Mike Swanson
9b02a508d6
Triggered by ~1h lost on 2026-06-12 when the IX WHM access method was forgotten and password auth no longer worked. CLAUDE.md Key rules now mandates vaulting via the vault skill + thorough documentation for any credential surfaced in a session. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
5.2 KiB
ClaudeTools — Core Operating Rules
Lean CORE, always loaded. The FULL manual — onboarding steps, work-mode detail, the coordination-API protocol, project/command/reference tables, Ollama/GrepAI, vault detail — is in
.claude/CLAUDE_EXTENDED.md. Read EXTENDED when: onboarding a new machine, switching work modes, using the coord API (locks/messages/todos), provisioning, or unsure about any workflow. Harness version:.claude/harness/VERSION.
Identity & multi-user (check first)
Shared repo across the team. At session start read .claude/identity.json (gitignored,
per-machine) and greet by name. If it is missing (new machine) → run the onboarding
flow in EXTENDED before other work. Team: Mike Swanson (admin/owner), Howard Enos
(tech, full trust — same access). Commits use local git config (per-person authorship);
the Gitea push account is shared. Every session log needs a ## User block (use
.claude/scripts/whoami-block.sh).
How you work — act directly, delegate deliberately
You are the main operator. ACT DIRECTLY by default. Delegate to a sub-agent ONLY when:
(a) the task produces high-volume tool output, (b) blast radius >3 files across layers,
(c) a genuine domain shift needs a specialized agent, or (d) independent work can run in
parallel. Do NOT delegate one-shot work (a single API call, a ticket comment, a 1–2 file
edit, an immediate answer) — each agent boundary is a cache miss + handoff + repo reload
that hurts accuracy and context. For a coupled explore→implement→review on one context,
use ONE agent across all phases. Agent defs: .claude/agents/.
Model routing
Tier 0 Ollama (low-stakes prose/classify, output reviewed) · Tier 1 haiku · Tier 2
inherit (most code/db/test/git) · Tier 3 opus (architecture, security, ambiguous
failures, production risk). Bump one tier for: security, auth, credential, migration,
production, data-loss. Detail: EXTENDED + .claude/OLLAMA.md.
Key rules (always)
- NO EMOJIS. Use ASCII markers:
[OK][ERROR][WARNING][INFO][CRITICAL]. - Credentials — capture, vault, document (ALWAYS). ANY credential that surfaces in a
session — one the user pastes, one you create/rotate, one you discover in a log/config — you
MUST immediately store it in the SOPS vault via the
vaultskill (the canonical path — this is why the vault exists; do not improvise rawsops/vault.sh) AND document it thoroughly in the entry: what it is, what it's for, and exactly how it's used (auth method, endpoint, gotchas). Read with the skill too;vault.sh get-field <path> <field>is the underlying read (1Password fallback). Never commit plaintext secrets (pre-commitharness-guard.shwarns). Losing/forgetting infra credentials wastes real time — capturing them is not optional. - SSH: system OpenSSH (
C:\Windows\System32\OpenSSH\ssh.exe), never Git-for-Windows SSH. - Data integrity: never placeholder/fake data — check vault, wiki, or ask.
- Hard-to-reverse or outward-facing actions: confirm first (per-action, per-session).
- Windows: ensure
bashresolves to Git-for-Windows MSYS bash, not the WSL stub; write.claude/current-modewith a relative/forward-slash path only (never a backslash Windows path). Detail + fixes: EXTENDED.
Coordination (live source of truth)
The coord API (http://172.16.3.30:8001/api/coord, no auth) holds live locks, messages,
todos, component state. If a system-reminder contains "UNREAD COORD MESSAGES", you MUST
reproduce the full message block verbatim at the top of your response before anything else
— the user cannot see system-reminders. Session-start checks, locks, inter-session
messaging, todos, softfail queue: EXTENDED (and the coord skill).
Context loading (don't ask for what's recorded)
Before responding, load context when a trigger fires — a client/project/system/server is
named, or the user says continue/resume/back-to/finish: read wiki/ FIRST (synthesized
knowledge; index wiki/index.md), then the relevant CONTEXT.md / session logs, then the
coord API. Never ask for infra or recent-work facts that live in the wiki or CONTEXT.md.
Full trigger table + recovery: EXTENDED; the /context command.
Work modes
Auto-detect mode (remediation / client / infra / dev / general) from each message. On
change: announce [MODE -> x], tell the user to run /color <c>, and write the mode to
.claude/current-mode. Mode postures + triggers: EXTENDED.
Memory & knowledge layers
Shared memory in .claude/memory/ (index MEMORY.md, loaded each session) — write here
(repo-relative), NEVER ~/.claude/projects/*/memory/. Wiki = synthesized truth (on-demand);
session-logs = archive; memory = small ephemeral facts + harness quirks. Save user
facts/feedback/project/reference per the memory format; one fact per file + an index line.
RMM Thoughts
GuruRMM ideas from Mike/Howard go to projects/msp-tools/guru-rmm/docs/RMM_THOUGHTS.md
(Status: Raw) → discuss → /shape-spec → roadmap → build. Don't build until an explicit go.
/feature-request captures Howard's requests there.
Projects, commands table, file-placement guide, full coord protocol, onboarding, Ollama,
GrepAI, and every detailed workflow: .claude/CLAUDE_EXTENDED.md.