74 Schritt-fuer-Schritt-Anleitungen vom CLAUDE.md bis zum Multi-Tenant-MCP
Memory-First Operator-Stack als kuratierter Pfad. 49 Recipes vollstaendig, 25 Coming Soon. Kein Theorie-Talk — jede Recipe endet damit dass auf Deinem System etwas konkret laeuft.
Dein Fortschritt
Schnellfilter
Foundation
FreePhase 1–5CLAUDE.md / AGENTS.md — give Claude memory across sessions
Two markdown files Claude reads on every session start. The single biggest leverage point in your setup.
Skills — package recurring workflows so Claude triggers them automatically
Skills are markdown files Claude loads on demand based on natural-language triggers. Like slash commands but smarter.
Hooks — turn Claude's behavior into automated guardrails
Hooks run shell commands on Claude Code events (before tool use, after edit, on session start). They're the difference between 'Claude does X' and 'Claude can never do Y'.
settings.json + Permissions — stop the permission popup spam
By default Claude Code asks before running any new shell command. Configure permission scopes once and the right things become auto-allowed forever.
Your first MCP server — claude mcp add
Install your first MCP server in Claude Code or Codex in under two minutes. We pick context7 (library docs) — small, useful, no API key.
Memory layer — give your AI persistent memory across sessions
Claude Code's built-in memory is per-project. Codex has none. Adding mcp-nex (or local-memory-mcp) gives you durable, searchable memory that works across every MCP client you use.
Web research — Brave, Exa, and SearXNG side-by-side
Three MCP servers that cover 95% of research needs. Brave for fast keyword search, Exa for semantic / neural, SearXNG via mcp-research for unlimited free queries.
Code intelligence — codebase-memory-mcp + codegraph
Index your repo into a knowledge graph so Claude can answer 'who calls this function' and 'what breaks if I delete it' in one tool call instead of grepping.
GitHub MCP — read PRs, issues, code from any repo
Official GitHub MCP server gives Claude direct access to PRs, issues, code search, and review workflows. One PAT, 30+ tools.
Slash commands and built-in shortcuts
/model, /effort, /context, /memory, /agents — the built-in commands that change how the session behaves. Plus how to write your own.
Permissions reloaded — building a tight allow-list
Beyond the safe defaults from Recipe 1.4: a project-scoped allow-list that pre-clears 90% of routine prompts without giving up the dangerous-command guardrails.
Subagents 101 — when to delegate vs. when to do it yourself
Custom subagents in ~/.claude/agents/. Frontmatter, isolation, when an agent beats a skill, when it does not.
Project layout — CLAUDE.md, .claude/, .mcp.json conventions
Where to put project-scoped config so Claude Code, Cursor, and Codex all read the same file. Plus the .mcp.json convention for sharing MCP servers with a team.
Multi-tool setup — Claude Code + Codex + Cursor on one machine
Sync MCP servers between three clients with one config script. Avoid port collisions and config drift.
Persistent memory — make your AI use it without being asked
Connect a memory MCP (StudioMeyer Memory, local-memory-mcp, Mem0 — pick one) and flip the always-on switch. After 5 minutes your assistant searches memory before answering and saves insights automatically.
Project tags — keeping multi-project memory clean
Tag every memory with a project slug. Filter searches by project. Avoid the 'all my projects bleed into each other' failure mode.
Knowledge graph — entities, observations, relationships
Beyond flat learnings: nex_entity_create, nex_entity_observe, nex_entity_relate. When the graph beats search.
Importing ChatGPT and Claude.ai history
Export your existing conversations and pipe them into nex_import. Years of context become searchable memory in one batch.
Cross-tool memory — same memory in Claude Code, Codex, Cursor
Point all three clients at the same memory MCP. Discuss tradeoffs of local-stdio vs SaaS for cross-device sharing.
Morning brief — start the day with a cross-domain status
Sprint plus system health plus open follow-ups plus failed jobs in one prompt. Install the morning-brief skill or write your own.
/schedule and recurring agents
Claude Code has /schedule for cron-like recurring agents. When to use it vs a real crontab. Common gotchas including the jitter rule.
Debrief — clean session ends save next-session context
End of session ritual: summarize done / open / blocked / decisions. The /debrief slash command plus optional Stop hook so it runs automatically.
Notifications — Telegram, Discord, email signals from your AI
When a long-running agent finishes you want to know. Wire up mcp-multi-channel or an email hook so signals reach you outside the terminal.
Weekly review — synthesize a week of memory into one summary
nex_synthesize, nex_reflect, nex_communities. Use them on Friday afternoon to surface patterns you would not see day-by-day.
Build & Deploy your own MCP
ProPhase 6–10Build Your Own MCP — minimal server skeleton in TypeScript
From npm init to a working MCP server with one tool, in 60 lines of TypeScript. The skeleton you can fork for everything in Phase 6-10.
Tool design — what makes a good MCP tool
Naming, descriptions, input schemas, idempotency, error responses. The difference between a tool the LLM uses correctly and one it ignores or breaks.
Input validation — Zod patterns that don't fight the LLM
Why every MCP tool needs runtime validation, the Zod patterns that work, the strictness traps that break LLM calls, and the error responses that let the LLM recover.
Testing MCP tools — vitest + in-memory transport
How to write tests for MCP tools without spawning subprocesses. Unit tests for handlers, integration tests via in-memory transport, smoke tests for stdio mode.
Logging pattern — stderr-only, structured, never on stdout
The single most common production bug in homemade MCP servers: a stray console.log corrupts the wire protocol. This recipe is the structured-logging pattern that prevents it.
Dual transport — stdio + Streamable HTTP from one codebase
One factory, two entry points: stdio for local Claude Desktop / Cursor / Codex installs, HTTP for hosted SaaS. The PORT-trigger gotcha that causes 'works locally, broken in Docker' bugs.
OAuth 2.1 PKCE — magic-link auth that MCP clients understand
The exact OAuth 2.1 surface Claude Desktop / Cursor / Codex expect: discovery endpoint, dynamic client registration, PKCE-protected authorization, token exchange. Wire magic-link or social login behind it.
Multi-tenant from day one — per-session factory + scoped everything
createMcpServer({ tenantId }) per session, ScopedDb wrapper, tenant_id in every query, tenant cache keys. The architecture that makes cross-tenant leaks impossible-by-default.
Database — Postgres pool, idempotent migrations, the connection-leak trap
Pool sizing for serverless vs long-lived servers, ssl rejectUnauthorized for Supabase, idempotent DDL via DO blocks, and the connection-leak pattern that takes down a SaaS silently.
Error handling — what to surface, what to swallow
isError responses that let the LLM recover, never leak stack traces, never 500 on user-controllable input. The error-shape contract that keeps your support inbox empty.
Deploy to MCPize Cloud Run — managed hosting in 5 minutes
MCPize is the easiest path from npm package to hosted MCP server. Container builds via Buildpacks, Cloud Run runs it, you get an HTTPS URL. The PORT trigger gotcha + Prisma custom-output trap.
Docker Compose — direct hosting on a VPS you own
Self-host on Hetzner / DigitalOcean / your own server. node:22-slim base, env_file pattern, health check, the --force-recreate gotcha.
Nginx + Let's Encrypt — production TLS in 10 lines
DNS-01 wildcard certs via Cloudflare, HSTS + security headers, the 3600s SSE timeout, the Cloudflare real-IP setup.
/health endpoint — liveness vs readiness, the 25h-down lesson
What goes in /health, what stays out, why a DB-roundtrip-less /health is treacherous, and the one-liner that prevents your container from looking healthy while the DB is down.
Blue-green deploys — zero-downtime container swaps with nginx
Two containers behind one nginx upstream, atomic switch via reload, parallel run for soak time, kill the old. Production deploys without dropping a single request.
Publish to npm — bin field, files allowlist, npx -y
Make your server installable via 'claude mcp add foo -s user -- npx -y your-package'. The four package.json fields that decide whether it works for users.
GitHub OSS — trust signals that get you stars
README structure, SECURITY.md, CI badge, OpenSSF Scorecard, npm provenance via OIDC, Dependabot. The trust stack that gets your repo past skeptical reviewers.
MCP marketplaces — where to submit, what each one auto-pulls
mcp.so, MCPize, awesome-mcp-servers, Smithery, Glama. Submission process, what each directory auto-pulls from your README, how to spot fake-traffic ones.
Trusted publishing — token-less npm releases via GitHub OIDC
Replace NPM_TOKEN secrets with OIDC. publish.yml that triggers on tag push. npm provenance badges. Cleaner trust signal for security-conscious users.
Writing a README that actually gets installed
First three lines decide. Show the install command, the 'what it does' in one sentence, and a copy-paste config snippet. The README anatomy that turns viewers into users.
Stripe Checkout — subscription mode end-to-end
From Stripe dashboard product to working checkout in your MCP SaaS: setup script, /api/billing/checkout endpoint, success_url handling, and the customer portal for self-service.
Magic-link mail — Brevo SMTP, sender reputation, the +tag trap
Passwordless auth via one-time email links. The DKIM/SPF/DMARC setup that prevents Yahoo bounces, the token TTL pattern, the +tag email gotcha, and the deliverability checklist.
Supabase Postgres + RLS — tenant isolation done right
service_role bypass, tenant-scoped policies, the IPv4 add-on trap, the pooler-vs-direct decision, and the static test that prevents cross-tenant leaks.
Tenant isolation — every query, every cache, every log
RLS is the safety net; your code is the actual isolation. tenant_id in every WHERE, per-tenant cache keys, structured logs that include tenantId, and a CI scanner that fails the build on cross-tenant leaks.
Stripe webhooks — idempotent, signature-verified, fail-safe
HMAC-SHA256 signature verification, idempotency on event_id, the raw-body trap, the full subscription lifecycle, and the retry behavior you need to plan for.
Operator-grade Production
Team comingPhase 11–15sm-deploy ritual — 5-phase production deploy with safety gates
Codify the studiomeyer.io deploy: orient, pre-checks parallel, go/no-go, deploy, verify. Skill installs the playbook.
SSH batch — never trigger fail2ban on your own servers
Pattern: max 5-10 SSH connections/hour, batch with && chains, multiplex with ControlMaster.
Email safe-test — pre-flight checklist for sender reputation
+tag plus-addressing rules, Brevo node-path inspection, hard-stop after 2 unexpected results.
Prisma schema safety — never lose 111 tables again
DB identification protocol, force-reset blocked, manual rename SQL, tenant_id in raw queries.
CLAUDE.md management — automated audit + improver
Quality scoring against a template, missing-section detection, pull-request style edits with diffs.
Dedicated agents — full MCP scope per role
Architect / Critic / Analyst with their own MCP servers and prompts. When a CLI agent beats a subagent.
Orchestrated research — 3 agents in parallel, 1 synthesis
Spawn 3 agents from one prompt, collect markdown reports, synthesize with explicit contradictions.
Orchestrated code review — Analyst + Critic + Research
Multi-perspective code review that catches what one pass misses. Output as a single Go/No-Go verdict.
Verification loops + neutrality guards
Build / tests / external smoke before declaring done. The 'lying about completion' failure mode and how to block it.
Cron-scheduled agents that don't burn money
node-cron vs system crontab, dry-run mode for first deploy, alert on first 3 successful runs to confirm sanity.
Rate limits + per-tenant quotas in Postgres
Atomic upsert with case-reset, memory-fallback for tests, the LRU cache + cleanup-interval pattern.
Idempotency — handle retries without double-charging
Idempotency keys in headers, write-through to a unique-constrained table, ON CONFLICT DO NOTHING for replays.
Backups + restore — 4-layer defense in depth
Provider auto-backups, your own pg_dump, offsite copy, restore-verify cron. The 8/8 tenants restore-baro pattern.
Observability — what to log when, structured logs that survive
stderr-only logger, JSON-line format, tenant_id + session_id in every line, what to redact.
Graceful shutdown — SIGTERM, in-flight requests, session drains
process.on SIGINT/SIGTERM, transport.close, drain timeout, the 'unref the timeout' trick.
RLS — Postgres Row Level Security as defense in depth
service_role bypass, per-row policies that match your auth, the migration plan from Prisma-only isolation.
Audit logs — who did what when
audit_log table schema, write-through pattern in middleware, retention policies, export for compliance.
EU AI Act + GDPR for small SaaS
What art. 52 actually requires, transparency obligations, the data-processing record you need from day one.
Threat modeling for an MCP server
STRIDE per tool, what an attacker can do with a stolen API key, the 'cross-tenant leak via fuzzy lookup' class of bugs.
Secret management — env files, peppers, rotation
AIGUIDE_KEY_PEPPER pattern, dual-hash for graceful rotation, never log secrets, never commit .env.
Multi-region deploy — primary + read replicas
Latency-based routing, replica lag tolerance, write-region pinning for transactional ops.
On-prem deployment — Docker Compose for air-gapped clients
Bundle without external dependencies, deterministic builds, offline npm cache, signed images.
BYO-LLM — let customers plug their own model
Anthropic / OpenAI / Mistral adapter pattern, model capability matrix, fallbacks for missing features.
White-label MCP — your customer's brand, your engine
Theming via env, custom OAuth domains, separate tenant pools per partner, billing pass-through.
Migration patterns — moving customers off competitors
Import scripts for the big-3 memory tools, SaaS → self-host export, two-way sync during cutover.