docs: update CLAUDE.md files to reflect CredentialTools secrets loading pattern

This commit is contained in:
Daniel Harvey
2026-05-18 17:39:42 -04:00
parent 12c4046965
commit ad7741744d
3 changed files with 16 additions and 11 deletions
+6 -4
View File
@@ -123,10 +123,12 @@ dotnet ef database update --project DeepDrftWeb.Services --startup-project DeepD
## Key Configuration Files ## Key Configuration Files
- `DeepDrftWeb/appsettings.json`: SQL connection string, logging All projects load secrets via `CredentialTools.ResolvePathOrThrow()` from gitignored `environment/` files:
- `DeepDrftContent/environment/filedatabase.json`: FileDatabase vault path
- `DeepDrftContent/environment/apikey.json`: API key (not in repo) - `DeepDrftWeb/appsettings.json`: Logging and URL config. Secrets loaded from `environment/apikey.json` (DeepDrftContent API key), `environment/connections.json` (SQL and Auth connection strings), `environment/authblocks.json` (AuthBlocks settings).
- `DeepDrftCli/environment/connections.json`: CLI config (`ConnectionString`, `VaultPath`) - `DeepDrftContent/environment/filedatabase.json`: FileDatabase vault path. Loaded via CredentialTools.
- `DeepDrftContent/environment/apikey.json`: API key. Loaded via CredentialTools (not in repo).
- `DeepDrftCli/environment/connections.json`: CLI config (`ConnectionString`, `VaultPath`). Loaded via CredentialTools.
## Folder-Level Guidance ## Folder-Level Guidance
+6 -6
View File
@@ -14,8 +14,8 @@ The binary content API host. ApiKey middleware, CORS, forwarded headers. Returns
- `Controllers/TrackController.cs`: Four endpoints (see below). - `Controllers/TrackController.cs`: Four endpoints (see below).
- `Middleware/ApiKeyAuthenticationMiddleware.cs`, `Middleware/ApiKeyAuthorizeAttribute.cs`: ApiKey validation logic. - `Middleware/ApiKeyAuthenticationMiddleware.cs`, `Middleware/ApiKeyAuthorizeAttribute.cs`: ApiKey validation logic.
- `Models/`: Settings POCOs only (`ApiKeySettings`, `CorsSettings`, `FileDatabaseSettings`). No domain code. - `Models/`: Settings POCOs only (`ApiKeySettings`, `CorsSettings`, `FileDatabaseSettings`). No domain code.
- `environment/filedatabase.json`: FileDatabase vault path config (required). - `environment/filedatabase.json`: FileDatabase vault path config (loaded via CredentialTools, not in repo).
- `environment/apikey.json`: API key (not in repo, must be created locally or at deployment). - `environment/apikey.json`: API key (loaded via CredentialTools, not in repo, must be created locally or at deployment).
## What does NOT live here anymore ## What does NOT live here anymore
@@ -103,7 +103,7 @@ Configured in `Startup.ConfigureDomainServices()`, applied to all endpoints via
## Startup wiring (Startup.ConfigureDomainServices) ## Startup wiring (Startup.ConfigureDomainServices)
1. Load `environment/filedatabase.json` and bind `FileDatabaseSettings`. 1. Load `environment/filedatabase.json` via `CredentialTools.ResolvePathOrThrow("filedatabase", ...)` and bind `FileDatabaseSettings`.
2. Await `FileDatabase.FromAsync(VaultPath)` to load or create the database. 2. Await `FileDatabase.FromAsync(VaultPath)` to load or create the database.
3. Register `FileDatabase` as singleton. 3. Register `FileDatabase` as singleton.
4. Ensure the `tracks` vault exists (type `MediaVaultType.Audio`, created on first boot if missing). 4. Ensure the `tracks` vault exists (type `MediaVaultType.Audio`, created on first boot if missing).
@@ -120,8 +120,8 @@ Mapped in `Development` only. Swagger UI at `/swagger` for testing endpoints loc
## Configuration files ## Configuration files
- `appsettings.json`: Logging, hosting config. **Does not contain secrets.** - `appsettings.json`: Logging and hosting config. **Does not contain secrets.**
- `environment/filedatabase.json` (required): - `environment/filedatabase.json` (required, loaded via CredentialTools, not in repo):
```json ```json
{ {
"FileDatabaseSettings": { "FileDatabaseSettings": {
@@ -129,7 +129,7 @@ Mapped in `Development` only. Swagger UI at `/swagger` for testing endpoints loc
} }
} }
``` ```
- `environment/apikey.json` (required at runtime, not in repo): - `environment/apikey.json` (required at runtime, loaded via CredentialTools, not in repo):
```json ```json
{ {
"ApiKeySettings": { "ApiKeySettings": {
+4 -1
View File
@@ -104,7 +104,10 @@ dotnet ef migrations add MigrationName --project DeepDrftWeb.Services --startup-
## Configuration ## Configuration
- `appsettings.json`: `ConnectionStrings:DefaultConnection` (SQLite path), `ApiUrls:*` (backend base addresses), logging, logging config. Port binding via `Kestrel:Endpoints` or `ASPNETCORE_URLS`. - `appsettings.json`: `ApiUrls:*` (backend base addresses), `Logging:*`, `AllowedHosts`, `ForwardedHeaders`. Port binding via `Kestrel:Endpoints` or `ASPNETCORE_URLS`.
- `environment/apikey.json`: DeepDrftContent API key. Loaded via CredentialTools (not in repo).
- `environment/connections.json`: SQL `DefaultConnection` and Auth connection strings. Loaded via CredentialTools (not in repo).
- `environment/authblocks.json`: AuthBlocks settings. Loaded via CredentialTools (not in repo).
- MudBlazor theme (`MainLayout.razor` in client): bespoke light ("Charleston in the Day") and dark ("Lowcountry Summer Nights") palettes. - MudBlazor theme (`MainLayout.razor` in client): bespoke light ("Charleston in the Day") and dark ("Lowcountry Summer Nights") palettes.
- No `wwwroot/` changes during normal development — TS → JS compilation is automatic. - No `wwwroot/` changes during normal development — TS → JS compilation is automatic.