Claude Code: Rules, Output Styles, Settings & CLAUDE.md

Path-Specific Rules

Location: ~/.claude/rules/

Rules auto-load when Claude Code edits files matching their glob patterns. No invocation needed — the frontmatter paths: array controls activation.

Rule File Glob Patterns What It Enforces

Rule File	Glob Patterns	What It Enforces
`asciidoc.md`	`*/.adoc`, `/docs/`	AsciiDoc documentation standards: always use antora.yml attributes (never hardcode IPs/hostnames/paths), no inline `:toc:` (Antora UI provides sidebar TOC), use `include::partial$` for reusable content and `include::example$` for code blocks >10 lines, double-colon xrefs for cross-component references, `subs=attributes+` on code blocks containing attribute references.
`lua-nvim.md`	`/nvim//.lua`, `/domus-nvim//.lua`, `*/.config/nvim/*/.lua`	Neovim Lua configuration standards: domus-nvim architecture (`specs/` for declarations, `config/` for configuration, `ftplugin/` for filetype settings), lazy.nvim spec format, prefer `vim.keymap.set()` over `vim.api.nvim_set_keymap()`, prefer `vim.opt` over `vim.o`, use `vim.lsp.config` API (0.11+) with `lsp/` directory, Catppuccin Mocha as primary colorscheme.
`bash-shell.md`	`*/.sh`, `*/.bash`, `*/.zsh`, `*/bin/`	Shell script standards: safety (`set -euo pipefail`, quote all variable expansions, `[[ ]]` conditionals), quality (ShellCheck-clean patterns, `printf` over `echo`, `readonly` for constants, `trap` for cleanup), style (`snake_case` for variables/functions, UPPERCASE for exports, `#!/usr/bin/env bash` shebangs, source guards), error handling (`command -v` checks, input validation).
`python.md`	`*/.py`, `**/pyproject.toml`	Python development standards: architecture (`uv` for package management, `pathlib.Path` over `os.path`, `typer`/`click` for CLIs, `httpx` over `requests`), type safety (type hints on all signatures, `from future import annotations`), error handling (specific exceptions, `logging` over `print()`), testing (`pytest` conventions, `pytest-httpx`), style (PEP 8 via `ruff`, f-strings).
`d2-diagrams.md`	`*/.d2`	D2 diagram standards: structure (descriptive node IDs, container grouping, explicit direction, <100 lines per file), styling (standard shape conventions, `style.border-radius: 8`, consistent category colors), labels (multi-line `\|md … \|` for detail, short connection labels), output (SVG via `d2`, stored in `images/diagrams/d2/<category>/`), AsciiDoc integration (commit both `.d2` source and `.svg` output).

asciidoc.md

**/*.adoc, **/docs/**

AsciiDoc documentation standards: always use antora.yml attributes (never hardcode IPs/hostnames/paths), no inline :toc: (Antora UI provides sidebar TOC), use include::partial$ for reusable content and include::example$ for code blocks >10 lines, double-colon xrefs for cross-component references, subs=attributes+ on code blocks containing attribute references.

lua-nvim.md

**/nvim/**/*.lua, **/domus-nvim/**/*.lua, **/.config/nvim*/**/*.lua

Neovim Lua configuration standards: domus-nvim architecture (specs/ for declarations, config/ for configuration, ftplugin/ for filetype settings), lazy.nvim spec format, prefer vim.keymap.set() over vim.api.nvim_set_keymap(), prefer vim.opt over vim.o, use vim.lsp.config API (0.11+) with lsp/ directory, Catppuccin Mocha as primary colorscheme.

bash-shell.md

**/*.sh, **/*.bash, **/*.zsh, **/bin/*

Shell script standards: safety (set -euo pipefail, quote all variable expansions, [[ ]] conditionals), quality (ShellCheck-clean patterns, printf over echo, readonly for constants, trap for cleanup), style (snake_case for variables/functions, UPPERCASE for exports, #!/usr/bin/env bash shebangs, source guards), error handling (command -v checks, input validation).

python.md

**/*.py, **/pyproject.toml

Python development standards: architecture (uv for package management, pathlib.Path over os.path, typer/click for CLIs, httpx over requests), type safety (type hints on all signatures, from future import annotations), error handling (specific exceptions, logging over print()), testing (pytest conventions, pytest-httpx), style (PEP 8 via ruff, f-strings).

d2-diagrams.md

**/*.d2

D2 diagram standards: structure (descriptive node IDs, container grouping, explicit direction, <100 lines per file), styling (standard shape conventions, style.border-radius: 8, consistent category colors), labels (multi-line |md … | for detail, short connection labels), output (SVG via d2, stored in images/diagrams/d2/<category>/), AsciiDoc integration (commit both .d2 source and .svg output).

Rule File Format

Each rule is a Markdown file with YAML frontmatter defining the glob patterns that trigger it:

---
paths:
  - "**/*.adoc"
  - "**/docs/**"
---

# AsciiDoc Documentation Rules

When editing AsciiDoc files:

## Attributes
- ALWAYS use attributes from antora.yml - NEVER hardcode IPs, hostnames, paths
- Check `grep -E "^    [a-z]" docs/antora.yml` before using any attribute
- If attribute doesn't exist, ADD IT to antora.yml first

## Structure
- NO inline TOC (`:toc:`) - Antora UI provides sidebar TOC
- Use `include::partial$` for reusable content
- Use `include::example$` for code blocks >10 lines

Output Styles

Location: ~/.claude/output-styles/

Output styles control Claude Code’s communication tone and formatting. They are Markdown files with YAML frontmatter. The active style is set in settings.json via the outputStyle key.

Activation

"outputStyle": "professional"

This loads ~/.claude/output-styles/professional.md and applies its rules to all Claude Code responses.

professional.md

The professional style enforces direct, senior-engineer communication. Key frontmatter fields:

Field Value

Field	Value
`name`	`professional`
`description`	Direct, senior-engineer communication. No fluff, no sycophancy. Teaching-focused with CLI mastery emphasis.
`keep-coding-instructions`	`true` (preserves Claude’s default coding behavior alongside the style)

name

professional

description

Direct, senior-engineer communication. No fluff, no sycophancy. Teaching-focused with CLI mastery emphasis.

keep-coding-instructions

true (preserves Claude’s default coding behavior alongside the style)

Communication Rules

No sycophantic openers ("Great question!", "That’s a great idea!", "Absolutely!")
No filler or hedging ("I think", "perhaps", "it might be worth")
No trailing summaries of what was just done — the user can read the diff
Challenge incorrect assumptions directly with evidence
Verify independently when asked "am I right?" — do not reflexively agree
Admit errors immediately without defensive framing

Technical Level

Assumes senior systems engineer proficiency:

Use advanced CLI patterns (awk, sed, jq, process substitution)
Show precise verification commands (before AND after changes)
Suggest the harder, more educational approach when multiple options exist
Include line numbers and file paths in references
Provide production-grade commands, not tutorial-level ones

Teaching Mode

When introducing new concepts:

Show the command or pattern first
Explain WHY it works, not just WHAT it does
Connect to concepts the user already knows
Suggest a harder variation for practice

Security Posture

Flag security issues immediately and explain the attack vector. Do not soften warnings.

Configuration: settings.json

Location: ~/.claude/settings.json — 252 lines, 7.8KB. Consolidated from a bloated 60KB settings.local.json.

Core Settings

Setting Value Purpose

Setting	Value	Purpose
`defaultMode`	`acceptEdits`	Auto-approve file edits without prompting
`alwaysThinkingEnabled`	`true`	Extended thinking on every response
`outputStyle`	`professional`	Loads `~/.claude/output-styles/professional.md`
`respectGitignore`	`true`	Honors `.gitignore` for file discovery
`cleanupPeriodDays`	`30`	Auto-cleanup of old session data
`includeGitInstructions`	`true`	Include git workflow guidance in context
`showTurnDuration`	`true`	Display time per response
`terminalProgressBarEnabled`	`true`	Show progress bar during operations
`effortLevel`	`high`	Maximum reasoning effort

defaultMode

acceptEdits

Auto-approve file edits without prompting

alwaysThinkingEnabled

true

Extended thinking on every response

outputStyle

professional

Loads ~/.claude/output-styles/professional.md

respectGitignore

true

Honors .gitignore for file discovery

cleanupPeriodDays

30

Auto-cleanup of old session data

includeGitInstructions

true

Include git workflow guidance in context

showTurnDuration

true

Display time per response

terminalProgressBarEnabled

true

Show progress bar during operations

effortLevel

high

Maximum reasoning effort

Attribution

"attribution": {
  "commit": "",
  "pr": ""
}

Empty strings — no AI attribution on commits or pull requests. Aligns with the AI Attribution Policy in CLAUDE.md.

Environment Variables

Variable Value

Variable	Value
`EDITOR`	`nvim`
`VISUAL`	`nvim`
`ATELIER`	`/home/evanusmodestus/atelier`
`DOTFILES`	`/home/evanusmodestus/atelier/_projects/personal/dots-quantum`
`SECRETS`	`/home/evanusmodestus/.secrets`
`PATH`	`/home/evanusmodestus/.local/bin:$PATH`
`DOMUS_CAPTURES`	`/home/evanusmodestus/atelier/_bibliotheca/domus-captures`
`DOMUS_DOCS`	`/home/evanusmodestus/atelier/_bibliotheca/domus-docs`

EDITOR

nvim

VISUAL

nvim

ATELIER

/home/evanusmodestus/atelier

DOTFILES

/home/evanusmodestus/atelier/_projects/personal/dots-quantum

SECRETS

/home/evanusmodestus/.secrets

PATH

/home/evanusmodestus/.local/bin:$PATH

DOMUS_CAPTURES

/home/evanusmodestus/atelier/_bibliotheca/domus-captures

DOMUS_DOCS

/home/evanusmodestus/atelier/_bibliotheca/domus-docs

Permissions: Allow List (107 entries)

Organized by category. All use the Bash(command:*) format unless noted otherwise.

Git Operations

git

Standard Unix Tools

ls, tree, find, grep, cat, head, tail, wc, sort, awk, sed, diff, basename, dirname, readlink, realpath, ln, echo, printf, chmod, xargs, rsync, mkdir, rm, cp, mv, touch, tee, tr, cut, paste, uniq, rev, column

File Inspection

stat, file, od, xxd, which, type

System Information

env, id, uname, hostname, date, uptime, lsblk, df, du, free, ip, ss, ps

Service Management (Read-Only)

systemctl status, journalctl

Build Tools

make, npm, npx

Language Tools

python, python3, uv, cargo, rustc

Documentation & Data Tools

d2, jq, yq, shellcheck

Network & GitHub

curl, gh, ping, dig, ssh, scp

Security Tools

gpg

Package Management

stow

Miscellaneous

claude, rmapi, timeout, wl-copy, gopass ls, gopass list

WebFetch Domains

Allowed Domain

Allowed Domain
`docs.domusdigitalis.dev`
`github.com`
`docs.antora.org`
`docs.asciidoctor.org`
`json.schemastore.org`

docs.domusdigitalis.dev

github.com

docs.antora.org

docs.asciidoctor.org

json.schemastore.org

WebSearch

WebSearch — unrestricted web search.

Permissions: Deny List (10 entries)

Denied Pattern Reason

Denied Pattern	Reason
`Read(./.env)`	Secrets protection — environment files may contain credentials
`Read(./.env.*)`	Secrets protection — catches `.env.local`, `.env.production`, etc.
`Read(~/.secrets/*)`	Hard boundary — encrypted secrets store is off-limits
`Read(~/.age/*)`	Hard boundary — age encryption keys are off-limits
`Bash(age -d:*)`	Prevents Claude from decrypting any age-encrypted file
`Bash(gopass show:*)`	Prevents Claude from reading password store entries
`Bash(rm -rf /:*)`	Destructive protection — prevents wiping root filesystem
`Bash(rm -rf ~:*)`	Destructive protection — prevents wiping home directory
`Bash(rm -rf /:)`	Destructive protection — prevents wiping any top-level path
`Bash(bash -c:*)`	Prevents shell injection via arbitrary command strings

Read(./.env)

Secrets protection — environment files may contain credentials

Read(./.env.*)

Secrets protection — catches .env.local, .env.production, etc.

Read(~/.secrets/*)

Hard boundary — encrypted secrets store is off-limits

Read(~/.age/*)

Hard boundary — age encryption keys are off-limits

Bash(age -d:*)

Prevents Claude from decrypting any age-encrypted file

Bash(gopass show:*)

Prevents Claude from reading password store entries

Bash(rm -rf /:*)

Destructive protection — prevents wiping root filesystem

Bash(rm -rf ~:*)

Destructive protection — prevents wiping home directory

Bash(rm -rf /:)

Destructive protection — prevents wiping any top-level path

Bash(bash -c:*)

Prevents shell injection via arbitrary command strings

Hooks (Summary)

Hooks run shell commands at specific lifecycle events. Full details in the hooks partial.

Event Matcher Purpose

Event	Matcher	Purpose
`SessionStart`	`*`	Prints environment banner, counts config backups
`UserPromptSubmit`	`*`	Warns if sensitive files (`.env`, `.key`, `.pem`, `.credentials`, `.secret`, `.password`) are staged for commit
`PreToolUse`	`Edit`	Creates timestamped backup of file before editing
`PreToolUse`	`Write`	Creates timestamped backup of file before overwriting
`PostToolUse`	`Edit`	Runs ShellCheck on `.sh`/`.bash`/`.zsh` files; validates AsciiDoc attributes via `validate-asciidoc-attrs.sh`
`PostToolUse`	`Write`	Validates AsciiDoc attributes via `validate-asciidoc-attrs.sh`

SessionStart

*

Prints environment banner, counts config backups

UserPromptSubmit

*

Warns if sensitive files (.env, .key, .pem, .credentials, .secret, .password) are staged for commit

PreToolUse

Edit

Creates timestamped backup of file before editing

PreToolUse

Write

Creates timestamped backup of file before overwriting

PostToolUse

Edit

Runs ShellCheck on .sh/.bash/.zsh files; validates AsciiDoc attributes via validate-asciidoc-attrs.sh

PostToolUse

Write

Validates AsciiDoc attributes via validate-asciidoc-attrs.sh

Auto Mode

Auto mode defines guardrails for autonomous operation.

Environment Context

Multi-repo documentation system (domus-*) using Antora and AsciiDoc
Source control: GitHub (EvanusModestus), GitLab, Gitea (local)
Build: Makefile + Antora + Kroki for diagrams
Trusted workspace: ~/atelier/_bibliotheca/domus-*

Allow (Always Safe)

Building documentation with make
Reading and editing .adoc files in domus-* repos
Git operations (add, commit, log, diff, status) on domus-* repos
Running python scripts in scripts/ directories

Soft Deny (Requires Confirmation)

Deleting .claude/ configuration
Force-pushing to any branch
Modifying files outside ~/atelier/
Accessing ~/.secrets/ or decrypting .age files
Running rm -rf on directories
Modifying antora-playbook.yml in domus-docs

Sandbox

Setting Value

Setting	Value
`enabled`	`true`
`autoAllowBashIfSandboxed`	`false`
`allowUnsandboxedCommands`	`true`
`allowLocalBinding`	`false`
`enableWeakerNestedSandbox`	`false`

enabled

true

autoAllowBashIfSandboxed

false

allowUnsandboxedCommands

true

allowLocalBinding

false

enableWeakerNestedSandbox

false

Allowed Unix Sockets

/run/user/1000/keyring/ssh — SSH agent socket
/var/run/docker.sock — Docker daemon

Filesystem Deny-Write

Prevents write access to sensitive directories:

~/.secrets
~/.age
~/.ssh/id_*
~/.gnupg

Plugins

Plugin Status

Plugin	Status
`rust-analyzer-lsp@claude-plugins-official`	Enabled

rust-analyzer-lsp@claude-plugins-official

Enabled

Tier 6: CLAUDE.md (Global Instructions)

Location: ~/.claude/CLAUDE.md (873 lines)

Section Breakdown:

Section	Purpose	Lines
Learning-First Approach	Bootcamp replacement philosophy - document before execute	3-45
CLI Mastery Training	awk/sed/grep/find/xargs deliberate practice	49-95
FORBIDDEN: Secrets Access	Never decrypt .age, never gopass show, never read ~/.secrets	98-124
SSH Config Encryption Workflow	age-encrypted SSH config with stow symlinks	127-167
CI/CD: Cloudflare Pages	Spoke repos → Cloudflare Pages pipeline	170-216
Senior Engineer & Life Mentor	Role definition - coach, teacher, guardian	219-274
AI Attribution Policy	NO AI attribution ever - no Co-Authored-By	277-297
Communication Style	Direct, honest, not sycophantic	299-318
Command Quality Standards	Senior-level commands with verification, git -C patterns	320-393
Git Workflow Automation	gach/gacp heredoc functions, .gitconfig aliases	395-432
Documentation Strategy	domus-* migration from Principia/PRJ-* legacy structure	434-445
File Format Preferences	AsciiDoc only, D2/Mermaid diagrams, commit output artifacts	447-451
AsciiDoc & Antora Standards	Attributes, partials, cross-refs, NO inline TOC, no hardcoding	453-727
Code Block Formatting	Separate vs group commands, placeholder examples	729-780
Pre-Write Attribute Verification	MANDATORY grep antora.yml before writing any .adoc	783-817
Root Cause Analysis Format	RCA template for build failures and documentation errors	820-846
Claude Code System Awareness	Layered config overview (settings, skills, hooks, rules, agents, output style), deployment model (stow from dots-quantum), auto-load principle for rules	848-873

Section

Purpose

Lines

Learning-First Approach

Bootcamp replacement philosophy - document before execute

3-45

CLI Mastery Training

awk/sed/grep/find/xargs deliberate practice

49-95

FORBIDDEN: Secrets Access

Never decrypt .age, never gopass show, never read ~/.secrets

98-124

SSH Config Encryption Workflow

age-encrypted SSH config with stow symlinks

127-167

CI/CD: Cloudflare Pages

Spoke repos → Cloudflare Pages pipeline

170-216

Senior Engineer & Life Mentor

Role definition - coach, teacher, guardian

219-274

AI Attribution Policy

NO AI attribution ever - no Co-Authored-By

277-297

Communication Style

Direct, honest, not sycophantic

299-318

Command Quality Standards

Senior-level commands with verification, git -C patterns

320-393

Git Workflow Automation

gach/gacp heredoc functions, .gitconfig aliases

395-432

Documentation Strategy

domus-* migration from Principia/PRJ-* legacy structure

434-445

File Format Preferences

AsciiDoc only, D2/Mermaid diagrams, commit output artifacts

447-451

AsciiDoc & Antora Standards

Attributes, partials, cross-refs, NO inline TOC, no hardcoding

453-727

Code Block Formatting

Separate vs group commands, placeholder examples

729-780

Pre-Write Attribute Verification

MANDATORY grep antora.yml before writing any .adoc

783-817

Root Cause Analysis Format

RCA template for build failures and documentation errors

820-846

Claude Code System Awareness

Layered config overview (settings, skills, hooks, rules, agents, output style), deployment model (stow from dots-quantum), auto-load principle for rules

848-873

Modernization Needed: See CR: CLAUDE.md Modernization

CLAUDE.md Workshop

A lab for collecting, analyzing, and building CLAUDE.md configurations. Your configs, community configs, and drafts for new ones.

Your Collection

Global Baseline

Config Purpose

Config	Purpose
`examples/claude/global-baseline.md`	Snapshot of production `~/.claude/CLAUDE.md` (873 lines) — behavioral guidelines, role, standards

examples/claude/global-baseline.md

Snapshot of production ~/.claude/CLAUDE.md (873 lines) — behavioral guidelines, role, standards

Context Configs (Purpose-Built)

Ready-to-use configs for specific work contexts. Use as project-scoped CLAUDE.md files, combine sections, or reference during sessions.

Config When to Use

Config	When to Use
`examples/claude/context-spanish-learning.md`	Spanish study sessions — DELE/SIELE prep, Don Quijote, conectores, subjuntivo, all-Spanish instruction
`examples/claude/context-rhcsa-study.md`	RHCSA exam prep — RHEL 9 framing, SELinux priority, dnf/firewalld (not pacman/nftables), exam-style verification
`examples/claude/context-infrastructure-ops.md`	Production infrastructure work — VyOS, ISE, Vault, k3s, BIND, converged troubleshooting, runbook-first
`examples/claude/context-python-dev.md`	Python/netapi development — Click/Rich/httpx patterns, API integration, pytest, code review
`examples/claude/context-cissp-study.md`	CISSP exam prep — managerial mindset, 8 domains, HIPAA context, real infrastructure mapped to frameworks
`examples/claude/context-mathematics.md`	Math study — College Algebra, LaTeX notation, step-by-step proofs, engineering connections
`examples/claude/context-neovim-lua.md`	Neovim/Lua development — LuaJIT (not 5.4), instrumentum-nvim, mini.nvim, AsciiDoc text objects, LSP config

examples/claude/context-spanish-learning.md

Spanish study sessions — DELE/SIELE prep, Don Quijote, conectores, subjuntivo, all-Spanish instruction

examples/claude/context-rhcsa-study.md

RHCSA exam prep — RHEL 9 framing, SELinux priority, dnf/firewalld (not pacman/nftables), exam-style verification

examples/claude/context-infrastructure-ops.md

Production infrastructure work — VyOS, ISE, Vault, k3s, BIND, converged troubleshooting, runbook-first

examples/claude/context-python-dev.md

Python/netapi development — Click/Rich/httpx patterns, API integration, pytest, code review

examples/claude/context-cissp-study.md

CISSP exam prep — managerial mindset, 8 domains, HIPAA context, real infrastructure mapped to frameworks

examples/claude/context-mathematics.md

Math study — College Algebra, LaTeX notation, step-by-step proofs, engineering connections

examples/claude/context-neovim-lua.md

Neovim/Lua development — LuaJIT (not 5.4), instrumentum-nvim, mini.nvim, AsciiDoc text objects, LSP config

How to Use

As project-scoped CLAUDE.md:

# Copy a context config into a project
cp examples/claude/context-rhcsa-study.md /path/to/project/.claude/CLAUDE.md

Combine contexts:

# Merge infrastructure + python for netapi work
cat examples/claude/context-infrastructure-ops.md examples/claude/context-python-dev.md > /path/to/netapi/.claude/CLAUDE.md

Reference during sessions: Paste relevant sections into conversation context or use as / skill input.

Project-Scoped (domus-* repos)

Repo	Focus	Lines
domus-captures	Hub-spoke architecture, project structure standard, build commands, partials system	See inventory
domus-infra-ops	Infrastructure runbooks, diagrams, inventory	See inventory
domus-ise-linux	802.1X EAP-TLS methodology	See inventory
domus-ise-ops	ISE policy, profiling, deployment	See inventory
domus-ise-windows	Windows 802.1X EAP-TLS	See inventory
domus-linux-ops	Linux administration patterns	See inventory
domus-windows-ops	Windows/PowerShell administration	See inventory
domus-identity-ops	Identity & SSO (SAML, Keycloak, FreeIPA)	See inventory
domus-automation-ops	Templates, GitOps, Ansible	See inventory
domus-siem-ops	SIEM (QRadar, Sentinel, Wazuh, Splunk)	See inventory
domus-math	Mathematical content (Quarto)	See inventory
domus-docs	Antora aggregator hub	See inventory
dots-quantum	Dotfiles stow packages (includes all Claude config)	See inventory

Repo

Focus

Lines

domus-captures

Hub-spoke architecture, project structure standard, build commands, partials system

See inventory

domus-infra-ops

Infrastructure runbooks, diagrams, inventory

See inventory

domus-ise-linux

802.1X EAP-TLS methodology

See inventory

domus-ise-ops

ISE policy, profiling, deployment

See inventory

domus-ise-windows

Windows 802.1X EAP-TLS

See inventory

domus-linux-ops

Linux administration patterns

See inventory

domus-windows-ops

Windows/PowerShell administration

See inventory

domus-identity-ops

Identity & SSO (SAML, Keycloak, FreeIPA)

See inventory

domus-automation-ops

Templates, GitOps, Ansible

See inventory

domus-siem-ops

SIEM (QRadar, Sentinel, Wazuh, Splunk)

See inventory

domus-math

Mathematical content (Quarto)

See inventory

domus-docs

Antora aggregator hub

See inventory

dots-quantum

Dotfiles stow packages (includes all Claude config)

See inventory

Full configs stored in examples/claude/domus-*.md.

Archived Versions

Superseded configs kept for evolution tracking.

Location: examples/claude/archived/

Community Collection

Configs collected from community repos for study and pattern extraction. Not for copying wholesale — for understanding what patterns others use and what’s worth adopting.

Location: examples/claude/community/

File Source What’s Interesting

File	Source	What’s Interesting
`community/devops-sre-ultimate-guide.md`	FlorianBruniaux/claude-code-ultimate-guide	FIRE framework (First Response → Investigate → Remediate → Evaluate), safety rules for destructive commands, runbook template format
`community/devops-engineer-toolkit.md`	rohitg00/awesome-claude-code-toolkit	Opinionated CI/CD rules (pin actions to SHAs, 10-min pipeline max), Docker multi-stage patterns, K8s resource limit philosophy, GitOps promotion flow
`community/network-engineer-voltagent.md`	VoltAgent/awesome-claude-code-subagents	Network engineering checklist (99.99% uptime, <50ms latency), DNS architecture patterns, hybrid cloud networking, zero-trust implementation

community/devops-sre-ultimate-guide.md

FlorianBruniaux/claude-code-ultimate-guide

FIRE framework (First Response → Investigate → Remediate → Evaluate), safety rules for destructive commands, runbook template format

community/devops-engineer-toolkit.md

rohitg00/awesome-claude-code-toolkit

Opinionated CI/CD rules (pin actions to SHAs, 10-min pipeline max), Docker multi-stage patterns, K8s resource limit philosophy, GitOps promotion flow

community/network-engineer-voltagent.md

VoltAgent/awesome-claude-code-subagents

Network engineering checklist (99.99% uptime, <50ms latency), DNS architecture patterns, hybrid cloud networking, zero-trust implementation

Community Sources

Repos where engineers publish their Claude Code configs:

awesome-claude-code — curated skills, hooks, configs
everything-claude-code — 30+ contributors, hackathon-born
claude-code-best-practice — CLAUDE.md patterns
claude-howto — copy-paste templates, hook scripts
awesome-claude-skills — 22k+ installs, skills gallery

Building New Configs

Template: Project-Scoped CLAUDE.md

Minimum viable CLAUDE.md for a new domus-* repo:

# Component Name - Claude Context

## Identity
- **Repository:** domus-<name>
- **Component:** `<antora-name>`
- **Domain:** <name>.domusdigitalis.dev

## Purpose
<One paragraph: what this repo does>

## Build Commands
```bash
make              # Build
make serve        # Build + serve
```

## Cross-References
```asciidoc
xref:<component>::page.adoc[Link Text]
```

## Sensitive Content
- Redact passwords, API keys, tokens with `<REDACTED>`
- Use `dsource`/`dsec` references for credential loading

Drafts

New CLAUDE.md files being developed before deployment:

Target Repo

Notes

Status

Analysis: What Makes a Good CLAUDE.md

See Patterns & Anti-Patterns for the full breakdown. Key principles:

Rules, not suggestions — Claude follows firm directives, not polite requests
RCA-driven — Every rule should trace back to a real incident
Layered — Global CLAUDE.md for behavior, project CLAUDE.md for context, rules/ for file-type patterns
Under 200 lines per file — Split into rules/ if the global file grows past this (yours is at 873 — splitting is overdue)
No stale data — Don’t duplicate values that live in antora.yml or git history