Audit and slim CLAUDE.md for Claude Code

[bmdhodl]

PR Draft

Title

Audit and slim CLAUDE.md to match Claude Code's actual system prompt behavior

Summary

• add CLAUDE_MD_AUDIT.md documenting what Claude Code already injects and what should stay repo-local
• trim CLAUDE.md from a long mixed prompt into a focused AgentGuard repo contract
• keep Claude guidance aligned with memory/, ops/, and ARCHITECTURE.md instead of embedding stale architecture and API detail

Scope

• CLAUDE.md
• CLAUDE_MD_AUDIT.md
• PR_DRAFT.md
• MORNING_REPORT.md
• proof artifacts under proof/claude-md-audit/

Non-goals

• no SDK runtime changes
• no dashboard work
• no Codex-specific prompt rewrite in AGENTS.md
• no attempt to document all Claude Code internals in-repo

Proof

• source article reviewed: https://www.dbreunig.com/2026/04/04/how-claude-code-builds-a-system-prompt.html
• python scripts/sdk_preflight.py
• python -m pytest sdk/tests -v --cov=agentguard --cov-report=term-missing --cov-fail-under=80
• python scripts/sdk_release_guard.py
• token-count proof saved in proof/claude-md-audit/token-counts.txt
• local audit evidence saved in proof/claude-md-audit/
• full PR CI and CodeQL must pass before merge

Saved artifacts

• proof/claude-md-audit/check.txt
• proof/claude-md-audit/preflight.txt
• proof/claude-md-audit/release-guard.txt
• proof/claude-md-audit/token-counts.txt
• proof/claude-md-audit/lint.txt
• proof/claude-md-audit/security.txt

[Copilot]

Pull request overview

Docs-only PR to align repo-local Claude instructions with Claude Code’s actual harness behavior by moving generic guidance out of CLAUDE.md and keeping a slim, repo-specific contract plus audit/proof artifacts.

Changes:

• Add CLAUDE_MD_AUDIT.md to document what Claude Code already injects and what should remain repo-local.
• Slim CLAUDE.md into a focused AgentGuard repo contract (boundary, proof discipline, key workflow).
• Add proof artifacts under proof/claude-md-audit/ (test run output, lint/security snapshots, token-count notes) and update PR_DRAFT.md / MORNING_REPORT.md accordingly.

Reviewed changes

Copilot reviewed 10 out of 11 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
CLAUDE.md	Replaces long mixed prompt content with a slim repo-specific contract and pointers to canonical docs.
CLAUDE_MD_AUDIT.md	New audit write-up describing Claude Code prompt assembly takeaways and rationale for slimming.
PR_DRAFT.md	Updates the PR draft metadata/scope/proof list to match the audit work.
MORNING_REPORT.md	Updates the morning report to reflect the Claude audit deliverables and validation steps.
proof/claude-md-audit/README.md	Documents what each proof artifact in the audit folder represents.
proof/claude-md-audit/check.txt	Captures pytest + coverage output used as proof.
proof/claude-md-audit/lint.txt	Captures repo-wide ruff output (noted as pre-existing debt).
proof/claude-md-audit/preflight.txt	Captures sdk preflight output for this docs-only change.
proof/claude-md-audit/release-guard.txt	Captures release guard output.
proof/claude-md-audit/security.txt	Captures bandit output (empty file indicates no emitted findings).
proof/claude-md-audit/token-counts.txt	Captures before/after size counts for CLAUDE.md.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: cb4b1f6718

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".