project_name: claude-config
# Claude Config Audit — Context

## What this project does
Saturday/Sunday Claude configuration and improvement sessions — behavior_changes review, hook development, memory system upgrades, skills development, and config audit workflow.

## Key files
- `/opt/appdata/docker/.claude/hooks/`: all hooks live here (globally referenced)
- `/opt/appdata/docker/.claude/scripts/session_log_insert.sh`: validated insert helper for session_log table
- `/home/administrator/.claude/settings.json`: global settings, hook registration, plugin registration
- `/home/administrator/.claude/projects/-opt-appdata-docker/memory/`: primary memory directory
- `/home/administrator/.claude/projects/-home-administrator-Desktop-claude/memory/`: this session's memory
- `project_claude_config_workflow.md`: Saturday workflow, behavior_changes schema
- `AUDIT_CONTEXT.md` (Desktop/claude/): handoff file written at start of each audit session

## Patterns to follow
- Validate Python hooks with `python3 -c "import ast; ast.parse(open('file').read())"` before saving
- All new memory files go in both project memory directories if globally accessible
- behavior_changes INSERT: copy template from project_claude_config_workflow.md exactly
- New rules go to behavior_changes DB with status='applied' after being written to memory
- Evolution instructions required on every new rule, playbook, or system
- Coolify API key: Vault `secret/coolify → api_key` via AppRole — NOT a file
- Always backup hooks before modifying: `cp hook.sh hook.sh.bak.YYYYMMDD`

## Known issues / gotchas
- Semantic memory Phase 1 hooks NOT YET BUILT — Stop hook and SessionStart hook extensions pending
- `/recall` skill IS built at `/opt/appdata/docker/.claude/skills/recall/SKILL.md` — registered under homelab-skills plugin; invoke via Skill tool with name "recall" (not "homelab-skills@homelab-skills-local:recall")
- Feedback rule retrofit complete — all 35 files now have evolution instructions
- session_log_insert.sh validates project_id before inserting — use --dry-run to test
- pgvector ivfflat index warns about low recall with little data — normal until table is populated
- N8N work that results from claude-config design decisions is IN SCOPE for Sunday dev session

## What NOT to break
- Hook registration in settings.json — all five hooks must remain wired
- Memory file indexing in both MEMORY.md files — every new memory file must be indexed
- Ollama on localhost:11434 (internal-only) — Coolify UUID: mbhuoyt968m23qt4x7lx01pc
- pgvector extension in claude_config DB — required for claude_memories table

## Current state
2026-06-04 Thursday: git criteria universal playbook built (personal_projects id=38 → completed). playbook_git_criteria_universal.md created in both memory dirs — single authorized trigger (checklist only), partial commit on hard block, universal pre-stage registry, dynamic co-author line, two-layer evolution. playbook_git_commits.md updated to extend it. media-api.py + related files still uncommitted — containerized script, testing not confirmed. Next session: security vulnerability patching (~6:30 PM Thursday).

## Sunday Dev Plan (13 items)
**Hooks:**
1. Stop hook — MEMORY_EMBED tag detection + Ollama embed (from prior session)
2. SessionStart hook — semantic query + global handoff file + recent 48h summaries injection
3. UserPromptSubmit hook — add [CURRENT TIME] injection + 60% context checkpoint threshold
4. PostToolUse hook (new) — conflict-detector.py fires on Write/Edit to */memory/*.md

**Skills:**
5. /recall skill — confidence-gated semantic memory query

**New files:**
6. playbook_checklist_decision.md — merged checklist (grill-me finalized 2026-05-30):
   DESIGN: old end-of-project + end-of-session checklists MERGED into one. Finishing a project = ending that conversation's session.
   Trigger table:
     - Built + verified working (project in DB)    → Full merged checklist, all steps
     - Built + verified working (no DB entry)      → Full merged checklist, skip DB steps
     - Planning/research only, nothing built       → Summaries + context.md only
     - Switching conversations mid-project         → Summaries + context.md only
     - 80% context hit, project mid-flight         → Lightweight checkpoint: WIP commit, context.md "stopped at X", log follow-ups, routing
   "Project finished" = code/config/infra built AND basic functional check passes. "User says done" alone is not sufficient.
   Also update feedback_end_of_project_checklist.md + feedback_end_of_session_checklist.md to point to new merged playbook.
7. feedback_secrets_lookup_order.md — Vault before Bitwarden for any credential lookup
8. session_handoff.md template + write step added to conversation routing checklist

**DB / Schema:**
9. schedule_actuals table DDL in claude_config DB
10. proposed_schedule JSON template update (time_estimate_minutes + estimate_basis) + WF1b N8N node

**Playbook update:**
11. playbook_vault_token_rotation.md — add N8N manual rotation section

**Behavior changes entries:**
12. Pre-task context estimation rule (flag if >15% remaining context)
13. Per-project time estimation at session start (query completed-today projects)

## Update instructions
Update at the end of every config audit session. Keep "Current state" section and pending items current.