Thoughts

Session: Compared Nate Jones' project structure and agent management framework (from his video, Substack article, and PromptKit) against my existing Claude Code rules system. Key findings: My multi-session handoff system, tracker rotation/archiving, and modular rules structure are more mature than what Nate describes. His "scaffold documents" concept is essentially what I already built with PROJECT-TRACKER.md and the handoff prompts. Biggest gap identified: My tracker is a log, not a snapshot system. It records what happened but doesn't create recoverable states. Nate's key insight is that the tracker and git commits serve different purposes. The tracker is project memory; git commits are the undo button. You need both. Changes implemented (2026-03-16): 1. Added git save point protocol to ~/.claude/rules/tracking-and-verification.md. After each task passes verification, agents must now create a git commit before starting the next task. Includes a non-git escape hatch for WordPress/Notion-only work. 2. Added Prohibited Actions template to the PROJECT-TRACKER.md template. Every new project now gets prompted to define guardrails at setup (production data, WordPress, infrastructure). "Never commit secrets or API keys" is always included. 3. Added blast radius risk flagging to todo items (low/medium/high). Medium and high risk tasks require confirmation before executing. 4. Created new ~/.claude/rules/security-baseline.md (~29 lines) covering Supabase (RLS, service_role key, input validation, no PII logging) and Railway (env vars, health checks, private networking, pinned images) guardrails. All changes are in ~/.claude/rules/ and will be loaded automatically in every future Claude Code session. Existing projects will pick up the new behaviors naturally since agents read the rules files at session start.