docs(claude-md): structurally reorganize project guidance#17
Closed
saagpatel wants to merge 25 commits into
Closed
docs(claude-md): structurally reorganize project guidance#17saagpatel wants to merge 25 commits into
saagpatel wants to merge 25 commits into
Conversation
Update agent definitions, AGENTS.md, and component polish for v1.0 release. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
OAuth token at ~/.jcc/gmail/token.json was written world-readable. Add os.chmod(token_path, 0o600) after every write in both the initial auth flow and the token-refresh path. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Resolves RUSTSEC-2026-0007: integer overflow in BytesMut::reserve. Upgrade bytes 1.11.0 -> 1.11.1 via cargo update. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- quinn-proto 0.11.13 -> 0.11.14 (RUSTSEC-2026-0037, HIGH: DoS) - rkyv 0.7.45 -> 0.7.46 (RUSTSEC-2026-0001: UB on OOM) - rustls-webpki 0.103.8 -> 0.103.11 (RUSTSEC-2026-0049: CRL matching) - tar 0.4.44 -> 0.4.45 (RUSTSEC-2026-0067/0068: symlink/PAX header bugs) - time 0.3.44 -> 0.3.47 (RUSTSEC-2026-0009: DoS stack exhaustion) rsa 0.9.10 (RUSTSEC-2023-0071) has no upstream fix available. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…bypass - fastapi 0.115.12 → >=0.123.0 (unlocks starlette 0.49.1+ fix) resolved to 0.135.3 in lock; uvicorn unpinned to >=0.34.2 - starlette resolved to 1.0.0 (via uv lock --upgrade-package starlette): fixes CVE-2025-54121 (MEDIUM, SpooledTemporaryFile I/O block DoS) and CVE-2025-62727 (HIGH, Range header quadratic-time DoS) - cryptography resolved to 46.0.7 (from 46.0.5): fixes CVE-2026-34073 (name constraint bypass) and CVE-2026-39892 uv.lock is git-excluded per .git/info/exclude; run `uv lock` to regenerate. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Bumps version from 0.1.0 to 1.0.0 across tauri.conf.json, Cargo.toml, and package.json. Removes 'unsafe-inline' from script-src in production CSP (security hardening). Adds devCsp with 'unsafe-eval' for Vite HMR dev mode. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
claude-sonnet-4-20250514 -> claude-sonnet-4-6 (1 ref, doc only) The dated Sonnet 4 alias retires 2026-06-15. The implementation plan's Key Decisions table referenced the soon-retired ID; this keeps documentation consistent with current Anthropic offerings. No source code in this project uses the deprecated ID. Refs: https://platform.claude.com/docs/en/about-claude/model-deprecations Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
docs/LINKEDIN-BOT-DETECTION.md: how the LinkedIn adapter avoids bot detection (persistent real-browser session, hard rate limits, randomized delays, Easy Apply only), what still triggers detection (CAPTCHA mid-flow, fingerprint reuse, DOM drift), operator playbook. Sourced from sidecar/src/adapters/linkedin.py. docs/developer/ai-tooling.md: Claude Code commands + task agents. docs/developer/README.md: link the new ai-tooling doc. AGENTS.md, CLAUDE.md: portfolio-context blocks. package.json, src-tauri/tauri.conf.json: prettier auto-format sync. package-lock.json: minor lockfile drift. src-tauri/binaries/jcc-sidecar-aarch64-apple-darwin: rebuilt sidecar. pnpm-lock.yaml diverged drastically and is left uncommitted; resolve in a dedicated dependency-hygiene PR. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
feat(docs): LinkedIn bot-detection notes + AI tooling + harness sync
…portable skills - pnpm-lock.yaml regenerated - Deleted vendored 80MB jcc-sidecar binary (build artifact, not source) - Linked 4 portable skills (api-design, migration, notarize, tauri-release) - CLAUDE.md additions Mid-flight WIP captured for review; not pushed.
pyo3 0.24.0 (transitively required by pydantic-core) supports up to Python 3.13. Workflow was pinning '3.14' which fails the wheel build. Project spec is 3.12+, so pinning to 3.12 matches the documented stack and unblocks the sidecar CI lane. Note: Tauri test-backend job is failing separately on missing glib-2.0 system libs (pre-existing — main has been CI-red since 2026-04-13). Out of scope for this PR.
chore(deps): refresh pnpm lockfile, drop legacy sidecar binary, link portable skills
CLAUDE.md: - Remove duplicate <!-- portfolio-context --> block (was at lines 294-337). The auto-portfolio sync owns the block at line 181-218; the second one was a stale pre-rebase addition. CI (Test (Tauri)): - Pin pnpm/action-setup to v11 (action v4 requires explicit version since no packageManager field in package.json). - Install Tauri Linux system deps (libgtk-3-dev, libwebkit2gtk-4.1-dev, libsoup-3.0-dev, libjavascriptcoregtk-4.1-dev, librsvg2-dev, libayatana-appindicator3-dev) before cargo clippy. Without these the webkit/gtk crates fail to build. Both lanes have been failing on main since 2026-04-13 (pre-existing).
… with onlyBuiltDependencies)
…i-ci chore: dedupe CLAUDE.md portfolio-context block + fix Tauri CI
…error Two additive notes: 1. "Parent CLAUDE.md scope": /Users/d/Projects/CLAUDE.md is TypeScript/Node backend rules. It only partially applies here — React 19 frontend can follow its TS conventions, but the Rust Tauri backend and Python sidecar must not inherit Zod/BullMQ/JWT/Prisma guidance. Stack wins on conflict. 2. "Manual overrides to the managed block below": flags that the auto-generated portfolio-context block incorrectly claims "Use npm only; this repo does not use pnpm." Evidence: pnpm-lock.yaml exists (added in fd601bd v1.0), CI uses pnpm install --frozen-lockfile (.github/workflows/test.yml), and the last two commits (536c7ef, f5b8fa8) are pnpm v11 CI fixes. package-lock.json is an orphan from the initial template scaffold. Long-term fix is in the portfolio-context generator; this commit is a short-term agent-facing override. Managed portfolio-context block content itself is untouched — it regenerates.
Backend rules are now path-gated via ~/.claude/rules/backend-node-baseline.md (paths frontmatter matches .ts/.tsx/.js/.mjs/.cjs/package.json only) — Rust backend and Python sidecar no longer load them. The /Users/d/Projects/CLAUDE.md parent file has been deleted. Frontend rule still applies to the React 19 SPA via path match, as intended. npm/pnpm override note retained — still useful until the portfolio-context generator is patched to read CI workflow as ground truth.
Merge agent structural improvements (8-section layout, per-layer test commands with CI status, concrete version pins, explicit artifact/DB paths, Local Dev block) with operator's authoritative edits (pnpm/npm correction, parent-scope note removal, portfolio-context dedup). Remove auto-managed portfolio-context block; inline the essential content into structured sections. Result is 237-line authoritative project CLAUDE.md.
Owner
Author
|
Lineage bug — branch parent is old |
saagpatel
added a commit
that referenced
this pull request
May 18, 2026
Manually merged: operator's authoritative edits (npm/pnpm framing from 1c212a1, parent-scope drop from 2ab34ca, portfolio-context dedup from 7cf00a2) as base, with structural improvements layered on top. - 8-section flat structure (Overview, Tech Stack by layer, Local Dev, Test Commands per layer with CI status, Build, Architecture, Project Structure, Conventions, Current Phase, Key Decisions, Do NOT) - Per-layer test command blocks with CI status annotations - Concrete paths: src-tauri/target/, dist/, ~/Library/Application Support/ com.jcc.app/jcc.db, ~/.jcc/gmail/ - Version pins: Tauri 2.x, tauri-specta 2.0.0-rc.21, Playwright 1.52+, anthropic>=0.52 - Expanded Do NOT list (13 items) Authored by 2x Sonnet 4.6 agents under Opus 4.7 coordination; the final file content is identical to the prior closed PR #17 / commit 8c45543 — this re-opens it on the correct base (polish/v1.0-improvements).
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 8c45543519
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| @@ -0,0 +1 @@ | |||
| /Users/d/.claude/portable-skills/api-design No newline at end of file | |||
There was a problem hiding this comment.
On any checkout outside the original /Users/d machine, this added skill entry resolves to a broken symlink, so Claude Code cannot load the repo-provided skill despite the new AI tooling docs advertising these project-specific workflows. Commit the skill contents, use repo-relative links, or omit machine-local pointers so collaborators and CI get a usable checkout.
Useful? React with 👍 / 👎.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Supersedes #15 (which was based on stale
mainand conflicted with recent operator CLAUDE.md commits).Manually merged: operator's authoritative edits (npm/pnpm framing from
1c212a1, parent-scope drop from2ab34ca, portfolio-context dedup from7cf00a2) as base, with structural improvements from the prior Sonnet agent's rewrite layered on top.What was kept from polish (operator's authoritative edits):
What was layered in from the agent rewrite:
src-tauri/target/,dist/,~/Library/Application Support/com.jcc.app/jcc.db,~/.jcc/gmail/anthropic>=0.52Flag: The
<!-- portfolio-context:start/end -->managed block was removed. When the personal-ops portfolio-context generator next syncs, it'll re-inject the block — and the "npm only" line will be wrong again. The "Do NOT" section's pnpm override now precedes the managed block as a hard rule, so agents won't be misled. Long-term fix (patching the generator) is out of scope.Authored by 2x Sonnet 4.6 agents under Opus 4.7 coordination (Tier 2 pattern). Final merge synthesis was the second agent dispatch after the first agent's branch hit a base-divergence conflict.