This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
- Never use
orfor numeric defaults —0and0.0are falsy. Use explicitNonechecks instead. - Never use
os.environ.get("VAR", "default")— it only falls back when unset, not when set to""(common from copied.envfiles). Useos.environ.get("VAR", "").strip() or "default"for string defaults, orint(os.environ.get("VAR", "").strip() or "default")for numeric. - Never assume parallel arrays from external APIs are equal length — use
min(len(...))across all arrays. - Wrap untrusted user data in tagged blocks with a preface when injecting into prompts — never concatenate raw content into system prompts.
- Use specific patterns for placeholder comments (e.g.
<!-- foo:memory -->) — broad regex like<!--.*?-->will eat legitimate comments. - Always use
encoding="utf-8", errors="replace"on file I/O for user-managed files — memory files live in an obsidian vault and can be edited externally. - User and external input: don't trust by default, prefer to sanitise and escape for command calls and prompts.
- Validate filenames from external input — reject path separators (
..,/,\) and useresolve().is_relative_to()to prevent traversal. - Clamp user-supplied numeric parameters (limit, offset) to sane ranges — never pass unbounded values to queries.
- Validate enum-like parameters against an explicit allowlist — never pass user strings directly to mode/type selectors.
- Use
chmod 0o600on generated config files that contain secrets (plists, systemd units,.envcopies). - Comments: - Write self-documenting code and prefer clear names over comments. - Never add comments that restate what code does. - Only comment in depth for complex algorithms, non-obvious business logic, and 'why' not 'what'.
- Use third-person singular and present tense verbs in commit messages (e.g., "Adds emacs", "Ignores license", "Renames gitconfig template").
- Use semver X.Y.Z for git tags, don't prefix with 'v'.