category: reference

tags: [claude-code, memory, process, backup]

last_updated: 2026-03-18

Backup of Claude Code's persistent memory for the otterwiki/robot.wtf project. These memories guide how Claude Code operates across sessions.

All repos live under `/Users/sderle/code/otterwiki/`. The parent directory is NOT a git repo.

- `otterwiki/` — Fork of redimp/otterwiki (wiki engine). Upstream: `github.com:redimp/otterwiki`. Our remote: `github.com:schuyler/otterwiki` (SSH). Deploy branch: `wikibot-io`. Feature branches: `feat/*` off `wikibot-io`.

- `otterwiki-api/` — REST API plugin. Remote: `github.com:schuyler/otterwiki-api`. Branch: `main`.

- `otterwiki-semantic-search/` — FAISS + ONNX MiniLM semantic search plugin. Remote: `github.com:schuyler/otterwiki-semantic-search`. Branch: `main`.

- `otterwiki-mcp/` — MCP server plugin (12 tools). Remote: `github.com:schuyler/otterwiki-mcp`. Branch: `main`.

- `robot.wtf/` — Platform app server, auth, MCP sidecar, API, Ansible deploy. Remote: `github.com:schuyler/robot.wtf`.

- `wikibot-io/` — AWS SaaS predecessor (Pulumi IaC, Lambda packaging). Remote: `github.com:schuyler/wikibot-io`. AWS profile: `wikibot` (us-east-1).

- `deploy/` — Legacy 3GW deploy config. No git remote.

- `dev-wiki/` — Local dev wiki git repo.

**Deploy flow (robot.wtf):** `ansible-playbook ansible/deploy.yml -i ansible/inventory.yml` from robot.wtf repo.

- **dev-wiki** (`mcp__dev-wiki__*`) = dev.robot.wtf — platform dev instance

- **thirdgulfwar** (`mcp__thirdgulfwar__*`) = 3gw.robot.wtf — research wiki (LXC/Caddy)

- **claude_ai_Third_Gulf_War_research_wiki** — same as thirdgulfwar, via Claude.ai connector

- `MultiAuth` composes `InMemoryOAuthProvider` (OAuth 2.1 for Claude.ai) + `StaticTokenVerifier` (bearer token for Claude Code)

- OAuth is the transport layer — Caddy basic auth on `/authorize*` is the actual gate

- Tokens are in-memory; server restart forces re-auth

- Claude.ai URL: `https://mcp.3gw.robot.wtf/mcp` (must include `/mcp`!)

- Claude.ai does NOT support bearer token auth — only OAuth

**wiki-1 (app server):** `ssh sderle@192.168.77.107`

- Services: otterwiki (8000), MCP sidecar (8001), API (8002), auth (8003)

- Data: `/srv/data/robot.db`, `/srv/data/wikis/`, `/srv/data/robot.env`

- Ansible: `/Users/sderle/code/otterwiki/robot.wtf/ansible/`

**proxy-1 (Caddy):** `ssh sderle@robot.wtf`

- Manages TLS for robot.wtf, *.robot.wtf

- Read-only only. Managed by separate Ansible repo.

**3GW (local network):** LXC container at `3gw.lan`, zmx session `3gw`

- **Opus orchestrates, Sonnet implements.** No Opus manager layer.

- **ALL subagents run in background** (`run_in_background: true`), no exceptions.

- **Worktree isolation required** for code changes. Parent dir is NOT a git repo — must scope to specific repo.

See [[Design/Implementation_Workflow]] for full process. Pipeline: Plan (Opus) → Plan Review (Sonnet) → Implement (Sonnet, worktree) → Chico review → Zeppo review → Fix → Re-review → Verify.

**Rule of Two:** Never accept a subagent finding without independent verification. A test agent once reported a 404 bug using the wrong URL — it was accepted and written into the wiki before anyone checked.

**Fix, don't defer:** Never suggest carrying known debt when the fix is bounded and small. Default is always: fix it now.

**Self-sufficient:** Don't ask questions you can answer by reading code, wiki, or design docs. Only escalate when genuinely blocked or when a decision requires user judgment.

**Reproducible VPS:** NEVER mutate the VPS via SSH. All changes through Ansible. This has been corrected five times. Allowed via SSH: read-only diagnostics only (`journalctl`, `systemctl status`, `curl`, `cat`, `ls`, `sqlite3 SELECT`).

**Pre-merge verification:** Always dispatch a verification agent before merging any subagent's branch. Read the diff, confirm changes match spec, run tests.

**TDD by default:** Red/green TDD whenever possible. Write failing test first, then implementation. Discuss with user before skipping.

**No ignored failures:** If a test is failing before your changes, fix it or flag it. Don't normalize broken tests.

**Plan Review:** Always dispatch a Plan Review agent after Plan, before implementation. Include deployment context (gunicorn timeout, etc.).

**Opus never implements:** Always dispatch a subagent, even for trivial tasks. Opus holds the steering wheel, not the wrench.

**Question the premise:** When a finding says X is slow, ask whether X should exist at all before optimizing. The bcrypt linear scan fix was "add a prefix column" when the answer was "don't use bcrypt for API tokens."

**Pre-flight checklist:** Before dispatching worktree agents: (1) verify CWD is inside target git repo, (2) confirm plan-review loop complete, (3) confirm task dependencies wired.

**Otterwiki config override:** `update_app_config()` loads DB preferences and overwrites Flask config. DB wins over settings.cfg. Always seed values via `_init_wiki_db()`.

**Read memories first:** Read MEMORY.md and Implementation_Workflow wiki page before dispatching any agents. Create full task list before launching first agent.

Each wiki gets `/srv/data/wikis/{slug}/wiki.db`. Resolver swaps DB per-request. `_init_wiki_db()` seeds SITE_NAME, access levels, AUTH_METHOD, schema version.

Lambda cold starts: ~4.5s mean (512MB, Python 3.12). .pyc files make it WORSE (+700ms from extra decompression). CDN caching is the path forward, not Lambda optimization.

Trial file-level parallelism: multiple agents writing different files in a shared worktree. Use `EnterWorktree` to create shared worktree, dispatch agents to same path with assigned files.

- Concise, no sycophancy, no fake enthusiasm

- Bias toward minimal solutions

- Uses plan mode for non-trivial changes

- Time is the most precious resource

- `git add -A` is forbidden

- **To-Do page** in dev wiki is the authoritative task tracker (supersedes Tasks/ pages)

- **Implementation Workflow** at [[Design/Implementation_Workflow]]

- **OWASP Audit** at [[Security/OWASP_2025_Audit]]