompt never repeats the rules:
Developer request → Claude Code runtime (rules loaded silently) → Generated code → Judge → PASS / FAIL
Example — SEC-01:
| Step | Result |
|---|---|
| Prompt | "Create GET /tasks" |
| Generated | organizationId read from JWT, not the request |
| Judge | Mistral Large — isolation verified |
| Result | ✅ PASS — 100/100 |
The judge (Mistral Large) is a different model family than the generator (Claude), so it isn't grading its own work.
/gov-eval # all scenarios
/gov-eval --category security # one category
/gov-eval --scenario SEC-01 # one scenario
Requires MISTRAL_API_KEY. See java-react/tests/ for full details.
Run it on a schedule, not just once. A rule that passes today can silently break after a model update, even with no changes to CLAUDE.md. Re-run GovEval on every PR touching .claude/rules/, and periodically (e.g. every 2 weeks) to catch drift from model updates.
Contributing
See CONTRIBUTING.md for the full guide.
Pick an open new-stack issue: each one is a self-contained task with clear acceptance criteria.
// compatibility
| Platforms | api, web, mobile |
|---|---|
| Operating systems | — |
| AI compatibility | claude |
| License | MIT |
| Pricing | open-source |
| Language | Java |
// faq
What is claude-governance?
Claude Code governance templates by tech stack : CLAUDE.md, scoped rules, architecture docs, cost control & dev-level adaptation. It is open-source on GitHub.
Is claude-governance free to use?
claude-governance is open-source under the MIT license, so it is free to use.
What category does claude-governance belong to?
claude-governance is listed under other in the Claudeers registry of Claude-compatible tools.
// embed badge
[](https://claudeers.com/claude-governance)
// retro hit counter
[](https://claudeers.com/claude-governance)
// reviews
// guestbook
// related in Other
Open source Ghostty-based macOS terminal with vertical tabs and notifications for AI coding agents. Built for multitasking, organization, and programmability.
Huashu Design · HTML-native design skill for Claude Code · Claude Code 里 HTML 原生的设计 skill · 高保真原型 / 幻灯片 / 动画 + 20 设计哲学 + 5 维评审 + MP4 导出 · Agent-agnostic
一份通俗易懂、风趣幽默的Java学习指南,内容涵盖Java基础、Java并发编程、Java虚拟机、Java企业级开发、Java面试等核心知识点。学Java,就认准二哥的Java进阶之路😄
🎬 卡卡字幕助手 | VideoCaptioner - 基于 LLM 的智能字幕助手 - 视频字幕生成、断句、校正、字幕翻译全流程处理!- A powered tool for easy and efficient video subtitling.