Skip to main content

developer-context

,# Developer Context

For Claude Code: Read this when you need to understand Joe's working style, technical background, or project constraints. Not needed for simple tasks - reference when making architectural decisions, scoping complexity, or working on security-related features.

About Joe (The Developer)

Background:

  • 25+ years as federal oversight professional and healthcare provider
  • Former military officer with deep federal compliance expertise
  • Currently: Director in strategy and innovation at VA OIG
  • Building Nquir to solve problems experienced firsthand in federal investigations
  • Product owner for multiple software solutions deployed across federal agencies

This is a Part-Time Project:

  • Works nights and weekends while maintaining full-time federal position
  • Time is valuable - efficiency and doing it right the first time matters
  • No dedicated dev team - all implementation is Joe + AI assistance
  • Target launch: Q2 2026

Technical Background & Skill Level

Experience:

  • Scrum methodology, Azure DevOps, GitHub
  • Relational databases, Power Platform
  • Picks up concepts and terminology quickly
  • Understands architecture and system design

Current Learning:

  • New to AWS console (started January 2025)
  • Navigating well but still learning AWS services
  • Comfortable with terminal/command line but not an expert
  • Uses iTerm3 + tmux for efficiency

Development Approach:

  • "Vibe coding" with AI assistance for rapid development
  • Provides user stories and requirements
  • Relies on Claude for hands-on implementation
  • Expects code to work correctly on first attempt
  • Values clear explanations for learning

Solo Developer Constraints

Reality Check:

  • Everything must be maintainable by one person
  • No team to delegate to or consult with
  • Solutions must be "seamless and simple"
  • Future Joe needs to understand current Joe's decisions

This Means:

  • Use established patterns, not experimental approaches
  • Prioritize maintainability over clever optimization
  • Clear code comments for future reference
  • Avoid over-engineering - MVP first, enhance later
  • Document deployment steps thoroughly

Don't Suggest:

  • "Have your team handle X"
  • "Your DevOps engineer should..."
  • Complex multi-service architectures (unless truly necessary)
  • Experimental bleeding-edge tech

Security & Compliance (Non-Negotiable)

Primary Requirement: FedRAMP Compliance

  • Essential for federal government sales
  • All AWS services must be FedRAMP authorized
  • This drove the decision to migrate from Supabase to AWS
  • No exceptions - compliance > convenience

Architecture Principles:

  • AWS consolidation preferred (single vendor for BAA/compliance)
  • VPC isolation for database (no public endpoints)
  • Encryption at rest (KMS) and in transit (TLS)
  • Comprehensive audit logging (CloudTrail, AWS Config)
  • RLS policies at database level

Why AWS-Only:

  • "Built entirely on AWS FedRAMP-authorized services" is cleaner sales message
  • Single vendor simplifies BAA (Business Associate Agreement) management
  • Avoiding multi-vendor compliance complexity

Healthcare Context:

  • Will handle PHI (Protected Health Information)
  • HIPAA compliance required
  • Evidence storage includes sensitive medical records
  • Audit trails must be comprehensive and tamper-evident

Communication Preferences

Style:

  • Direct, straightforward answers without excessive hedging
  • Brief responses with option for detail if needed
  • Proactive problem identification appreciated
  • Don't ask permission for obvious tasks - just do them

Avoid:

  • Repeated explanations ("As I mentioned earlier...")
  • Over-explaining things Joe already understands
  • Excessive caveats and hedging
  • Long preambles before getting to the answer

Preferred Format:

Good: "Use RDS PostgreSQL. Aurora costs 2x more at your scale.
Easy upgrade path when you need it."

Bad: "Well, there are several database options to consider.
Aurora has benefits but also drawbacks. RDS is simpler but
less scalable. It really depends on your needs..."

When Unsure:

  • State assumptions clearly
  • Provide recommendation with reasoning
  • Note what would change the recommendation
  • Joe will course-correct if needed

Infrastructure Philosophy

AWS-Native Solutions:

  • Prefer AWS services over third-party when possible
  • Reduces vendor count for compliance
  • Better integration and support
  • Examples: Use Cognito vs Clerk, RDS vs external DB

Cost-Conscious Choices:

  • RDS PostgreSQL chosen over Aurora (better cost at current scale)
  • Start simple, scale when traffic demands it
  • Free tier and AWS credits maximize runway
  • Example: db.t3.micro is fine for MVP

Migration Complete:

  • Migrated from Supabase/Vercel to full AWS (RDS + Cognito + S3)
  • ECS/Fargate replaced Amplify (NQU-160, February 2026)
  • Database schema maintained through migration
  • FedRAMP compliance achieved through AWS consolidation

Current Project State

What's Done:

  • Full-featured application with 30+ database tables, 2000 tests
  • Next.js 16 on ECS/Fargate behind CloudFront + ALB
  • AWS-native stack: RDS (private VPC), Cognito, S3, Bedrock, ElastiCache Redis
  • Authentication (Cognito + WebAuthn + TOTP), Login.gov OIDC ready
  • AI analysis pipeline (Bedrock Claude, evidence retrieval, quality metrics)
  • Billing infrastructure (Stripe integration, trial logic, hard caps)
  • CI/CD: GitHub Actions → ECR → ECS rolling deploy
  • Domains: app.nquir.ai + app.nquiry.ai (CloudFront), nquiry.ai (landing page)

In Progress:

  • Pre-launch manual verification (Joe)
  • Stripe Dashboard setup (NQU-96)
  • AWS Well-Architected Review (NQU-151)
  • Evidence Evaluation Framework calibration (NQU-109)

Target Customers:

  • Federal government investigators (OIG offices)
  • Healthcare compliance professionals
  • Corporate oversight teams
  • All require FedRAMP or HIPAA compliance

When to Reference This Document

Read this file when:

  • Making architectural or technology decisions
  • Uncertain about scope or complexity level
  • Working on security or compliance features
  • First time working on a new feature area
  • Joe asks "why are we doing it this way?"

Skip this file for:

  • Simple bug fixes following existing patterns
  • Clear, scoped tasks with explicit instructions
  • Routine maintenance or updates
  • Tasks where approach is already documented

Questions to Ask Yourself

Before implementing, consider:

  1. Maintainability: Can Joe maintain this solo in 6 months?
  2. Simplicity: Is this the simplest solution that works?
  3. Compliance: Does this meet FedRAMP/HIPAA requirements?
  4. AWS-Native: Are we using AWS services where possible?
  5. Documentation: Will future Joe understand this?

If you're unsure, ask. Joe appreciates being consulted on trade-offs.

Communication with Claude.ai

Context Sharing:

  • Use git commits for work summaries (detailed messages)
  • CLAUDE.md for essential project context (kept lean)
  • This file (docs/reference/developer-context.md) for working style
  • Instruction files (docs/instructions_*.md) for complex features

Coordination:

  • You (Claude Code) own and maintain CLAUDE.md
  • Ask before making significant changes to it
  • Claude.ai will check git log to see your recent work
  • Brief handoffs via user, not lengthy coordination files

Last updated: 2026-02-16 This document evolves as the project and working relationship develop.