Cadence Learn / Set up your machine
Cadence Learn · Module 01 — Set up your machine

Start coding the right way.

This walks you from a blank computer to a real workflow: a tidy project folder, your code safely backed up on GitHub, free cloud accounts, and an AI mentor named Ada that remembers the decisions you make. Do it in order, top to bottom. Take your time — you only set this up once.

The big picture — how it all connects

Four pieces work together. You build on your laptop — everything else lives in the cloud, and each does one job: keep your code safe, remember your data, and put your project online.

IN THE CLOUD (FREE ACCOUNTS) YOU ARE HERE Your laptop You + Ada build here backs up code saves memory & data publishes site GitHub Your code, backed up — every version saved. Supabase Ada's memory + your app's data, in the cloud. Cloudflare Your finished project, live for the world to see.

The arrows show what moves between them. Later, when your project is live on Cloudflare, it reads its data from Supabase too — so your site and your database stay in sync.

01 Set up your computer

Install the five tools every coder needs

You need a small set of tools before you write a line of code. These instructions are written for a Mac (the most common setup); Windows notes are called out where they differ. Install them in this order.

1 · The terminal — how it works

The terminal is a window where you type commands instead of clicking. It looks intimidating at first, but it's just a direct way to tell your computer exactly what to do. On a Mac it's already installed — press ⌘ + Space, type Terminal, and hit Enter. On Windows, install Windows Terminal and use it with WSL (see the box below).

Every command in this guide is shown in a dark box like this one. The $ is just the prompt — the computer telling you it's ready. Don't type the $; type (or paste) everything after it, then press Enter to run it.

Terminal — try this to see how it works
$ pwd            # "print working directory" — shows where you are
/Users/you
  • Paste a copied command with ⌘ + V, then press Enter.
  • Commands are picky — exact spelling, spaces, and capital letters all matter.
  • If a command hangs or runs away, press Ctrl + C to stop it.
  • If a command finishes with no error message, it worked. Silence is good news.

Three commands you'll use constantly to move around your files:

Terminal — the three you'll never stop using
$ pwd            # where am I right now?
$ ls             # list the files & folders here
$ cd ~/Dev       # change into a folder (here: ~/Dev)
i
Windows users

The smoothest path on Windows is WSL (Windows Subsystem for Linux). Open PowerShell as Administrator and run wsl --install. It gives you a real Linux environment where every command below works the same as on a Mac.

2 · Homebrew (Mac package manager)

Homebrew installs other tools for you with one command each. Paste this into your terminal and press Enter:

Terminal
$ /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

Follow the prompts. When it finishes, it may print two lines starting with echo — run those so your terminal can find brew.

3 · Git (version control)

Git is the tool that saves the history of your code so you never lose work. Install it:

Terminal
$ brew install git

4 · A code editor — VS Code

Visual Studio Code is the free editor most people start with. Download it, drag it to Applications, then open it once and press ⌘ + Shift + P → type "shell command" → choose "Install 'code' command in PATH". Now you can open any folder from the terminal by typing code .

5 · Python & Node

Node is needed to install Claude Code (next step) and lots of web tools; Python is a beginner-friendly language you'll likely write soon. Install both now:

Terminal
$ brew install python node

6 · Claude Code — your AI coding partner (install this in the terminal)

This is the big one. Claude Code is Claude that lives in your terminal — it reads your files, runs commands, and builds with you. Install it with Node, sign in with your Claude subscription, then confirm it's there:

Terminal
$ npm install -g @anthropic-ai/claude-code   # installs the `claude` command
$ claude --version                          # confirms it installed
$ claude                                     # first run walks you through signing in

If claude --version prints a number, you're set. Full install docs: docs.claude.com/en/docs/claude-code/setup.

i
Use Claude Code — not the website

You may have chatted with Claude at claude.ai in a browser. For building software, use Claude Code — the terminal version you just installed. The difference is big: the website can only talk to you, but Claude Code can actually read and edit the files in your project, run commands for you, and plug into tools like your database (that's Part 07). That's what turns it from a chatbot into a hands-on coding partner. Everywhere this guide says "Ada," it means Claude Code running in your terminal.

02 Project layout

One home for everything: ~/Dev

Every project you ever build lives inside one folder called Dev in your home directory. The ~ symbol is shorthand for "my home folder." Keeping one home for your code means you never hunt around your computer wondering where something went.

Terminal
$ mkdir -p ~/Dev
$ cd ~/Dev

Inside ~/Dev, each project gets its own folder. One folder = one project = one Git repository = (usually) one GitHub repo. That's the whole rule.

~/Dev/ — how it grows
Dev/
├── hello-world/        # your first project
│   ├── index.html
│   └── README.md
├── weather-app/        # a later project
└── portfolio-site/     # another one
i
Name folders like a pro

Use lowercase-with-dashes: weather-app, not Weather App. No spaces, no capitals. Spaces cause endless headaches in the terminal.

Make your first project folder now — you'll connect it to GitHub in Part 04:

Terminal
$ cd ~/Dev
$ mkdir hello-world
$ cd hello-world
$ code .            # opens this folder in VS Code
i
Start Claude here

Always launch claude from inside a project folder (like ~/Dev/hello-world). It works with the folder you're standing in, so cd into the project first, then run claude.

03 Vocabulary

Git in plain English

Git has its own words. You'll see them everywhere, so here's what each one actually means. Don't memorize this — just read it once and come back when a word confuses you.

repository
A project that Git is tracking — its code plus the full history of every change. Everyone calls it a "repo."
commit
A saved snapshot of your project at one moment, with a short message describing what changed. Think of it as a checkpoint in a video game.
working directory
The actual files on your computer right now, before you've saved a snapshot.
staging area
A holding zone where you pick which changes go into your next commit. You add files to it with git add.
branch
A separate line of work. You make changes on a branch so your main code stays safe until you're happy. The default branch is called main.
remote
A copy of your repo that lives somewhere else — usually on GitHub. Your backup in the cloud.
origin
The default nickname for your main remote (your GitHub copy). "Push to origin" = send to GitHub.
clone
Download a full copy of a repo from GitHub onto your computer.
push
Send your commits up to GitHub.
pull
Bring down changes from GitHub into your local copy.
merge
Combine the work from one branch into another.
conflict
When two changes touch the same line and Git can't decide which wins — it asks you to choose. Normal, not scary.
pull request (PR)
On GitHub: a proposal to merge one branch into another, so changes can be reviewed before they land.
.gitignore
A file listing things Git should never track — secrets, junk, huge files. Your safety net against leaking passwords.
status / diff / log
status = what's changed; diff = the exact line-by-line changes; log = the history of commits.
04 GitHub

Create a free GitHub account & connect your project

GitHub is where your code lives online — a free backup and a portfolio employers can see. Let's create the account and push your first project to it.

Step 1 — Create the account

  1. Go to github.com/signup and sign up. Pick a username you'd be happy putting on a résumé — alex-rivera beats xX_gamer_Xx.
  2. Verify your email.
  3. Turn on two-factor authentication when prompted — it protects your account. How-to here.

Step 2 — Tell Git who you are

Do this once on your computer so every commit is signed with your name:

Terminal
$ git config --global user.name  "Your Name"
$ git config --global user.email "you@example.com"   # same email as GitHub

Step 3 — Install the GitHub CLI & log in

The GitHub CLI is the easiest way to connect your terminal to GitHub — no fiddly key setup.

Terminal
$ brew install gh
$ gh auth login      # choose: GitHub.com → HTTPS → login with browser

Step 4 — Turn your folder into a repo & push it

From inside your project folder, these commands create the repo, make your first commit, and publish it to GitHub in one flow:

Terminal — inside ~/Dev/hello-world
$ git init                         # start tracking this folder
$ git add .                        # stage everything
$ git commit -m "First commit"     # save the first snapshot
$ gh repo create hello-world --source=. --private --push

That last line creates a private repo named hello-world on GitHub and pushes your code to it. Open it in your browser:

Terminal
$ gh repo view --web
i
The everyday save loop

Saving your work to GitHub is really just three commands — git add .git commit -m "what I changed"git push. Good news: once you finish Part 07, Ada runs these for you automatically. You're learning them here so you understand what Ada is doing on your behalf — not because you'll have to type them all day.

05 Supabase

Create a free Supabase account

?
What is Supabase?

Programs often need to remember things between runs — users, scores, notes, your Ada decisions. A database is where that information is stored. Normally you'd have to run and maintain a database server yourself, which is a pain. Supabase hosts one for you, for free, in the cloud. It gives you a web dashboard to look at your data and a web address your code can talk to. Think of it as a smart, shareable spreadsheet that your programs can read from and write to.

You'll use it in Part 07 to give Ada a memory. Setting it up now takes two minutes.

  1. Go to supabase.com/dashboard and sign in with your GitHub account (the button is right there).
  2. Click New project. Give it a name like my-memory, and let it generate a database password — copy that password somewhere safe (a password manager, not a text file in your project).
  3. Pick the region closest to you and click Create new project. It takes a minute or two to spin up.
  4. That's it — once it says the project is ready, your database is live. You don't need to copy anything down right now; in Part 07 you'll connect Ada to it and grab the one code it needs.
i
Nothing to configure yet

You don't build any tables or write any database code by hand. In Part 07 you'll connect Ada to this project, and Ada sets up your database for you — you just ask.

06 Cloudflare

Create a free Cloudflare account

?
What is Cloudflare?

Building something on your computer is one thing; putting it on the internet so other people can visit it is another. Cloudflare runs a huge slice of the internet's plumbing, and the part that's useful to you is free hosting: it takes a website or app you've built and publishes it at a real web address anyone in the world can open — fast and secure, at no cost. When you make something you're proud of, this is how you show it off without renting a server.

You don't need it today, but setting up the account now means it's ready when you build something worth sharing.

  1. Sign up at dash.cloudflare.com/sign-up and verify your email.
  2. Install Wrangler, Cloudflare's command-line tool, and log in:
Terminal
$ npm install -g wrangler
$ wrangler login     # opens your browser to approve

When you're ready to publish your first site, the docs walk you through it: Cloudflare Pages — Get started. For now, having the account and Wrangler installed is enough.

07 One-time setup

The one-time setup — copy, paste, done

This is the part that makes everything else automatic. In a few paste-and-run commands you'll connect Ada to your Supabase database and your Cloudflare account, then drop in one settings file that bakes all the good habits into Ada. You do this once. After that, you just talk to Ada and it handles the database work, the backups, and the safety for you.

?
First — what's an MCP?

An MCP (Model Context Protocol) is a way to give Ada new abilities by plugging in tools — a bit like installing apps on a phone. A Supabase tool lets Ada use your database directly (create tables, save your decisions). A Cloudflare tool lets Ada manage your websites. You plug each one in with a single command, once — after that, Ada just uses them when needed and you never think about them again.

Before you paste: grab two values from Supabase

Ada needs two pieces of info to reach your database. Both come from your Supabase project (Part 05):

  • Project ref — open Project Settings → General and copy the Reference ID (a short code like abcdefghijklmnop).
  • Access token — go to supabase.com/dashboard/account/tokens, click Generate new token, name it reggie, and copy it. You only see it once, so copy it now.
!
Treat the token like a password

Don't paste it into a project file or share it. In the command below it goes straight into Claude Code's own private settings — safe, and nowhere near your code or GitHub.

Step 1 — Connect Ada's tools

Replace the two CAPITALIZED placeholders with your values, then paste each line and press Enter:

Terminal — connect Supabase + Cloudflare
# 1) Supabase — swap in YOUR_TOKEN and YOUR_PROJECT_REF
$ claude mcp add supabase --env SUPABASE_ACCESS_TOKEN=YOUR_TOKEN -- npx -y @supabase/mcp-server-supabase@latest --project-ref=YOUR_PROJECT_REF

# 2) Cloudflare — no token needed
$ claude mcp add --transport sse cloudflare https://bindings.mcp.cloudflare.com/sse
i
The Cloudflare browser pop-up is normal

The first time Ada uses the Cloudflare tool, it opens your browser to ask you to sign in and approve. That's expected — just click approve. It only happens once.

Step 2 — Install your habits (one paste)

This single command writes Ada's settings file, ~/Dev/CLAUDE.md. It's the brain of your setup: it tells Ada to keep your memory and to do all the good habits for you automatically. Select the whole block below — from cat to EOF — paste it, and press Enter.

Terminal — paste the entire block
$ cat > ~/Dev/CLAUDE.md <<'EOF'
# My workspace — Ada reads this at the start of every session.

You are **Ada**, my coding mentor. I'm new to programming, so keep things
simple, work in small steps, show me (don't just tell me), and correct my
mistakes kindly.

## How my projects work
- Every project lives in its own folder under ~/Dev/. Use full paths.
- One project = one folder = one GitHub repo.

## My memory — you keep it for me, using your Supabase tools
- At the START of every session, read the most recent rows from my `decisions`
  table so you know what we've already decided.
- If the `decisions` table doesn't exist yet, create it with columns: id (uuid
  primary key default gen_random_uuid()), created_at (timestamptz default now()),
  project (text), topic (text), decision (text), rationale (text).
- Whenever we make a real decision — a choice, a tradeoff, a "we'll do X not Y" —
  save it to the `decisions` table right away, without being asked: the topic,
  what we decided, and why.

## Protect my code — do these FOR me automatically. I should never have to ask.
- COMMIT OFTEN: after we finish any working change, make a git commit with a
  clear message. Don't wait for me to ask.
- PUSH AT THE END: when we wrap up, push my commits to GitHub so my work is
  backed up in the cloud.
- NEVER LEAK SECRETS: make sure every project has a .gitignore excluding .env,
  .env.*, node_modules/, and .DS_Store. Create it if missing. Never put
  passwords or keys directly in code.
- USE DOPPLER FOR REAL KEYS: when a project needs its own API keys, set it up
  with Doppler (doppler setup) and run it with `doppler run` so keys are
  injected at runtime and never live in a file. Ask me to paste the values.
- STAY FREE + CAP SPEND: prefer free tiers always. Before we add any paid
  service or a usage-billed API key, STOP and tell me to set a low spending
  limit / usage cap and a billing alert first. Flag anything that could cost
  money before we wire it in.
- DESIGN FOR MANY USERS WHEN IT'S REAL: a hello-world doesn't need this, but
  the moment a project will have real users or customers, design it
  multi-tenant from the start — an owner column (user_id) on every table,
  filter every query by it, turn on Row Level Security, and take identity from
  the session, never the browser. Warn me if we're about to store shared data
  without it.
- BRANCH FOR RISKY WORK: before a big or uncertain change, make a new git branch
  so my working version stays safe.
- README FOR EVERY PROJECT: create a short README.md (what it is, how to run it)
  when we start a new project.

## Models
- Tell me when a task is worth switching to the Fable model for deeper thinking,
  and remind me to switch back to Opus for everyday work.
EOF

Step 3 — Check it worked

Terminal
$ claude mcp list     # you should see both "supabase" and "cloudflare"

Step 4 — Let Ada build your memory

Now start Ada and just ask. It creates your decision memory itself, through the Supabase tool — you never touch a database.

Terminal
$ cd ~/Dev
$ claude

Then type this to Ada (this goes into the Claude chat, not the terminal):

Say to Ada

Set up my decision memory — create the decisions table from my CLAUDE.md, then save a first note that we finished setup today. Confirm when it's ready.

Ada creates the table, saves the note, and reads it back to you. Your infrastructure is done — for good. 🎉 From here on, you just build, and Ada quietly keeps your memory and your backups running.

08 Flow

Running Claude in bypass-permissions mode

By default, Claude Code asks for your approval before it runs a command or edits a file. That's a good safety net while you're learning. But once you trust what you're doing, constant approvals break your flow. Bypass-permissions mode lets Claude act without stopping to ask each time.

Terminal — start Claude in bypass mode
$ claude --dangerously-skip-permissions

You can also toggle it from inside a session — press Shift + Tab to cycle through the permission modes until it shows bypass permissions.

!
Read this before you use it

The flag is called "dangerously" for a reason: in this mode Claude can run any command — including deleting files — without asking. That's fine, but only when both of these are true:

① You're inside a project folder whose code is already committed to GitHub (so nothing is truly lost — you can always get it back). ② You trust the task and aren't pasting in instructions from a random website.

The habit that makes this safe: commit before you start, commit often while you go. Git is your undo button. As long as your work is pushed to GitHub, bypass mode can't cost you anything you can't recover.

Rule of thumb: use normal mode when you're exploring something new or nervous about it; switch to bypass mode for the steady, repetitive building once you know where you're headed.

09 Choosing a model

Opus vs Fable 5 — which one, when

Claude comes in different models. Two matter for you. Switch between them anytime by typing /model in a Claude session. The whole trick is matching the model to the kind of thinking the task needs.

your default — ~90% of the time

Opus 4.8

Fast, capable, and cost-efficient. This is your everyday workhorse — reach for it unless you have a clear reason not to.

  • Writing code from a clear plan
  • Fixing bugs and errors
  • Following steps & refactoring
  • Learning, explaining, tidying up
  • Anything routine or repetitive
reach for it — ~10% of the time

Fable 5

Deeper judgment, but slower and more expensive. Use it when the thinking itself is the hard part — not the typing.

  • Designing something from a blank page
  • A tricky bug you're truly stuck on
  • Weighing real trade-offs / architecture
  • Big decisions that are costly to undo
The one-line test: "Is the judgment itself the deliverable?" If yes — you're designing, deciding, or untangling something genuinely hard — that's a Fable moment. If the path is clear and you just need it built well, that's Opus. And if you catch yourself doing plain, mechanical work on Fable, switch back to Opus — don't leave the expensive meter running.
i
Bonus

On Opus you can turn on fast mode with /fast for quicker responses — same smart model, just snappier. Great for the everyday building loop.

10 Peace of mind

What Ada now handles for you

Here's the best part. That settings file you pasted in Part 07 quietly turned all the "good coding habits" into things Ada does for you automatically — you don't have to remember any of them. You don't need to memorize the git commands below; you just need to trust that they're happening. Here's what's going on behind the scenes:

Saves your work
After every change that works, Ada commits a snapshot. When you wrap up, it pushes everything to GitHub. Your code is always backed up — nothing you build can just vanish.
Guards your secrets
Ada keeps a .gitignore in every project so passwords and keys never get uploaded to GitHub by accident — and for real API keys, Ada uses Doppler (Part 11) so they never sit in a file at all.
Uses safe branches
Before anything risky, Ada works on a separate branch — so your working version is never the thing being experimented on.
Documents projects
Every new project gets a short README.md explaining what it is and how to run it.
Watches your spending
Ada flags anything that could cost money and reminds you to set a low cap before you use it — so a mistake stays a lesson, not a bill.
Remembers the "why"
Every real decision goes into your Supabase database, and Ada reads them back next time — so you never lose the thread of why you built something a certain way.
i
You can always ask

You don't manage any of this — but you can check on it anytime. Just talk to Ada:

Say to Ada

Did you save my work to GitHub? And what did we decide last time we worked on this?

That's what "coding correctly" really means for you right now: your code is protected and your reasoning is remembered — and you didn't have to become an expert to get there.

11 Level up

Doppler — a safe home for your keys

As you build real projects, they'll need secret keys of their own — an API key for a weather service, a maps provider, a payment company. The habit you already have (never commit secrets, keep a .gitignore) stops those keys leaking to GitHub. Doppler is the next level up: it means your keys don't sit in a file on your laptop at all.

?
What is Doppler?

A free secrets manager. Instead of pasting API keys into a .env file, you keep them in Doppler's secure vault (a website + a small command-line tool). When you run your app, Doppler hands it the keys just for that run — nothing is written to disk. Change or remove a key in one place and every project using it updates. Think of it as a password manager, but for the keys your programs use.

Why bother, in one line each

  • Keys never live in your files → they can't be committed or leaked by accident.
  • One place to manage them → add, change, or revoke a key without hunting through folders.
  • Same keys everywhere → your laptop today and your live site later pull from the same vault, no copy-paste.

Set it up (once)

  1. Create a free account at dashboard.doppler.com — sign in with your GitHub account.
  2. Install the command-line tool and log in:
Terminal
$ brew install dopplerhq/cli/doppler   # installs the `doppler` command
$ doppler login                        # opens your browser to approve

Use it in a project

Inside a project that needs secrets, connect it to Doppler, add a key, then run your app through Doppler so the key is injected:

Terminal — inside your project folder
$ doppler setup                         # pick/create a project + the "dev" config
$ doppler secrets set WEATHER_API_KEY   # it prompts you to paste the value
$ doppler run -- node index.js          # runs your app with the key injected

Your code reads the key the normal way — process.env.WEATHER_API_KEY in Node, os.environ["WEATHER_API_KEY"] in Python — but it was never in a file on your computer.

Managing your keys well

Storing keys safely is step one. A few habits keep them safe over time — and Doppler makes every one of them easy:

  • One key per project. Don't reuse the same key everywhere. If one leaks, only that one project is exposed.
  • Give a key the least access it needs. Many services let you make a key read-only or scope it to one feature — pick the smallest option that works.
  • Rotate a key the moment it might have leaked (you pasted it somewhere public, a laptop went missing). Generate a fresh one, update it in Doppler, delete the old one — nothing else in your code has to change.
  • Revoke keys you're done with in the provider's dashboard, so old keys can't be used against you.
Say to Ada

Set this project up with Doppler and run it with the secrets injected — I'll paste the key when you ask.

!
Two things to remember

Keep your .gitignore anyway — belt and suspenders. And never paste a real key straight into your code or into a chat message; set it in Doppler and let it be injected.

i
What about the Supabase token from Part 07?

That one already lives safely inside Claude Code's own private settings, not in your project — so it's handled. Doppler is for the keys your own apps will need as you build them.

12 Protect your wallet

Set spending limits — so a mistake can never cost you

Almost everything in this guide is free, and you should keep it that way while you learn. The one real money risk in coding is an app — or a leaked key — that gets used far more than you expected. A few minutes setting limits means a mistake stays a lesson, not a bill.

i
The golden rule

Stay on the free tier. None of the accounts in this guide will charge you unless you deliberately upgrade. When a service asks for a credit card, treat it as your cue to stop and set a limit first.

Where money can actually leak — and what to do

Ada / Claude Code
A flat subscription. No per-use charges, nothing to cap. You're safe here.
GitHub
Free for your projects, no usage billing. You're safe here.
Supabase
Start on the Free plan — no card needed. If you ever upgrade to Pro, turn on the "spend cap" so it can't bill you beyond the plan.
Cloudflare
The Free plan covers a huge amount. Stay on it; Cloudflare won't charge you without an explicit upgrade.
Paid API keys
Weather, maps, AI, payments — this is the real risk. Before you use the key in an app, open the provider's billing settings and set a low monthly usage limit and a billing alert.

Two settings to turn on for anything that could bill you

  1. A spending limit (or usage cap) — a hard ceiling the service will not cross, even if something goes wrong.
  2. A billing alert — an email that warns you as you approach the ceiling.

Set both low while you're learning — a few dollars is plenty. You can always raise them later once you know what an app actually uses.

Say to Ada

Before we use this service — is there a free tier, and does it have a spending limit? Remind me to set a low cap before we wire it in.

!
Keys and limits protect you together

A leaked key is how surprise bills happen — someone else runs up usage on your account. That's why keys go in Doppler (Part 11) and why you cap spending here. One hides the key; the other limits the damage if it ever gets out.

13 Think ahead

Build for many users from day one

Your first projects might be just for you. But the moment an app has real users — or paying customers — it has to keep each person's data separate and private. That's called multi-tenancy, and it's one of those things that's easy to build in from the start and painful to bolt on later. You don't need it for a hello-world. But learn the shape now, so you recognize the moment you do.

?
What is multi-tenancy?

One app, serving many separate "tenants" (users, teams, or companies) out of the same database — while making sure no tenant can ever see another's data. Your email works this way: millions of people, one system, and you only ever see your inbox. This is exactly how professional platforms — including the ones we build at Cadence — keep thousands of customers apart.

The one habit that matters most: tag every row with its owner

From your very first table, give every row an owner column. Every piece of data belongs to someone. Add it on day one — adding it later means rewriting every table.

SQL — every table carries its owner
create table notes (
  id          uuid primary key default gen_random_uuid(),
  user_id     uuid not null references auth.users,  -- who owns this row
  body        text,
  created_at  timestamptz default now()
);

The rules that keep data private

  • Filter every query by the owner. Never fetch data without asking "whose is it?" — no exceptions.
  • Let the database enforce it, too. Turn on Row Level Security (RLS) in Supabase so the database itself blocks cross-tenant reads — a safety net for the day you forget a filter in code.
  • Never trust the browser for identity. Get the owner's id from the logged-in session on the server, never from a value the browser sends — the browser can lie.
  • One shared set of tables, separated by that key. Don't build a separate database per customer — it's the wrong default and a nightmare to maintain.
SQL — Supabase RLS: each person sees only their own rows
alter table notes enable row level security;

create policy "own rows only" on notes
  for all using ( auth.uid() = user_id );   -- the DB enforces the wall
!
The things that get you in trouble

Forgetting the owner filter on one query — the single most common serious bug: users suddenly see each other's data. (This is exactly what RLS is there to catch.)

Trusting an id sent from the frontend — if the browser says "give me user 42's data" and you obey, anyone can read anyone. Always derive the owner from the auth session.

Hardcoding one customer's details into the code — their name, their settings, their logo baked in. Now you can't add a second customer without a rewrite. Keep per-customer things in data, not in code.

Leaving it for "later" — "later" means reworking every table, query, and screen, usually under pressure with real users' data on the line. The owner column on day one is a few minutes; the retrofit is weeks.

Say to Ada

This app will have real users — help me design it multi-tenant from the start: an owner column on every table, RLS turned on, and identity taken from the session, never the browser.

Keep this handy

Your daily cheat sheet

Honestly, you only need a handful of things. Ada does the rest for you.

Type these in the terminal

cd ~/Dev/my-projectGo into a project folder
claudeStart Ada in this folder
claude mcp listSee Ada's connected tools
doppler run -- <your app>Run your app with keys injected
/model(inside Ada) switch Opus & Fable

Just say these to Ada

Plain English, typed into the Claude chat — no commands to memorize.

"Save my work to GitHub."Commits & pushes your code
"Put this project on GitHub."Creates the repo for a new project
"What did we decide last time?"Reads your memory back to you
"Start a safe branch for this."Protects your working version
"Could this cost money? Cap it."Checks free tier & reminds you to limit spend
"Will this have real users?"Designs it multi-tenant & private from the start
"Explain what you just did."Turns any step into a lesson
You're set up

You now have a proper workspace, your code backed up in the cloud, free accounts ready to grow into, and a mentor that remembers. The setup is the boring part — it's behind you now. Go make something.

Stuck? Peter reads these personally and replies to your email.
Ask Peter →