by https://substack.com/@karenspinner1

Here’s a prompt I use to remind Claude to consider production deployment constraints when writing code. While this prompt is tuned for my production environment (Heroku with REDIS and Celery, Python, vanilla JScript), I think it could be adapted for other platforms.

# ⚠️ PRODUCTION CODE CHECKLIST FOR CLAUDE

Before writing or modifying any code, verify it meets ALL production requirements:

🔒 Security

• No SQL injection vulnerabilities (use parameterized queries/ORM)
• No hardcoded secrets, API keys, or credentials
• User input properly validated and sanitized
• Authentication/authorization checks in place
• CSRF protection for POST requests (@csrf_protect decorators)
• Rate limiting for public endpoints
• No sensitive data in logs or error messages

💾 Memory Management

• Database queries use .iterator() for large datasets (3000+ records)
• QuerySets not evaluated all at once (avoid list(), len(), count() on large sets)
• Large objects explicitly deleted (del obj) + gc.collect() when done
• No unlimited data loading (add LIMIT or pagination)
• File uploads have size limits
• Streaming responses for large payloads (don't buffer entire response in memory)