docs(governance): thin-proxy CLAUDE.md refactor#76
docs(governance): thin-proxy CLAUDE.md refactor#76CodeMonkeyCybersecurity wants to merge 4 commits intomainfrom
Conversation
… recursion filters
Replace 1833-line CLAUDE.md monolith with 75-line thin proxy that @imports governance contracts from cybermonkey/prompts submodule. Changes: - Add prompts/ git submodule (ssh://git@vhost7:9001/cybermonkey/prompts.git) - CLAUDE.md: 1833 lines → 75 lines (within 200-line budget) - .claude/rules/go-patterns.md: architecture, constants, logging, idempotency - .claude/rules/cli-patterns.md: cmd/pkg separation, flag validation, human-centric input - .claude/rules/secrets-vault.md: Vault/Consul patterns, token auth hierarchy - .claude/rules/debugging.md: diagnostic logging, evidence collection Path-scoped rules load only when touching relevant files, preventing context saturation that caused agents to ignore most of the old CLAUDE.md. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
github-actions
bot
added
the
documentation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 2dce1688c0
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if err != nil { | ||
| continue |
There was a problem hiding this comment.
If fileSHA256 fails (for example due to permission errors, deleted files during scan, or transient I/O issues), the loop just continues and still prints a successful archive summary. That produces an incomplete manifest/archive without any warning, which is a data-loss scenario for a backup command because users cannot tell which transcripts were dropped.
Useful? React with 👍 / 👎.
| b, err := os.ReadFile(path) | ||
| if err != nil { | ||
| return false | ||
| } | ||
| h := strings.ToLower(string(b)) |
There was a problem hiding this comment.
Candidate discovery reads each matching .json file fully into memory and then allocates another full-size lowercase copy before checking a few substrings. With the default recursive ~/Dev source, encountering large JSON artifacts can cause major memory spikes or OOM, making the archive command fail before copying anything.
Useful? React with 👍 / 👎.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| dest = expandHome(dest) | ||
|
|
||
| if !dryRun { | ||
| if err := os.MkdirAll(dest, 0o755); err != nil { |
Check failure
Code scanning / gosec
Expect directory permissions to be 0750 or less Error
| if err != nil { | ||
| return fmt.Errorf("marshal manifest: %w", err) | ||
| } | ||
| if err := os.WriteFile(manifestPath, b, 0o644); err != nil { |
Check failure
Code scanning / gosec
Expect WriteFile permissions to be 0600 or less Error
| if !hasPathClue && !strings.Contains(base, "chat") && !strings.Contains(base, "conversation") && !strings.Contains(base, "session") && !strings.Contains(base, "transcript") { | ||
| return false | ||
| } | ||
| b, err := os.ReadFile(path) |
Check failure
Code scanning / gosec
Potential file inclusion via variable Error
| } | ||
|
|
||
| func fileSHA256(path string) (string, int64, error) { | ||
| f, err := os.Open(path) |
Check failure
Code scanning / gosec
Potential file inclusion via variable Error
| } | ||
|
|
||
| func copyArchiveFile(src, dst string) error { | ||
| in, err := os.Open(src) |
Check failure
Code scanning / gosec
Potential file inclusion via variable Error
| } | ||
| defer in.Close() | ||
|
|
||
| out, err := os.Create(dst) |
Check failure
Code scanning / gosec
Potential file inclusion via variable Error
1 participant
Summary
check-claude-md-size.shconfirms: within budget)prompts/git submodule so governance contracts are available via@prompts/@imports.claude/rules/files that load only when touching relevant codego-patterns.md**/*.gocli-patterns.mdcmd/**/*.gosecrets-vault.mdpkg/vault/**,pkg/consul/**debugging.mdcmd/debug/**Test plan
bash prompts/scripts/check-claude-md-size.sh .→ 75 lines, OK@prompts/GOVERNANCE-SUMMARY.mdresolves in Claude Code (submodule populated).claude/rules/files have validpaths:frontmatterRefs: #75, cybermonkey/prompts#564
🤖 Generated with Claude Code