aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.ai/protocols.org2
-rw-r--r--claude-templates/.ai/protocols.org2
2 files changed, 4 insertions, 0 deletions
diff --git a/.ai/protocols.org b/.ai/protocols.org
index c709010..6e415e3 100644
--- a/.ai/protocols.org
+++ b/.ai/protocols.org
@@ -464,6 +464,8 @@ Claude needs to add information to =.ai/notes.org=. For large amounts of informa
- Personal/documentation projects usually commit =.ai/= — the project history IS the project
- =docs/= (when it exists) is typically tracked either way — it's real documentation
+**Credential-leak concern: gate it on project type, not on the credential itself.** A tracked secret, token, or credentials doc is only a public-leak risk where the repo can reach a public remote — that is, *code projects pushed to public GitHub*, which is exactly why those gitignore =.ai/= and =.claude/=. For *personal / documentation projects* (the =~/projects/= set: elibrary, home, finances, health, philosophy, etc.), the git remote is a private single-user repo on =cjennings.net=, so tracked credentials inside =.ai/= files are fine — that's the design, the project history IS the project. Do NOT raise a leak warning or suggest gitignoring a secret for these. When the question "is this a leak / should we gitignore this secret?" comes up, decide it on *which kind of project and remote* this is, never on the mere presence of a credential in a tracked file.
+
**When to break out documents:**
- If notes.org's Project-Specific Context section gets very large (> 1500 lines) — split into focused reference docs
- Session records go in =.ai/sessions/= automatically (one file per session via wrap-up workflow) — never mixed into notes.org
diff --git a/claude-templates/.ai/protocols.org b/claude-templates/.ai/protocols.org
index c709010..6e415e3 100644
--- a/claude-templates/.ai/protocols.org
+++ b/claude-templates/.ai/protocols.org
@@ -464,6 +464,8 @@ Claude needs to add information to =.ai/notes.org=. For large amounts of informa
- Personal/documentation projects usually commit =.ai/= — the project history IS the project
- =docs/= (when it exists) is typically tracked either way — it's real documentation
+**Credential-leak concern: gate it on project type, not on the credential itself.** A tracked secret, token, or credentials doc is only a public-leak risk where the repo can reach a public remote — that is, *code projects pushed to public GitHub*, which is exactly why those gitignore =.ai/= and =.claude/=. For *personal / documentation projects* (the =~/projects/= set: elibrary, home, finances, health, philosophy, etc.), the git remote is a private single-user repo on =cjennings.net=, so tracked credentials inside =.ai/= files are fine — that's the design, the project history IS the project. Do NOT raise a leak warning or suggest gitignoring a secret for these. When the question "is this a leak / should we gitignore this secret?" comes up, decide it on *which kind of project and remote* this is, never on the mere presence of a credential in a tracked file.
+
**When to break out documents:**
- If notes.org's Project-Specific Context section gets very large (> 1500 lines) — split into focused reference docs
- Session records go in =.ai/sessions/= automatically (one file per session via wrap-up workflow) — never mixed into notes.org