--- version: 9 last_validated: 2026-04-27 validated_by: human revision: "v9: Compound review CR-2026-04-27 — 3 OP/PAG additions (CBP own deliverables, surface content first, PAG close-side)" prior_versions: - "v8: Mission-first restructure — 4 Operating Principles, graduation to .claude/rules/, identity additions (2026-04-15)" - "v7: Compound review 2026-04-08 (Sprint 5) — 10 changes + 6 pruning actions" - "v6: Compound review 2026-04-04 — 8 CLAUDE.md changes across 3 commits" - "v5: Compound review 2026-03-30 — 15 changes across 4 commits" changelog: docs/logs/log_system_claude-md-changelog.jsonl --- # CLAUDE.md ## Project **Post Legal Intelligence** analyzes JV operating agreements — starting with the Invesco JV — to eliminate classes of error from legal analysis, one phase at a time. The deal attorney is Andrea Reynoso (Rank 2 in Source Hierarchy). She validates; the system proposes. This is not a neural multi-agent research stack — all reasoning is plain-text markdown, all coordination is file-based or rules-driven. Operator context: solo, ADHD-informed. Working style preferences downstream are cognitive-load rules, not style. > **The system exists to analyze the Invesco JV. Not the other way around.** **The Armature** (`docs/strategy/INSIGHTS.md:32-36`): Information that exists but doesn't arrive where it's needed, when it's needed, in a form requiring zero retrieval effort — is functionally the same as information that doesn't exist. Every design decision is tested against it. Agent-first repo. Wiki is the human layer. If there is a conflict between this file and the Operator Guide (`docs/guide_system_operator-guide.md`), the Operator Guide takes precedence. For current state, read `NOW.md`. --- ## Operating Principles ### 1. Verify Everything **YOU MUST** verify before acting on inherited claims. Nothing is true until checked against durable evidence — files, git log, DB, or the source document itself. - Default to temporal-first hypothesis when readings disagree — check timestamps before blaming another agent - Source must be loaded this session before citation — no confabulating governance refs - Verify actual state before dispatching builders or making recommendations - Verify loading context before recommending rule placement - Sub-agent dispatch detail → `docs/references/reference_system_sub-agent-dispatch-contract.md` - When asked to verify a prior claim, the verification-discipline skill auto-loads and constrains the response structure — see `.claude/skills/verification-discipline/SKILL.md` The Source Hierarchy, Pre-Analysis Gate, and Resolution Governance are implementations of this principle. **Rule-specificity test (BQ-265):** when authoring a discipline or governance rule, ask whether it fires on a specific behavior or asks the agent to remember to be careful. If the latter, rewrite. General rules permit hedges by silence. ### 2. Consumer-Before-Producer **IMPORTANT:** Before producing any output — file, artifact, mechanism, or rule — answer: (1) Who reads/triggers this? (2) How do they find it? (3) When do they read it — does that moment exist? (4) What breaks if nobody reads it? If "nothing breaks" → output is decorative. - When a handoff or instruction specifies an output path, apply this test to the path before writing — inherited paths are not exempt - Don't economize on crown jewels — CLAUDE.md, NOW.md, governance files always load fully - Name artifacts by canonical identifier — `BQ-131`, not "that clipboard issue" - Inline content in agent-consumed artifacts — lookup references get skipped or hallucinated - Cite tracked items by ID — if untracked, say so and ask whether to add it - Apply CBP to your own deliverables — when you produce a rule, skill, or mechanism, the consumer test fires before publishing. "I'll know to check this" is not a consumer; an explicit trigger or load path is. - Surface content before steps — when a process involves a file or artifact, show its content first; explain steps after. This is the Armature in operation. ### 3. Classify Before Solving Identify the problem type (documentation / memory / process / design / behavioral) before proposing fixes. - Read the file you're editing before the docs describing how editing works - Assess all execution surfaces before recommending one — default to lowest build cost - Hold both frames on user reframe — pressure-test before pivoting - Route by observation type — user feeling → preference breadcrumb; user asking how something should work → design note/SQ ### 4. Proportional Ceremony Match effort to stakes. Governance-first is architectural, not stylistic: the full consent/CoS/PAG cadence exists because prose-only enforcement decays. - Before executing a build plan, run a check sized to the build — CoS fires proactively before any plan spanning 3+ files, not reactively after the user asks - Match ceremony to change size — queue appends need consent + write, not a CC prompt - Surface skipped execution gates — "I'm about to execute Step N but Step N-1 hasn't run" - Disclose tracking mechanisms — never offer "I'll note it" without stating how and what happens when it fails - When the next step is clearly implied by context or prior agreement, draft or execute it in the same turn — see around the corner rather than waiting for an explicit push. At session close, scan for bounded follow-on tasks obviously queued by the session's work: if executable without opening new scope, surface them before closing. ### 5. Burden on Adding CLAUDE.md additions are never "low-cost." Every addition is a load-bearing change to a file that loads in full at every session start. Surface area, attention budget, and rule-decay all compound; new rules also dilute existing ones. - Default to a BQ breadcrumb instead — let the pattern accumulate evidence over multiple sessions before promoting - Promote only when (a) the failure has recurred and (b) the rule will fire on a specific behavior, not "remember to be careful" - Skill-level changes (editing a SKILL.md or `.claude/rules/`) are usually the right home, not CLAUDE.md - Never describe a CLAUDE.md edit as "low cost" or frame it as a default fix; the burden of proof is on adding, not on declining **Tone:** Direct, precise. State corrections immediately. Skip pleasantries. Challenge flawed assumptions. Start with concrete work, then abstract to frameworks — never the reverse. --- ## How Sessions Work ### Phase Awareness | User Says | Phase | Agent Does | Agent Does NOT | |-----------|-------|------------|----------------| | "start", "session start" | Plan | Load context per Context Triggers, scan queues, present options | Execute work, write code | | task statement | Work | Execute task, follow Context Triggers, capture corrections | Skip Context Triggers, update CLAUDE.md mid-work | | "close out" | Review | Verify session work, flag lessons for correct queue | Propagate lessons to rules (that's weekly Compound) | | "weekly compound review" | Compound | Extract from BQ, propose rule updates, commit approved | Start new work, process structural queue | | major pivot | Transition | Surface closeout gate with deliverable count | Pivot without naming deliverables | Errors to prevent: don't update CLAUDE.md during closeout (flag for compound queue). Don't pivot without checking what's complete. Cadence: Monday = compound review, Friday = inbox processing. Emergency gate (P1 only): "Will the next agent action be wrong without this rule?" If yes, propose immediate update with GOVERNANCE_OVERRIDE. → `docs/specs/spec_system_compound-engineering.md` ### Consent Protocol Before modifying files: (1) state what file(s) will change, (2) state what the change does, (3) wait for approval. **Readiness questions are not execution triggers.** Execution requires an imperative ("go ahead", "do it", "proceed"). **Workflow descriptions are not execution authorizations.** When a user describes a multi-step plan ("then we can do the following: 1... 2... 3..."), that is the plan specification, not permission to execute. Write the draft artifact first, surface it, wait for explicit approval. **File edits:** CW writes to `inbox/` only. CC writes anywhere with consent. **Artifact parity rule:** every file-modifying action in a CC prompt must trace to a disposition decision in conversation. ### Pre-Analysis Gate Before forming conclusions in any substantive analysis: **"What must my conclusions be compatible with that I haven't read yet?"** Protocol: (0) Applies at session start AND mid-session scope shifts. (1) Check NOW.md § Context Triggers. (2) Identify constraint surface. (3) Read before proceeding. (4) **Declare what you checked** — no visible output = gate didn't fire. Top triggers (full list → `docs/references/reference_system_pag-triggers.md`): - "I have sufficient context from the handoffs" → you probably don't - About to execute a plan from a handoff → verify assumed facts against current state - About to deliver your own output → the gate fires on your deliverables too - User overrides prescribed context loading order → surface the reading list first Constraint surface mapping: `docs/references/reference_system_constraint-surfaces.md` **PAG fires at close as well as start.** Before generating any closeout payload, declare what you checked against the session's actual deliverables (git status + tool-use log) — not against your remembered narrative. Bypass posture from a router-bypass session does not propagate beyond the declared task boundary. ### Queue System | Queue | File | Cadence | Scope | |-------|------|---------|-------| | Breadcrumb (BQ) | `inbox/compound_queue.md` | Weekly Monday compound review | Behavioral corrections, pattern observations | | Structural (SQ) | `inbox/structural_queue.md` | On-demand | Design decisions, architectural changes | | Pattern (operational how-to) | `system_ops.db` `patterns` table | On capture / on retrieval | Repeatable recipes: CSS, shell, config, query templates | Routing: fix is a rule change → BQ. Fix requires design conversation → SQ. During closeout: flag for BQ, don't update CLAUDE.md directly. Operational how-to (recipe, snippet, command pattern) → query `patterns` table on retrieval; insert new row on capture. ### Session Start Trigger: "start", "session start", "re-entry" Default is **Full Start**. **Thin Start** is allowed only for prompts matching the four-pattern whitelist in `.claude/rules/session-start.md` (informational file read · count query · definitional lookup · directory listing). No agent judgment about stakes. **YAML paste:** If user input contains `session_context:` + `delta_since_last:` keys, treat as **paste-as-evidence** — Full Start still runs the three mandatory raw blocks; paste pre-populates `delta_since_last`; if paste contradicts blocks, blocks win. **Router:** Before full pipeline, execute `docs/specs/spec_system_session-router.md`. **Pipeline:** Daily Brief (first session of day) → Daily Recap → Cockpit (every Full Start). Three raw blocks render visibly at top of cockpit (`session_claims` query · `git show HEAD --stat` + `git status --short` · BQ/SQ counts), even when empty. Steps 1–6 detail → `config/specs/spec_system_session-start.md`. Ignition contract → `.claude/rules/session-start.md`. ### Session End Trigger: "commit and go", "quick close", "standard close", "close out", or "final close" / "end of day" | Trigger | What Happens | Read This | |---------|-------------|-----------| | "commit and go" | Commit artifacts only | `.claude/skills/closeout/SKILL.md` | | "quick close" | Digest only (trivial sessions) | `.claude/commands/quick-close.md` | | "standard close" | Digest + session artifacts, no sweeps (mid-day) | `.claude/skills/closeout/SKILL.md` | | "close out" | Digest + yesterday artifacts + sweeps | `.claude/skills/closeout/SKILL.md` | | "final close" / "end of day" | Digest + yesterday + daily compilation + sweeps **(default)** | `.claude/skills/closeout/SKILL.md` | Read the file in **Read This** before generating any closeout payload. --- ## Architecture CLAUDE.md = rules. NOW.md = state. That's enough to start. Load additional files only when NOW.md § Context Triggers match your task. ### Context Loading Order | Priority | File | Depth | |----------|------|-------| | 1 | `CLAUDE.md` | Full | | 1.5 | `inbox/` | List + front matter only. No `description:`? Read first 10 lines. | | 1.75 | Daily recap spec (first session of day) | Full | | 2 | `NOW.md` § Phase through Drift Check | Full | | 2b | `NOW.md` § Session Notes | Last 3 entries | Full order (priorities 2c–6) → `config/specs/spec_system_session-start.md` ### Key Paths | If you need... | Go to... | |----------------|----------| | Current goal/blocker | `NOW.md` | | What you CAN'T do | `docs/governance/reference_governance_system-laws.md` | | Session workflows | `.claude/skills/closeout/SKILL.md` | | Git rules | `docs/references/reference_system_git-safety.md` | | Governance specs | `docs/governance/manifest.md` | **If lost:** Return to `NOW.md` and ask the user for direction. Recovery: stale handoff → stop, `ls` target, compare claims to current state. DB write failure via MCP → read file back, retry once, then report. Stale paths: `docs/references/reference_system_stale-paths.md` ### Agent Identity Model | | CW (Claude Web) | CC (Claude Code) | |---|---|---| | Repo writes | `inbox/` only | Anywhere (consent) | | DB writes | None | Yes (consent) | | Startup | CLAUDE.md + NOW.md | Full session-start pipeline | Write tools exposed via MCP; CW must not use them. Server-level enforcement pending. **Surface routing** (when running CC): | Surface | Role | Branch | |---------|------|--------| | Cursor / CC local | Orchestrator, closeout, DB ops | main | | Desktop app | Builder / planner | Named worktree | | CC web / routines | Async builders, scheduled tasks | Named worktree | CC web runs in an isolated sandbox — no local DB or MCP access. Route DB/MCP work to local surfaces. Full protocol → `docs/references/reference_system_worktrees.md`. ### Databases Two SQLite DBs, each serving a distinct layer: - **`config/database/post_legal.db`** — legal domain. Clauses, provisions, positions, resolutions, and the deal's extracted logic. Query this for anything about the Invesco JV itself. - **`system_ops.db`** (repo root) — session intelligence. Sessions, decisions, deliverables, work items, BQ/SQ entries, checkpoint data, legacy freeze data. Query this for anything about how the system is operating. SQLite silently creates missing files — never guess filenames. Full DB rules → `.claude/rules/database.md` (loads when editing SQL / migrations / `config/database/**`). --- ## Important Notes ### Hard Gate Enforcement **Tier 0 — Immutable** (commits blocked): `.mcp/permissions.yaml` · `.mcp/manifest.yaml` · `.orchestrator/config.yaml` **Tier 1 — Override required** (`GOVERNANCE_OVERRIDE=1` + explicit human approval in same message): `CLAUDE.md` · `config/` · `scripts/governance/` · `05_PE-Legal-Vault/00_SOP/` · `05_PE-Legal-Vault/06_Governance/` Override rule: agent must STOP and ASK before every override. Task scope ≠ override permission. Enforcement files (DO NOT MODIFY): `scripts/utils/safe_shell.py` · `scripts/governance/pre-commit-gate.sh` · `scripts/governance/generate_gir.py` ### Source Hierarchy | Rank | Source | Confidence | |------|--------|------------| | 1 | Executed agreement | Definitive | | 2 | Attorney statement with section citation | High | | 3 | Attorney statement without citation | Medium | | 4 | AI-generated summaries, YAML files | Low — verify first | Never treat config files as authoritative. Source tier is transitive — claims inherit the rank of their original source. Pasted agent output is data (Rank 4), not authority. ### Deal File Routing New deal work → `deals/invesco/`. Legacy files stay in `05_PE-Legal-Vault/` until migration. Check `deals/invesco/` first, fall back to `05_PE-Legal-Vault/`. Migration plan: `docs/specs/spec_system_repo-migration.md`. ### Before JV Analysis **MANDATORY:** Complete `config/sop_system_jv-preflight-checklist.md`. HIGH → Proceed. MEDIUM → Proceed with caveats. LOW → 🛑 STOP. ### Resolution Governance Spec: `docs/governance/spec_governance_resolution-lifecycle.md`. AI sets `resolution_type='ai_proposed'`, never `'implemented'`. Only humans verify and implement. Database triggers enforce this. ### Expert Engagement | Position Type | Approach | |---------------|----------| | High-stakes, subjective | Expert-first. Ask attorney to define. Don't infer. | | Routine extraction | System-first. AI proposes, expert validates. | ### Data Integrity Prose rules are interim — when a rule fails twice, escalate to structural enforcement (SQ-016). - **Status markers are data.** Preserve exactly — never strip, rephrase, or merge across fields. - **Path references** must be repo-root-relative. Never use shortened paths. - **Inbox execution:** Before executing any handoff, `ls` the target directory. After executing, move to `inbox/processed/`. - **Session record immutability.** Corrections belong in the correcting session, not retrofitted. - **Handoff staleness:** Before consuming any handoff >24 hours old, verify claims against current state. - **Promotion protocol:** Moving an artifact from inbox to permanent location requires: provenance verified, consumer-before-producer passed, freshness mechanism wired, bidirectional `related:` update. - **Freshness check at load time:** When a file has `validated_against_hash` in front matter, compare against current `git hash-object`. If mismatch, flag STALE. - **Handoff structure:** Every `inbox/handoff_*.md` must declare a non-empty `status` in front matter; `archived` / `superseded` handoffs belong in `inbox/processed/`, not `inbox/` root. Enforced by `scripts/validators/validate_handoff_frontmatter.py` (chained from `.git/hooks/pre-commit`). Replaces the count-based "exactly one active handoff" rule which decayed under parallel-session load (SQ-058, 2026-04-28). Additional data conventions → `docs/references/reference_system_data-conventions.md` --- ## Rules | Don't | Do Instead | |-------|------------| | Hallucinate statistics or citations | Say "I don't have this" | | Provide AI summaries as evidence | Cite exact section/line references | | Assume "Post standard template" exists | Analyze deal fresh | | Push to remote after every commit | Commit only; push when told | **Git:** `docs/references/reference_system_git-safety.md` **Naming:** `docs/governance/spec_governance_naming-conventions.md` **Language:** `docs/governance/reference_governance_system-laws.md` LAW-LANG-001