docs(commands): add stale-entry and privacy pre-write checks to codify

codify now runs two mandatory checks before writing a CLAUDE.md entry: a stale-entry scan (update or remove a no-longer-true entry in place rather than appending a contradiction around it) and a privacy check asking "safe if the project were public?" and "belongs in private memory instead?", routing private content to auto-memory. These are gates, not background guidance.

1 files changed, 5 insertions, 0 deletions

diff --git a/.claude/commands/codify.md b/.claude/commands/codify.md
index 4c3496f..45e7415 100644
--- a/.claude/commands/codify.md
+++ b/.claude/commands/codify.md
@@ -76,6 +76,11 @@ For each candidate insight, apply these gates. Fail any → drop the entry.
 
 ### Phase 3 — Write
 
+**Mandatory pre-write checks.** Before writing or appending any entry, run both of these. They are gates, not background guidance — a failure stops the write for that entry until resolved.
+
+- **Stale-entry scan.** Read the existing `## Codified Insights` section (and the rest of `CLAUDE.md`) and flag any entry that's no longer true — a threshold that moved, a gotcha that a fix made obsolete, a pattern the codebase has since dropped. Update or remove the stale entry in place; don't append a contradicting entry around it. Leaving the old claim standing means a future session reads two conflicting rules and trusts the wrong one.
+- **Privacy / leak check.** `CLAUDE.md` is tracked and team-visible. Before appending an entry, ask: "would this be safe if the project (and its `CLAUDE.md`) were public?" and "does this belong in private memory instead of a team-visible `CLAUDE.md`?" If the first answer is no, drop or rewrite the entry. If the second is yes, route it to auto-memory instead (see the table above).
+
 Write approved insights to a dedicated section of `CLAUDE.md`. Default section name: **`## Codified Insights`**. Override with `--section=<name>`.
 
 **Discipline:**