Tell us what you're building.

One or two sentences. We'll suggest which options fit best in the next steps — you still pick manually. Optional: skip to go straight to the picker.

Start a new secure project.

Seven steps. Every answer shapes the scaffold you download — from folder layout to CI gates to which guards stay strict. You can't skip the security questions.

Lowercase, hyphens only. Used for folder name + package identity.

Pick your stack.

Two CW-vetted languages. Pick one, then an archetype — the folder layout, middleware, and starting blueprint are derived from your choice.

Plan for scale.

Your answers pick the infra defaults — single pod vs horizontal, caching strategy, and which architecture checks CI enforces.

Concurrent users
Traffic pattern
Geographic reach
Data volume

Pick a database.

Postgres is the default for anything with state. The table compares what CW policy allows and how each handles scale.

Database ACID Scale Setup Cost CW policy

How does it talk to the world?

Monolith or microservices, API shape, event-driven or synchronous. Each choice pipes into CLAUDE.md rules and which guards fire.

Security posture.

Answers here map to CoreWeave's 22 policies. Your compliance score updates live in the sidebar. Restricted data flips guards to strict mode automatically.

Answer the questions → 0 of 5 answered
Turns on PII scanner in CI, adds gitleaks rules, wires encryption middleware stub.

Theme & team.

Pick a theme for the generated dashboard and add your teammates. Roster drives rooms.json — each person gets a room scoped to their ownership.

Live view of compliance, team rooms, setup answers — lives at the scaffold root.
NameRoleEmailSlackOwns

Review and generate.

One scaffold download. Every answer is traceable in the generated SECURITY-REPORT.md so nobody forgets why these files look this way.

Assembling scaffold…