CLAUDE.md

Cross-tool project constraints file (similar to .cursorrules) designed to communicate project-specific ethical, regulatory, and security constraints to any AI coding tool — Cursor, Claude Code, or others.

Syntax

cursor

# CLAUDE.md

## Project Purpose
## Critical Constraints
## Security Review Required
## Regulatory Requirements

Example

cursor

# CLAUDE.md

## Project Purpose
Healthcare data platform — all data handling must comply with HIPAA.

## Critical Constraints
- PHI must never be logged, even in development
- All database queries must use the audit-logging wrapper in src/lib/db/audit.ts
- No third-party analytics that could receive PHI

## Security Review Required
Any code touching auth, database queries, file uploads, or external API
calls must be flagged for human security review before merging.