From ad7741744d09d10e9df087e63fe98b59f4a1affc Mon Sep 17 00:00:00 2001 From: Daniel Harvey Date: Mon, 18 May 2026 17:39:42 -0400 Subject: [PATCH] docs: update CLAUDE.md files to reflect CredentialTools secrets loading pattern --- CLAUDE.md | 10 ++++++---- DeepDrftContent/CLAUDE.md | 12 ++++++------ DeepDrftWeb/CLAUDE.md | 5 ++++- 3 files changed, 16 insertions(+), 11 deletions(-) diff --git a/CLAUDE.md b/CLAUDE.md index 57dad7e..c8f4de1 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -123,10 +123,12 @@ dotnet ef database update --project DeepDrftWeb.Services --startup-project DeepD ## Key Configuration Files -- `DeepDrftWeb/appsettings.json`: SQL connection string, logging -- `DeepDrftContent/environment/filedatabase.json`: FileDatabase vault path -- `DeepDrftContent/environment/apikey.json`: API key (not in repo) -- `DeepDrftCli/environment/connections.json`: CLI config (`ConnectionString`, `VaultPath`) +All projects load secrets via `CredentialTools.ResolvePathOrThrow()` from gitignored `environment/` files: + +- `DeepDrftWeb/appsettings.json`: Logging and URL config. Secrets loaded from `environment/apikey.json` (DeepDrftContent API key), `environment/connections.json` (SQL and Auth connection strings), `environment/authblocks.json` (AuthBlocks settings). +- `DeepDrftContent/environment/filedatabase.json`: FileDatabase vault path. Loaded via CredentialTools. +- `DeepDrftContent/environment/apikey.json`: API key. Loaded via CredentialTools (not in repo). +- `DeepDrftCli/environment/connections.json`: CLI config (`ConnectionString`, `VaultPath`). Loaded via CredentialTools. ## Folder-Level Guidance diff --git a/DeepDrftContent/CLAUDE.md b/DeepDrftContent/CLAUDE.md index 5f4a8c0..1e418d7 100644 --- a/DeepDrftContent/CLAUDE.md +++ b/DeepDrftContent/CLAUDE.md @@ -14,8 +14,8 @@ The binary content API host. ApiKey middleware, CORS, forwarded headers. Returns - `Controllers/TrackController.cs`: Four endpoints (see below). - `Middleware/ApiKeyAuthenticationMiddleware.cs`, `Middleware/ApiKeyAuthorizeAttribute.cs`: ApiKey validation logic. - `Models/`: Settings POCOs only (`ApiKeySettings`, `CorsSettings`, `FileDatabaseSettings`). No domain code. -- `environment/filedatabase.json`: FileDatabase vault path config (required). -- `environment/apikey.json`: API key (not in repo, must be created locally or at deployment). +- `environment/filedatabase.json`: FileDatabase vault path config (loaded via CredentialTools, not in repo). +- `environment/apikey.json`: API key (loaded via CredentialTools, not in repo, must be created locally or at deployment). ## What does NOT live here anymore @@ -103,7 +103,7 @@ Configured in `Startup.ConfigureDomainServices()`, applied to all endpoints via ## Startup wiring (Startup.ConfigureDomainServices) -1. Load `environment/filedatabase.json` and bind `FileDatabaseSettings`. +1. Load `environment/filedatabase.json` via `CredentialTools.ResolvePathOrThrow("filedatabase", ...)` and bind `FileDatabaseSettings`. 2. Await `FileDatabase.FromAsync(VaultPath)` to load or create the database. 3. Register `FileDatabase` as singleton. 4. Ensure the `tracks` vault exists (type `MediaVaultType.Audio`, created on first boot if missing). @@ -120,8 +120,8 @@ Mapped in `Development` only. Swagger UI at `/swagger` for testing endpoints loc ## Configuration files -- `appsettings.json`: Logging, hosting config. **Does not contain secrets.** -- `environment/filedatabase.json` (required): +- `appsettings.json`: Logging and hosting config. **Does not contain secrets.** +- `environment/filedatabase.json` (required, loaded via CredentialTools, not in repo): ```json { "FileDatabaseSettings": { @@ -129,7 +129,7 @@ Mapped in `Development` only. Swagger UI at `/swagger` for testing endpoints loc } } ``` -- `environment/apikey.json` (required at runtime, not in repo): +- `environment/apikey.json` (required at runtime, loaded via CredentialTools, not in repo): ```json { "ApiKeySettings": { diff --git a/DeepDrftWeb/CLAUDE.md b/DeepDrftWeb/CLAUDE.md index d09f886..7302ae3 100644 --- a/DeepDrftWeb/CLAUDE.md +++ b/DeepDrftWeb/CLAUDE.md @@ -104,7 +104,10 @@ dotnet ef migrations add MigrationName --project DeepDrftWeb.Services --startup- ## Configuration -- `appsettings.json`: `ConnectionStrings:DefaultConnection` (SQLite path), `ApiUrls:*` (backend base addresses), logging, logging config. Port binding via `Kestrel:Endpoints` or `ASPNETCORE_URLS`. +- `appsettings.json`: `ApiUrls:*` (backend base addresses), `Logging:*`, `AllowedHosts`, `ForwardedHeaders`. Port binding via `Kestrel:Endpoints` or `ASPNETCORE_URLS`. +- `environment/apikey.json`: DeepDrftContent API key. Loaded via CredentialTools (not in repo). +- `environment/connections.json`: SQL `DefaultConnection` and Auth connection strings. Loaded via CredentialTools (not in repo). +- `environment/authblocks.json`: AuthBlocks settings. Loaded via CredentialTools (not in repo). - MudBlazor theme (`MainLayout.razor` in client): bespoke light ("Charleston in the Day") and dark ("Lowcountry Summer Nights") palettes. - No `wwwroot/` changes during normal development — TS → JS compilation is automatic.