From 179684a9e64b22a9aa2c0f77c5021e179824ea6e Mon Sep 17 00:00:00 2001
From: Mick Letofsky <mletofsky@bitwarden.com>
Date: Thu, 25 Sep 2025 07:46:59 +0200
Subject: [PATCH] Begin pilot program for Claude code reviews with initial
 system prompt (#6371)

* Rough draft of a markdown file to give context to Claude.
---
 CLAUDE.md | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100644 CLAUDE.md

diff --git a/CLAUDE.md b/CLAUDE.md
new file mode 100644
index 0000000000..db0252ad8c
--- /dev/null
+++ b/CLAUDE.md
@@ -0,0 +1,61 @@
+# Bitwarden Server - Claude Code Configuration
+
+## Critical Rules
+
+- **NEVER** edit: `/bin/`, `/obj/`, `/.git/`, `/.vs/`, `/packages/`, generated migration files
+- **Security First**: All code changes must prioritize cryptographic integrity and data protection
+- **Test Coverage**: New features require xUnit unit tests with NSubstitute mocking
+- **Check CODEOWNERS requirements**: The repo has a `.github/CODEOWNERS` file to define team ownership for different parts of the codebase. Respect that code owners have final authority over their designated areas
+
+## Project Context
+
+**Architecture**: CQRS pattern with feature-based organization
+**Framework**: .NET 8.0, ASP.NET Core
+**Database**: SQL Server primary, EF Core supports PostgreSQL, MySQL/MariaDB, SQLite
+**Testing**: xUnit, NSubstitute
+**Container**: Docker, Docker Compose, Kubernetes/Helm deployable
+
+## Development Standards
+
+### CQRS Pattern
+
+- Commands: `/src/Core/[Feature]/Commands/`
+- Queries: `/src/Core/[Feature]/Queries/`
+- Handlers implement `ICommandHandler<T>` or `IQueryHandler<T>`
+
+### API Conventions
+
+- RESTful endpoints with standard HTTP status codes
+- Consistent error response: `{ "error": { "message": "..." } }`
+- Pagination: `?skip=0&take=25`
+- API versioning: `/api/v1/`
+
+### Database Migrations
+
+- **SQL Server**: Manual scripts in `/util/Migrator/DbScripts/`
+- **Other DBs**: EF Core migrations via `pwsh ef_migrate.ps1`
+
+## Security Requirements
+
+- **Compliance**: SOC 2 Type II, SOC 3, HIPAA, ISO 27001, GDPR, CCPA
+- **Principles**: Zero-knowledge, end-to-end encryption, secure defaults
+- **Validation**: Input sanitization, parameterized queries, rate limiting
+- **Logging**: Structured logs, no PII/sensitive data in logs
+
+## Code Review Checklist
+
+- Security impact assessed
+- xUnit tests added/updated
+- Performance impact considered
+- Error handling implemented
+- Breaking changes documented
+- CI passes: build, test, lint
+
+## References
+
+- [Architecture](https://contributing.bitwarden.com/architecture/server/)
+- [Contributing Guidelines](https://contributing.bitwarden.com/contributing/)
+- [Setup Guide](https://contributing.bitwarden.com/getting-started/server/guide/)
+- [Code Style](https://contributing.bitwarden.com/contributing/code-style/)
+- [Bitwarden security whitepaper](https://bitwarden.com/help/bitwarden-security-white-paper/)
+- [Bitwarden security definitions](https://contributing.bitwarden.com/architecture/security/definitions)