I’m planning to build a web-based and mobile version of a strategy development/project tracking system that is currently managed in Excel. The part I’m struggling with is how to properly set up the project rules and structure using MD files, skills, and MCP. I want the rules to be clear, simple, and useful, but I keep running into a problem where the Opus model makes the MD files way too bloated and fills the context with unnecessary details. How would you structure project rules in a clean and practical way? What should the right setup look like? The project flow is roughly like this: A user submits a project application through an interface by entering the project details. The unit manager reviews the application and can either send it back for revisions or approve it. If approved, it moves to a higher authority, such as a department head. That person can also request revisions or approve the project. Once the required approvals are completed, the project receives an official project number. The system should also handle notifications, queues, approval flows, status tracking, and similar operational details. The tech stack I’m currently considering is: Frontend: Next.js App Router, React, Tailwind, Shadcn/ui, 21st.dev , MapLibre GL JS, Supabase Auth Database: Supabase Backend and API: NestJS, TypeScript, Fastify adapter, Drizzle ORM, BullMQ, Redis, u/nestjs/throttler , OpenAPI/Swagger Mobile: React Native + Expo Monorepo: Turborepo, pnpm workspaces, Docker Another important part for me is testing and security. Since this project will include approval flows, role-based access, financial/project data, notifications, and audit-like operations, I don’t want to treat testing and security as something to add at the end. A few specific questions I have: Should I set up unit, integration, and e2e tests from the very beginning? How would you position tools like Playwright, TestSprite, Jest/Vitest, and Supertest in this kind of project? Should I write strict rules for the LLM coding agents, such as “no merge without tests” or “every new feature must include tests” inside the MD rule files? Where should I document and enforce security rules like Supabase RLS, audit logs, rate limits, permission matrix, and role-based access control? How can I make sure Claude Code or Codex does not skip these rules while generating code? Skills: Frontend: vercel-react-best-practices, vercel-labs/next-skills/next-best-practices, shadcn/ui/shadcn, tailwind-design-system Backend: giuseppe-trisciuoglio/developer-kit, better-auth/skills/better-auth-best-practices, supabase/agent-skills/supabase, supabase-postgres-best-practices, obra/superpowers/systematic-debugging, testsprite This is the stack I have in mind after doing some research, but I’m open to different suggestions if there are better options. The project is fairly large, and honestly I’m not sure how to start it in the right way. LLMs have made the process more confusing for me instead of clearer. What would be the best step-by-step approach to set up the structure properly before writing too much code? submitted by /u/hayrimavi1
Originally posted by u/hayrimavi1 on r/ClaudeCode