Claude Bootstrap is a new project aiming to be a security-first, spec-driven toolkit that adds guardrails and automation for AI-assisted development with Claude Code. The project encodes a development stance that prioritizes TDD-first workflows, automated iterative loops, and strict complexity and security limits so that AI-generated code remains simple, auditable, and maintainable.
Core philosophy and constraints
At its heart are a few uncompromising rules:
- Iterative loops by default — Tasks are expressed naturally, and Claude runs self-referential TDD loops until tests pass. Iteration is favored over premature perfection.
- Tests first, always — Tests must fail before implementation begins. This enforces true validation of requirements and prevents regressions.
- Simplicity with measurable limits — Hard constraints such as 20 lines per function, 200 lines per file, 3 parameters per function, and 80% minimum test coverage.
- Security by default — No secrets checked into code, dependency scanning, pre-commit hooks, and CI enforcement.
- Mandatory code reviews — Pre-push hooks block pushes on Critical/High findings; code review is required before merge.
These rules are applied via a collection of skills and automated checks that shape how Claude Code generates and iterates on code.
Quick start and what gets scaffolded
A minimal quick start pattern in the repository shows:
- Clone the repo:
git clone [https://github.com/alinaqi/claude-bootstrap.git](https://github.com/alinaqi/claude-bootstrap.git) ~/.claude-bootstrap - Run the installer:
cd ~/.claude-bootstrap && ./install.sh - In a project: run
claude > /initialize-project
Initialization validates CLIs (gh, vercel, supabase), asks project questions (language, framework, AI-first), sets up or connects a GitHub repo, creates a structured project layout (skills, security, CI/CD, specs, todos), and prompts for feature specs.
The generated layout typically includes a .claude/skills/ directory, .github/workflows/ for CI, _project_specs/ for feature specs and atomic todos, docs/, scripts/, and a CLAUDE.md with operational instructions.
Iteration, loops, and safety nets
Claude Bootstrap turns natural-language requests into automated TDD loops (the ralph-loop//ralph-loop behavior). Example flows include:
- Request: “Add email validation to signup” → Claude extracts requirements, creates failing tests, runs iterations until tests and linters pass.
- Opt-out phrases exist for non-iterative output: “Just explain…”, “Quick fix…”, “Don't loop…”.
Loops include safety controls: --max-iterations limits, explicit error classification (code vs access vs environment errors), and blocker detection that halts loops for human action when necessary.
Commit hygiene, reviews, and team coordination
Claude Bootstrap enforces commit hygiene with thresholds and guidance:
- Green: ≤ 5 files and ≤ 200 lines
- Warn: 6–10 files or 201–400 lines
- Stop: > 10 files or > 400 lines
Code reviews are integrated as mandatory guardrails (/code-review) and pre-push hooks that block on severe issues. For multi-developer repositories, /check-contributors provides shared state, todo claiming, handoff notes, and conflict warnings.
Quality gates and security
Local pre-commit hooks run lint, type checks, security checks (no secrets, no .env committed), and unit tests over changed files. CI (GitHub Actions) enforces full lint/type checks, test suites with 80% coverage, secret scanning, and dependency audits.
Other features include a semantic CODE_INDEX.md to prevent semantic duplication, optional vector DB integration for large codebases, and a library of 41 skill markdown files covering TDD, security, languages, frameworks, AI-agent patterns, integrations, and more.
What it targets
Claude Bootstrap is geared toward projects that combine human review with AI-assisted generation: TypeScript and Python stacks, React/Next.js front ends, Node/FastAPI backends, Supabase/Postgres databases, and integrations such as Reddit Ads, Stripe, Shopify, and analytics tooling.
For the repository, documentation, contribution guidelines, and the MIT license are included. The project home and full details are available on GitHub: