20 KiB
CLAUDE.md
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
Project Overview
Whisper Money is a privacy-first personal finance app with end-to-end encryption. It uses Laravel 12 (PHP 8.4) backend with React 19 frontend via Inertia.js v2.
Commands
Development
composer run dev # Start full dev environment (PHP server, queue, Vite, logs)
bun run dev # Vite dev server only
Build & Quality
bun run build # Production build (don't run automatically - ask user)
bun run format # Format code with Prettier
bun run lint # ESLint with auto-fix
vendor/bin/pint --dirty # PHP code formatting
Testing
php artisan test # Run all tests
php artisan test tests/Feature/ExampleTest.php # Run specific file
php artisan test --filter=testName # Filter by test name
CI Requirements (must pass before finalizing changes)
bun install --frozen-lockfile
composer install --no-interaction --prefer-dist --optimize-autoloader
bun run build
./vendor/bin/pest
vendor/bin/pint --test
bun run format
bun run lint
Architecture
Backend (Laravel 12)
- Streamlined structure: No middleware files in
app/Http/Middleware/, configuration inbootstrap/app.php - Commands auto-register: Files in
app/Console/Commands/are automatically available - Form Requests: Always use for validation instead of inline controller validation
- Eloquent: Prefer
Model::query()overDB::, use eager loading to prevent N+1
Frontend (React 19 + Inertia v2)
- Pages:
resources/js/pages/- Inertia page components - Components:
resources/js/components/- Reusable UI components - Services:
resources/js/services/- Sync services with IndexedDB (Dexie) for offline support - Wayfinder: Type-safe routes generated in
resources/js/routes/andresources/js/actions/
Wayfinder Usage
// Import controller methods (tree-shakable)
import { show, store } from '@/actions/App/Http/Controllers/PostController'
show(1) // { url: "/posts/1", method: "get" }
show.url(1) // "/posts/1"
// With Inertia Form component
<Form {...store.form()}><input name="title" /></Form>
Navigation
- Use
router.visit()from@inertiajs/reactor<Link>component - Never use traditional
<a>tags for internal navigation
Key Conventions
- PHP: Use constructor property promotion, explicit return types, curly braces for all control structures
- TypeScript: Strict mode enabled, use proper type annotations
- Tailwind v4: CSS-first configuration with
@themedirective, use gap utilities instead of margins for spacing - Dark mode: All new components must support dark mode using
dark:variants - Tests: Write Pest tests for all changes, use factories for model creation
Database
- Eloquent relationships with return type hints
- User model uses UUID primary keys
- End-to-end encryption for sensitive financial data
===
=== foundation rules ===Laravel Boost Guidelines
The Laravel Boost guidelines are specifically curated by Laravel maintainers for this application. These guidelines should be followed closely to ensure the best experience when building Laravel applications.
Foundational Context
This application is a Laravel application and its main Laravel ecosystems package & versions are below. You are an expert with them all. Ensure you abide by these specific packages & versions.
- php - 8.4.1
- inertiajs/inertia-laravel (INERTIA) - v2
- laravel/cashier (CASHIER) - v16
- laravel/fortify (FORTIFY) - v1
- laravel/framework (LARAVEL) - v12
- laravel/pennant (PENNANT) - v1
- laravel/prompts (PROMPTS) - v0
- laravel/wayfinder (WAYFINDER) - v0
- laravel/mcp (MCP) - v0
- laravel/pint (PINT) - v1
- laravel/sail (SAIL) - v1
- pestphp/pest (PEST) - v4
- phpunit/phpunit (PHPUNIT) - v12
- @inertiajs/react (INERTIA) - v2
- react (REACT) - v19
- tailwindcss (TAILWINDCSS) - v4
- @laravel/vite-plugin-wayfinder (WAYFINDER) - v0
- eslint (ESLINT) - v9
- prettier (PRETTIER) - v3
Skills Activation
This project has domain-specific skills available. You MUST activate the relevant skill whenever you work in that domain—don't wait until you're stuck.
pennant-development— Manages feature flags with Laravel Pennant. Activates when creating, checking, or toggling feature flags; showing or hiding features conditionally; implementing A/B testing; working with @feature directive; or when the user mentions feature flags, feature toggles, Pennant, conditional features, rollouts, or gradually enabling features.wayfinder-development— Activates whenever referencing backend routes in frontend components. Use when importing from @/actions or @/routes, calling Laravel routes from TypeScript, or working with Wayfinder route functions.pest-testing— Tests applications using the Pest 4 PHP framework. Activates when writing tests, creating unit or feature tests, adding assertions, testing Livewire components, browser testing, debugging test failures, working with datasets or mocking; or when the user mentions test, spec, TDD, expects, assertion, coverage, or needs to verify functionality works.inertia-react-development— Develops Inertia.js v2 React client-side applications. Activates when creating React pages, forms, or navigation; using <Link>, <Form>, useForm, or router; working with deferred props, prefetching, or polling; or when user mentions React with Inertia, React pages, React forms, or React navigation.tailwindcss-development— Styles applications using Tailwind CSS v4 utilities. Activates when adding styles, restyling components, working with gradients, spacing, layout, flex, grid, responsive design, dark mode, colors, typography, or borders; or when the user mentions CSS, styling, classes, Tailwind, restyle, hero section, cards, buttons, or any visual/UI changes.
Conventions
- You must follow all existing code conventions used in this application. When creating or editing a file, check sibling files for the correct structure, approach, and naming.
- Use descriptive names for variables and methods. For example,
isRegisteredForDiscounts, notdiscount(). - Check for existing components to reuse before writing a new one.
Verification Scripts
- Do not create verification scripts or tinker when tests cover that functionality and prove they work. Unit and feature tests are more important.
Application Structure & Architecture
- Stick to existing directory structure; don't create new base folders without approval.
- Do not change the application's dependencies without approval.
Frontend Bundling
- If the user doesn't see a frontend change reflected in the UI, it could mean they need to run
npm run build,npm run dev, orcomposer run dev. Ask them.
Documentation Files
- You must only create documentation files if explicitly requested by the user.
Replies
- Be concise in your explanations - focus on what's important rather than explaining obvious details.
=== boost rules ===
Laravel Boost
- Laravel Boost is an MCP server that comes with powerful tools designed specifically for this application. Use them.
Artisan
- Use the
list-artisan-commandstool when you need to call an Artisan command to double-check the available parameters.
URLs
- Whenever you share a project URL with the user, you should use the
get-absolute-urltool to ensure you're using the correct scheme, domain/IP, and port.
Tinker / Debugging
- You should use the
tinkertool when you need to execute PHP to debug code or query Eloquent models directly. - Use the
database-querytool when you only need to read from the database.
Reading Browser Logs With the browser-logs Tool
- You can read browser logs, errors, and exceptions using the
browser-logstool from Boost. - Only recent browser logs will be useful - ignore old logs.
Searching Documentation (Critically Important)
- Boost comes with a powerful
search-docstool you should use before trying other approaches when working with Laravel or Laravel ecosystem packages. This tool automatically passes a list of installed packages and their versions to the remote Boost API, so it returns only version-specific documentation for the user's circumstance. You should pass an array of packages to filter on if you know you need docs for particular packages. - Search the documentation before making code changes to ensure we are taking the correct approach.
- Use multiple, broad, simple, topic-based queries at once. For example:
['rate limiting', 'routing rate limiting', 'routing']. The most relevant results will be returned first. - Do not add package names to queries; package information is already shared. For example, use
test resource table, notfilament 4 test resource table.
Available Search Syntax
- Simple Word Searches with auto-stemming - query=authentication - finds 'authenticate' and 'auth'.
- Multiple Words (AND Logic) - query=rate limit - finds knowledge containing both "rate" AND "limit".
- Quoted Phrases (Exact Position) - query="infinite scroll" - words must be adjacent and in that order.
- Mixed Queries - query=middleware "rate limit" - "middleware" AND exact phrase "rate limit".
- Multiple Queries - queries=["authentication", "middleware"] - ANY of these terms.
=== php rules ===
PHP
- Always use curly braces for control structures, even for single-line bodies.
Constructors
- Use PHP 8 constructor property promotion in
__construct().- public function __construct(public GitHub $github) { }
- Do not allow empty
__construct()methods with zero parameters unless the constructor is private.
Type Declarations
- Always use explicit return type declarations for methods and functions.
- Use appropriate PHP type hints for method parameters.
Enums
- Typically, keys in an Enum should be TitleCase. For example:
FavoritePerson,BestLake,Monthly.
Comments
- Prefer PHPDoc blocks over inline comments. Never use comments within the code itself unless the logic is exceptionally complex.
PHPDoc Blocks
- Add useful array shape type definitions when appropriate.
=== tests rules ===
Test Enforcement
- Every change must be programmatically tested. Write a new test or update an existing test, then run the affected tests to make sure they pass.
- Run the minimum number of tests needed to ensure code quality and speed. Use
php artisan test --compactwith a specific filename or filter.
=== inertia-laravel/core rules ===
Inertia
- Inertia creates fully client-side rendered SPAs without modern SPA complexity, leveraging existing server-side patterns.
- Components live in
resources/js/Pages(unless specified invite.config.js). UseInertia::render()for server-side routing instead of Blade views. - ALWAYS use
search-docstool for version-specific Inertia documentation and updated code examples. - IMPORTANT: Activate
inertia-react-developmentwhen working with Inertia client-side patterns.
=== inertia-laravel/v2 rules ===
Inertia v2
- Use all Inertia features from v1 and v2. Check the documentation before making changes to ensure the correct approach.
- New features: deferred props, infinite scrolling (merging props +
WhenVisible), lazy loading on scroll, polling, prefetching. - When using deferred props, add an empty state with a pulsing or animated skeleton.
=== laravel/core rules ===
Do Things the Laravel Way
- Use
php artisan make:commands to create new files (i.e. migrations, controllers, models, etc.). You can list available Artisan commands using thelist-artisan-commandstool. - If you're creating a generic PHP class, use
php artisan make:class. - Pass
--no-interactionto all Artisan commands to ensure they work without user input. You should also pass the correct--optionsto ensure correct behavior.
Database
- Always use proper Eloquent relationship methods with return type hints. Prefer relationship methods over raw queries or manual joins.
- Use Eloquent models and relationships before suggesting raw database queries.
- Avoid
DB::; preferModel::query(). Generate code that leverages Laravel's ORM capabilities rather than bypassing them. - Generate code that prevents N+1 query problems by using eager loading.
- Use Laravel's query builder for very complex database operations.
Model Creation
- When creating new models, create useful factories and seeders for them too. Ask the user if they need any other things, using
list-artisan-commandsto check the available options tophp artisan make:model.
APIs & Eloquent Resources
- For APIs, default to using Eloquent API Resources and API versioning unless existing API routes do not, then you should follow existing application convention.
Controllers & Validation
- Always create Form Request classes for validation rather than inline validation in controllers. Include both validation rules and custom error messages.
- Check sibling Form Requests to see if the application uses array or string based validation rules.
Authentication & Authorization
- Use Laravel's built-in authentication and authorization features (gates, policies, Sanctum, etc.).
URL Generation
- When generating links to other pages, prefer named routes and the
route()function.
Queues
- Use queued jobs for time-consuming operations with the
ShouldQueueinterface.
Configuration
- Use environment variables only in configuration files - never use the
env()function directly outside of config files. Always useconfig('app.name'), notenv('APP_NAME').
Testing
- When creating models for tests, use the factories for the models. Check if the factory has custom states that can be used before manually setting up the model.
- Faker: Use methods such as
$this->faker->word()orfake()->randomDigit(). Follow existing conventions whether to use$this->fakerorfake(). - When creating tests, make use of
php artisan make:test [options] {name}to create a feature test, and pass--unitto create a unit test. Most tests should be feature tests.
Vite Error
- If you receive an "Illuminate\Foundation\ViteException: Unable to locate file in Vite manifest" error, you can run
npm run buildor ask the user to runnpm run devorcomposer run dev.
=== laravel/v12 rules ===
Laravel 12
- CRITICAL: ALWAYS use
search-docstool for version-specific Laravel documentation and updated code examples. - Since Laravel 11, Laravel has a new streamlined file structure which this project uses.
Laravel 12 Structure
- In Laravel 12, middleware are no longer registered in
app/Http/Kernel.php. - Middleware are configured declaratively in
bootstrap/app.phpusingApplication::configure()->withMiddleware(). bootstrap/app.phpis the file to register middleware, exceptions, and routing files.bootstrap/providers.phpcontains application specific service providers.- The
app\Console\Kernel.phpfile no longer exists; usebootstrap/app.phporroutes/console.phpfor console configuration. - Console commands in
app/Console/Commands/are automatically available and do not require manual registration.
Database
- When modifying a column, the migration must include all of the attributes that were previously defined on the column. Otherwise, they will be dropped and lost.
- Laravel 12 allows limiting eagerly loaded records natively, without external packages:
$query->latest()->limit(10);.
Models
- Casts can and likely should be set in a
casts()method on a model rather than the$castsproperty. Follow existing conventions from other models.
=== pennant/core rules ===
Laravel Pennant
- This application uses Laravel Pennant for feature flag management, providing a flexible system for controlling feature availability across different organizations and user types.
- IMPORTANT: Always use
search-docstool for version-specific Pennant documentation and updated code examples. - IMPORTANT: Activate
pennant-developmentevery time you're working with a Pennant or feature-flag-related task.
=== wayfinder/core rules ===
Laravel Wayfinder
Wayfinder generates TypeScript functions for Laravel routes. Import from @/actions/ (controllers) or @/routes/ (named routes).
- IMPORTANT: Activate
wayfinder-developmentskill whenever referencing backend routes in frontend components. - Invokable Controllers:
import StorePost from '@/actions/.../StorePostController'; StorePost(). - Parameter Binding: Detects route keys (
{post:slug}) —show({ slug: "my-post" }). - Query Merging:
show(1, { mergeQuery: { page: 2, sort: null } })merges with current URL,nullremoves params. - Inertia: Use
.form()with<Form>component orform.submit(store())with useForm.
=== pint/core rules ===
Laravel Pint Code Formatter
- You must run
vendor/bin/pint --dirtybefore finalizing changes to ensure your code matches the project's expected style. - Do not run
vendor/bin/pint --test, simply runvendor/bin/pintto fix any formatting issues.
=== pest/core rules ===
Pest
- This project uses Pest for testing. Create tests:
php artisan make:test --pest {name}. - Run tests:
php artisan test --compactor filter:php artisan test --compact --filter=testName. - Do NOT delete tests without approval.
- CRITICAL: ALWAYS use
search-docstool for version-specific Pest documentation and updated code examples. - IMPORTANT: Activate
pest-testingevery time you're working with a Pest or testing-related task.
=== inertia-react/core rules ===
Inertia + React
- IMPORTANT: Activate
inertia-react-developmentwhen working with Inertia React client-side patterns.
=== tailwindcss/core rules ===
Tailwind CSS
- Always use existing Tailwind conventions; check project patterns before adding new ones.
- IMPORTANT: Always use
search-docstool for version-specific Tailwind CSS documentation and updated code examples. Never rely on training data. - IMPORTANT: Activate
tailwindcss-developmentevery time you're working with a Tailwind CSS or styling-related task.
=== laravel/fortify rules ===
Laravel Fortify
Fortify is a headless authentication backend that provides authentication routes and controllers for Laravel applications.
Before implementing any authentication features, use the search-docs tool to get the latest docs for that specific feature.
Configuration & Setup
- Check
config/fortify.phpto see what's enabled. Usesearch-docsfor detailed information on specific features. - Enable features by adding them to the
'features' => []array:Features::registration(),Features::resetPasswords(), etc. - To see the all Fortify registered routes, use the
list-routestool with theonly_vendor: trueandaction: "Fortify"parameters. - Fortify includes view routes by default (login, register). Set
'views' => falsein the configuration file to disable them if you're handling views yourself.
Customization
- Views can be customized in
FortifyServiceProvider'sboot()method usingFortify::loginView(),Fortify::registerView(), etc. - Customize authentication logic with
Fortify::authenticateUsing()for custom user retrieval / validation. - Actions in
app/Actions/Fortify/handle business logic (user creation, password reset, etc.). They're fully customizable, so you can modify them to change feature behavior.
Available Features
Features::registration()for user registration.Features::emailVerification()to verify new user emails.Features::twoFactorAuthentication()for 2FA with QR codes and recovery codes.- Add options:
['confirmPassword' => true, 'confirm' => true]to require password confirmation and OTP confirmation before enabling 2FA.
- Add options:
Features::updateProfileInformation()to let users update their profile.Features::updatePasswords()to let users change their passwords.Features::resetPasswords()for password reset via email.