diff --git a/CLAUDE.md b/CLAUDE.md index db0252ad8c..d07bd3f3e1 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -2,38 +2,30 @@ ## Critical Rules -- **NEVER** edit: `/bin/`, `/obj/`, `/.git/`, `/.vs/`, `/packages/`, generated migration files -- **Security First**: All code changes must prioritize cryptographic integrity and data protection -- **Test Coverage**: New features require xUnit unit tests with NSubstitute mocking -- **Check CODEOWNERS requirements**: The repo has a `.github/CODEOWNERS` file to define team ownership for different parts of the codebase. Respect that code owners have final authority over their designated areas +- **NEVER** edit: `/bin/`, `/obj/`, `/.git/`, `/.vs/`, `/packages/` which are generated files +- **NEVER** use code regions: If complexity suggests regions, refactor for better readability +- **NEVER** compromise zero-knowledge principles: User vault data must remain encrypted and inaccessible to Bitwarden +- **NEVER** log or expose sensitive data: No PII, passwords, keys, or vault data in logs or error messages +- **ALWAYS** use secure communication channels: Enforce confidentiality, integrity, and authenticity +- **ALWAYS** encrypt sensitive data: All vault data must be encrypted at rest, in transit, and in use +- **ALWAYS** prioritize cryptographic integrity and data protection +- **ALWAYS** add unit tests (with mocking) for any new feature development ## Project Context -**Architecture**: CQRS pattern with feature-based organization -**Framework**: .NET 8.0, ASP.NET Core -**Database**: SQL Server primary, EF Core supports PostgreSQL, MySQL/MariaDB, SQLite -**Testing**: xUnit, NSubstitute -**Container**: Docker, Docker Compose, Kubernetes/Helm deployable +- **Architecture**: Feature and team-based organization +- **Framework**: .NET 8.0, ASP.NET Core +- **Database**: SQL Server primary, EF Core supports PostgreSQL, MySQL/MariaDB, SQLite +- **Testing**: xUnit, NSubstitute +- **Container**: Docker, Docker Compose, Kubernetes/Helm deployable -## Development Standards +## Project Structure -### CQRS Pattern - -- Commands: `/src/Core/[Feature]/Commands/` -- Queries: `/src/Core/[Feature]/Queries/` -- Handlers implement `ICommandHandler` or `IQueryHandler` - -### API Conventions - -- RESTful endpoints with standard HTTP status codes -- Consistent error response: `{ "error": { "message": "..." } }` -- Pagination: `?skip=0&take=25` -- API versioning: `/api/v1/` - -### Database Migrations - -- **SQL Server**: Manual scripts in `/util/Migrator/DbScripts/` -- **Other DBs**: EF Core migrations via `pwsh ef_migrate.ps1` +- **Source Code**: `/src/` - Services and core infrastructure +- **Tests**: `/test/` - Test logic aligning with the source structure, albeit with a `.Test` suffix +- **Utilities**: `/util/` - Migration tools, seeders, and setup scripts +- **Dev Tools**: `/dev/` - Local development helpers +- **Configuration**: `appsettings.{Environment}.json`, `/dev/secrets.json` for local development ## Security Requirements @@ -42,20 +34,39 @@ - **Validation**: Input sanitization, parameterized queries, rate limiting - **Logging**: Structured logs, no PII/sensitive data in logs +## Common Commands + +- **Build**: `dotnet build` +- **Test**: `dotnet test` +- **Run locally**: `dotnet run --project src/Api` +- **Database update**: `pwsh dev/migrate.ps1` +- **Generate OpenAPI**: `pwsh dev/generate_openapi_files.ps1` + ## Code Review Checklist - Security impact assessed -- xUnit tests added/updated +- xUnit tests added / updated - Performance impact considered - Error handling implemented - Breaking changes documented - CI passes: build, test, lint +- Feature flags considered for new features +- CODEOWNERS file respected + +### Key Architectural Decisions + +- Use .NET nullable reference types (ADR 0024) +- TryAdd dependency injection pattern (ADR 0026) +- Authorization patterns (ADR 0022) +- OpenTelemetry for observability (ADR 0020) +- Log to standard output (ADR 0021) ## References -- [Architecture](https://contributing.bitwarden.com/architecture/server/) -- [Contributing Guidelines](https://contributing.bitwarden.com/contributing/) -- [Setup Guide](https://contributing.bitwarden.com/getting-started/server/guide/) -- [Code Style](https://contributing.bitwarden.com/contributing/code-style/) +- [Server architecture](https://contributing.bitwarden.com/architecture/server/) +- [Architectural Decision Records (ADRs)](https://contributing.bitwarden.com/architecture/adr/) +- [Contributing guidelines](https://contributing.bitwarden.com/contributing/) +- [Setup guide](https://contributing.bitwarden.com/getting-started/server/guide/) +- [Code style](https://contributing.bitwarden.com/contributing/code-style/) - [Bitwarden security whitepaper](https://bitwarden.com/help/bitwarden-security-white-paper/) - [Bitwarden security definitions](https://contributing.bitwarden.com/architecture/security/definitions)