@wipcomputer/wip-ldm-os 0.4.73-alpha.3 → 0.4.73-alpha.30

package/lib/deploy.mjs

@@ -394,14 +394,38 @@ function runBuildIfNeeded(repoPath) {
 
 function compareSemver(a, b) {
   if (!a || !b) return 0;
-  const pa = a.split('.').map(Number);
-  const pb = b.split('.').map(Number);
+  if (a === b) return 0;
+  const [aBase, aPre] = a.split('-', 2);
+  const [bBase, bPre] = b.split('-', 2);
+  const pa = aBase.split('.').map(Number);
+  const pb = bBase.split('.').map(Number);
   for (let i = 0; i < 3; i++) {
     const na = pa[i] || 0;
     const nb = pb[i] || 0;
     if (na > nb) return 1;
     if (na < nb) return -1;
   }
+  // Base versions equal. Stable > prerelease.
+  if (!aPre && bPre) return 1;   // a is stable, b is prerelease -> a is newer
+  if (aPre && !bPre) return -1;  // a is prerelease, b is stable -> b is newer
+  // Both have prereleases. Compare segments.
+  if (aPre && bPre) {
+    const aSegs = aPre.split('.');
+    const bSegs = bPre.split('.');
+    for (let i = 0; i < Math.max(aSegs.length, bSegs.length); i++) {
+      const as = aSegs[i] || '';
+      const bs = bSegs[i] || '';
+      const an = Number(as);
+      const bn = Number(bs);
+      if (!isNaN(an) && !isNaN(bn)) {
+        if (an > bn) return 1;
+        if (an < bn) return -1;
+      } else {
+        if (as > bs) return 1;
+        if (as < bs) return -1;
+      }
+    }
+  }
   return 0;
 }
 
@@ -508,6 +532,32 @@ function safeDeployDir(repoPath, destDir, name) {
   }
 }
 
+/**
+ * Update tools.allow in openclaw.json to include a newly deployed plugin.
+ * OpenClaw 2026.4.8+ enforces tools.allow as an exclusive allowlist.
+ * Without this, newly installed plugins are blocked from running.
+ *
+ * This function MUST remain at module top level. Nesting it inside another
+ * function puts it out of scope for its call sites in the install handlers
+ * and produces a ReferenceError at runtime. See:
+ *   ai/product/bugs/installer/2026-04-11--cc-mini--update-tools-allow-reference-error.md
+ */
+function updateToolsAllow(pluginName) {
+  const ocConfigPath = join(OC_ROOT, 'openclaw.json');
+  if (!existsSync(ocConfigPath)) return;
+  try {
+    const raw = readFileSync(ocConfigPath, 'utf8');
+    const config = JSON.parse(raw);
+    if (!config.tools?.allow || !Array.isArray(config.tools.allow)) return;
+    if (config.tools.allow.includes(pluginName)) return;
+    config.tools.allow.push(pluginName);
+    writeFileSync(ocConfigPath, JSON.stringify(config, null, 2) + '\n');
+    log(`Added "${pluginName}" to openclaw.json tools.allow`);
+  } catch (e) {
+    log(`Warning: failed to update tools.allow for ${pluginName}: ${e.message}`);
+  }
+}
+
 // ── OpenClaw plugin naming (fix #8) ──
 
 function resolveOcPluginName(repoPath, toolName) {
@@ -788,7 +838,28 @@ function registerMCP(repoPath, door, toolName) {
   }
 }
 
-function installClaudeCodeHook(repoPath, door) {
+/**
+ * Install Claude Code hook(s) for an extension.
+ *
+ * Accepts either a single door object (legacy) or an array of door objects
+ * (new in 2026-04-05 for wip-branch-guard 1.9.73 which registers on both
+ * PreToolUse and SessionStart). Normalizes to an array and installs each
+ * door independently.
+ *
+ * Returns true if at least one door installed successfully.
+ */
+function installClaudeCodeHook(repoPath, doorOrDoors) {
+  const doors = Array.isArray(doorOrDoors) ? doorOrDoors : [doorOrDoors];
+  let anyOk = false;
+  for (const door of doors) {
+    if (installClaudeCodeHookEvent(repoPath, door)) {
+      anyOk = true;
+    }
+  }
+  return anyOk;
+}
+
+function installClaudeCodeHookEvent(repoPath, door) {
   const settingsPath = join(HOME, '.claude', 'settings.json');
   let settings = readJSON(settingsPath);
 
@@ -802,6 +873,8 @@ function installClaudeCodeHook(repoPath, door) {
   const installedGuard = join(extDir, 'guard.mjs');
 
   // Deploy guard.mjs to ~/.ldm/extensions/{toolName}/ (#85: always update, not just when missing)
+  // Idempotent across multi-door invocations: two doors on the same repo
+  // will both trigger this copy, which is a filesystem no-op after the first.
   const srcGuard = join(repoPath, 'guard.mjs');
   if (existsSync(srcGuard)) {
     try {
@@ -819,21 +892,30 @@ function installClaudeCodeHook(repoPath, door) {
     ? `node ${installedGuard}`
     : (door.command || `node "${srcGuard}"`);
 
+  const event = door.event || 'PreToolUse';
+
   if (DRY_RUN) {
-    ok(`Claude Code: would add ${door.event || 'PreToolUse'} hook (dry run)`);
+    ok(`Claude Code: would add ${event} hook (dry run)`);
     return true;
   }
 
   if (!settings.hooks) settings.hooks = {};
-  const event = door.event || 'PreToolUse';
   if (!settings.hooks[event]) settings.hooks[event] = [];
 
-  const existingIdx = settings.hooks[event].findIndex(entry =>
-    entry.hooks?.some(h => {
+  // Match existing entries by the guard command path + the matcher, so that
+  // a single extension registering on multiple events (each with its own
+  // matcher) creates one entry per event rather than all entries colliding
+  // on the same hook slot. Before this change the existing-entry check was
+  // per-extension, not per-extension-per-event.
+  const doorMatcher = door.matcher || undefined;
+  const existingIdx = settings.hooks[event].findIndex(entry => {
+    const sameMatcher = (entry.matcher || undefined) === doorMatcher;
+    if (!sameMatcher) return false;
+    return entry.hooks?.some(h => {
       const cmd = h.command || '';
       return cmd.includes(`/${toolName}/`) || cmd === hookCommand;
-    })
-  );
+    });
+  });
 
   if (existingIdx !== -1) {
     const existingCmd = settings.hooks[event][existingIdx].hooks?.[0]?.command || '';
@@ -854,7 +936,7 @@ function installClaudeCodeHook(repoPath, door) {
   }
 
   settings.hooks[event].push({
-    matcher: door.matcher || undefined,
+    matcher: doorMatcher,
     hooks: [{
       type: 'command',
       command: hookCommand,
@@ -1016,6 +1098,8 @@ export function installSingleTool(toolPath) {
       installed++;
       registryInfo.ldmPath = join(LDM_EXTENSIONS, toolName);
       registryInfo.ocPath = join(OC_EXTENSIONS, toolName);
+      // Update tools.allow in openclaw.json so OC 2026.4.8+ doesn't block the plugin
+      updateToolsAllow(toolName);
     }
   } else if (interfaces.mcp) {
     const extName = basename(toolPath);

package/lib/detect.mjs

@@ -53,16 +53,27 @@ export function detectInterfaces(repoPath) {
     interfaces.skill = { path: join(repoPath, 'SKILL.md') };
   }
 
-  // 6. Claude Code Hook: guard.mjs or claudeCode.hook in package.json
-  if (pkg?.claudeCode?.hook) {
-    interfaces.claudeCodeHook = pkg.claudeCode.hook;
+  // 6. Claude Code Hook: guard.mjs or claudeCode.hook(s) in package.json
+  //
+  // Supports three shapes:
+  //   - Legacy singular: pkg.claudeCode.hook = { event, matcher, ... }
+  //   - New plural array: pkg.claudeCode.hooks = [{ event, matcher, ... }, ...]
+  //     (one extension can register on multiple events, e.g. both PreToolUse
+  //     and SessionStart. Added 2026-04-05 for wip-branch-guard 1.9.73.)
+  //   - Implicit: a bare guard.mjs file with no package.json declaration.
+  //
+  // Normalized to an array internally so deploy.mjs has one code path.
+  if (Array.isArray(pkg?.claudeCode?.hooks)) {
+    interfaces.claudeCodeHook = pkg.claudeCode.hooks;
+  } else if (pkg?.claudeCode?.hook) {
+    interfaces.claudeCodeHook = [pkg.claudeCode.hook];
   } else if (existsSync(join(repoPath, 'guard.mjs'))) {
-    interfaces.claudeCodeHook = {
+    interfaces.claudeCodeHook = [{
       event: 'PreToolUse',
       matcher: 'Edit|Write',
       command: `node "${join(repoPath, 'guard.mjs')}"`,
       timeout: 5,
-    };
+    }];
   }
 
   // 7. Claude Code Plugin: .claude-plugin/plugin.json
@@ -93,7 +104,10 @@ export function describeInterfaces(interfaces) {
   if (interfaces.mcp) lines.push(`MCP Server: ${interfaces.mcp.file}`);
   if (interfaces.openclaw) lines.push(`OpenClaw Plugin: ${interfaces.openclaw.config?.name || 'detected'}`);
   if (interfaces.skill) lines.push(`Skill: SKILL.md`);
-  if (interfaces.claudeCodeHook) lines.push(`Claude Code Hook: ${interfaces.claudeCodeHook.event || 'PreToolUse'}`);
+  if (interfaces.claudeCodeHook) {
+    const events = interfaces.claudeCodeHook.map(h => h.event || 'PreToolUse');
+    lines.push(`Claude Code Hook: ${events.join(', ')}`);
+  }
   if (interfaces.claudeCodePlugin) lines.push(`Claude Code Plugin: ${interfaces.claudeCodePlugin.manifest?.name || 'detected'}`);
 
   return `${names.length} interface(s): ${names.join(', ')}\n${lines.map(l => `  ${l}`).join('\n')}`;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-ldm-os",
-  "version": "0.4.73-alpha.3",
+  "version": "0.4.73-alpha.30",
   "type": "module",
   "description": "LDM OS: identity, memory, and sovereignty infrastructure for AI agents",
   "engines": {
@@ -16,7 +16,7 @@
     "lesa": "dist/bridge/cli.js"
   },
   "scripts": {
-    "build:bridge": "cd src/bridge && npm install && npx tsup core.ts mcp-server.ts cli.ts --format esm --dts --clean --outDir ../../dist/bridge",
+    "build:bridge": "cd src/bridge && npm install && npx tsup core.ts mcp-server.ts cli.ts openclaw.ts --format esm --dts --clean --outDir ../../dist/bridge",
     "build": "npm run build:bridge",
     "prepublishOnly": "npm run build:bridge",
     "fmt": "npx prettier --write 'src/**/*.{ts,mjs}' 'lib/**/*.mjs' 'bin/**/*.js'",

package/shared/docs/README.md.tmpl

@@ -6,7 +6,7 @@ Updates come from two sources:
 - **config.json** ... when you change your org settings, the "Your System" sections regenerate
 - **System hooks** ... when tools are installed, updated, or reconfigured, the relevant docs update automatically
 
-If something is wrong, update `settings/config.json` or run `ldm install`. The docs will follow.
+If something is wrong, update `~/.ldm/config.json` or run `ldm install`. The docs will follow.
 
 ## What's Here
 
@@ -32,4 +32,4 @@ Each doc has two sections:
 1. **Universal** ... how the feature works for everyone (top of file)
 2. **Your System** ... your specific configuration (bottom, after the `---` separator)
 
-Universal content comes from the LDM OS repo. "Your System" content is generated from your `settings/config.json`.
+Universal content comes from the LDM OS repo. "Your System" content is generated from your `~/.ldm/config.json`.

package/shared/docs/how-install-works.md.tmpl

@@ -16,11 +16,31 @@ Your AI reads the spec, explains what LDM OS is, checks if it's already installe
 1. **Self-update.** Checks npm for a newer version of itself. Updates first, then re-runs with new code.
 2. **System scan.** Reads `~/.ldm/extensions/`, `~/.openclaw/extensions/`, Claude Code MCP config, CLI binaries on PATH.
 3. **Catalog check.** Matches installed extensions against the catalog. Shows what's available, what's behind.
-4. **npm version check.** Checks every installed extension against npm for newer versions.
-5. **Update.** Clones from GitHub, builds if needed, deploys to extensions dirs, registers MCP/hooks/skills.
+4. **npm version check.** Checks every installed extension against npm for newer versions (uses dist-tags for alpha/beta).
+5. **Update.** Resolves the install source (see Source Resolution below), deploys to extensions dirs, registers MCP/hooks/skills.
 6. **Health check.** Verifies CLIs exist, no broken symlinks, no stale configs.
 7. **Cleanup.** Removes staging dirs, prunes ghost entries from registry.
 
+## Release Tracks
+
+```bash
+ldm install              # stable (npm @latest)
+ldm install --alpha      # alpha track (npm @alpha)
+ldm install --beta       # beta track (npm @beta)
+```
+
+Each track overwrites whatever is installed. Alpha, beta, and stable all use the same install path. The flag only changes which npm dist-tag is checked for updates.
+
+## Source Resolution
+
+When updating, the installer finds the package in priority order:
+
+1. **npm** (when `--alpha` or `--beta`): downloads from npm dist-tag. Works on any machine.
+2. **Local private repo** (developer machine): finds the repo at `~/wipcomputerinc/repos/ldm-os/`. Works offline, no npm or internet needed.
+3. **GitHub clone** (fallback): clones the public repo. Existing behavior.
+
+Alpha/beta installs never require `deploy-public`. Merge to private main, `wip-release alpha`, `ldm install --alpha`, done.
+
 ## Dry Run
 
 Always preview first:

package/shared/docs/how-releases-work.md.tmpl

@@ -1,77 +1,93 @@
 # How Releases Work
 
-## The Pipeline
+## Four Release Tracks
 
-Every release follows these steps. No shortcuts.
+| Track | npm tag | Who | Purpose |
+|-------|---------|-----|---------|
+| **Alpha** | `@alpha` | Developer | Moving fast. Fix, test, iterate. No deploy-public needed. |
+| **Beta** | `@beta` | Testers | Testing the distribution pipeline. npm + installer verified. |
+| **Hotfix** | `@latest` | Everyone | Emergency fix. Goes straight to stable. No deploy-public. |
+| **Stable** | `@latest` | Everyone | Full release. deploy-public syncs the public repo. |
 
-### 1. Branch and Code
+## The Alpha Flow (Development)
+
+This is the fast path. Most work happens here.
 
-Create a worktree, make your changes, commit:
 ```bash
-ldm worktree add my-prefix/feature-name
-cd _worktrees/repo--my-prefix--feature-name/
-# edit files
-git add <files>
-git commit -m "description"
-```
+# 1. Branch and code
+git worktree add .worktrees/repo--my-prefix--feature -b my-prefix/feature
+cd .worktrees/repo--my-prefix--feature/
+# edit, commit
 
-### 2. Write Release Notes
+# 2. Push, PR, merge
+git push -u origin my-prefix/feature
+gh pr create && gh pr merge --merge
 
-Create `RELEASE-NOTES-v{version}.md` (dashes, not dots) in the repo root. Commit it on the branch with the code. It gets reviewed in the PR.
+# 3. ALWAYS pull to main after merge (not optional)
+cd /path/to/repo && git checkout main && git pull
 
-### 3. Push and PR
+# 4. Alpha release
+wip-release alpha --notes="what changed"
 
-```bash
-git push -u origin my-prefix/feature-name
-gh pr create --title "..." --body "..."
-gh pr merge --merge --delete-branch
+# 4. Install and test
+ldm install --alpha
 ```
 
-Never squash merge. Always `--merge`.
-
-### 4. Release
-
-```bash
-cd /path/to/repo    # main working tree, not worktree
-git checkout main && git pull
-wip-release patch   # auto-detects the release notes file
-```
+Done. No deploy-public. No public repo sync. The installer pulls from npm @alpha (or finds the local private repo if offline).
 
-`wip-release` handles: version bump, CHANGELOG.md, SKILL.md version sync, npm publish, GitHub release, website skill publish.
+**Sub-tool versions:** If you changed a sub-tool's code, bump its `package.json` version in the PR. Same version = same code. `wip-release` warns if files changed without a version bump.
 
-### 5. Deploy to Public
+## The Stable Flow (Public Release)
 
 ```bash
-bash deploy-public.sh /path/to/private-repo org/public-repo
-```
+# 1-3. Same as alpha: branch, PR, merge
 
-Syncs everything except `ai/` to the public repo. Creates matching release with notes.
+# 4. Write release notes on the branch
+# RELEASE-NOTES-v{version}.md in repo root, committed with the code
 
-### 6. Install (Dogfood)
+# 5. Stable release
+git checkout main && git pull
+wip-release patch   # auto-detects release notes
 
-Open a new AI session and paste:
-```
-Read https://wip.computer/install/wip-ldm-os.txt
+# 6. Deploy to public
+deploy-public /path/to/private-repo org/public-repo
+
+# 7. Dogfood
+ldm install
 ```
 
-The AI walks through: explain, dry run, install. Never `npm install -g` directly.
+`wip-release` handles: version bump, CHANGELOG.md, SKILL.md sync, npm publish, GitHub release.
+
+`deploy-public` syncs everything except `ai/` to the public repo. Creates a matching release.
 
 ## Quality Gates
 
-`wip-release` enforces before publishing:
+`wip-release` enforces before publishing (stable only):
 - Release notes must be a file (not a flag)
-- Must reference a GitHub issue
 - Product docs must be updated
-- Technical docs must be updated if source changed
 - No stale merged branches
 - Must run from main working tree (not worktree)
 
+Alpha/beta skip most gates for speed.
+
+## Source Resolution
+
+The installer resolves sources in priority order:
+
+1. **npm** (with dist-tag for alpha/beta): works on any machine with internet
+2. **Local private repo**: works offline on developer machines
+3. **GitHub clone**: fallback for stable installs and third-party tools
+
+## Version Immutability
+
+Same version = same code. Always. If code changed, the version must change. The installer uses version comparison to decide whether to deploy. `wip-release` validates that sub-tools with changed files have bumped versions.
+
 ## Three Separate Steps
 
 | Step | What happens | What it means |
 |------|-------------|---------------|
 | Merge | PR merged to main | Code lands. Nothing else changes. |
-| Deploy | wip-release + deploy-public | Published to npm + GitHub. Not on your machine yet. |
-| Install | Run the install prompt | Extensions updated on your machine. |
+| Release | `wip-release alpha/beta/patch` | Published to npm. Available for install. |
+| Install | `ldm install [--alpha/--beta]` | Extensions updated on your machine. |
 
-After Deploy, stop. Don't copy files. Don't npm install. Dogfood the install prompt.
+For stable releases, add a fourth step: `deploy-public` to sync the public GitHub repo.

package/shared/docs/how-worktrees-work.md.tmpl

@@ -10,8 +10,8 @@ A git worktree is a second checkout of the same repo. Same history, same remote,
 
 ```
 my-repo/                         <- main branch (read-only)
-_worktrees/my-repo--fix-bug/     <- your worktree (editable)
-_worktrees/my-repo--new-feature/ <- someone else's worktree
+.worktrees/my-repo--fix-bug/     <- your worktree (editable)
+.worktrees/my-repo--new-feature/ <- someone else's worktree
 ```
 
 All share the same `.git` database. Commits in any worktree are visible to all. But each has its own branch and files on disk.
@@ -23,22 +23,27 @@ cd my-repo
 ldm worktree add my-prefix/fix-bug
 ```
 
-This creates `_worktrees/my-repo--my-prefix--fix-bug/`.
+This creates `.worktrees/my-repo--my-prefix--fix-bug/`.
 
 ## How to Work
 
 Edit files in the worktree directory. Commit, push, PR, merge as normal:
 
 ```bash
-cd _worktrees/my-repo--my-prefix--fix-bug/
+cd .worktrees/my-repo--my-prefix--fix-bug/
 # edit, then:
 git add <files>
 git commit -m "description"
 git push -u origin my-prefix/fix-bug
 gh pr create
 gh pr merge --merge --delete-branch
+
+# CRITICAL: pull to main immediately after merge
+cd /path/to/repo && git checkout main && git pull
 ```
 
+**Always pull to main after merging a PR.** If you don't, the main working tree is stale and files won't show up. This is not optional. Every merge, every time.
+
 ## How to Clean Up
 
 ```bash
@@ -65,13 +70,13 @@ Switching branches changes every file in the directory. If another process (an a
 
 ## Your System
 
-**Worktree location:** `~/wipcomputerinc/repos/_worktrees/`
+**Worktree location:** `~/wipcomputerinc/repos/.worktrees/`
 
 **Branch prefixes:**
 - `cc-mini/` ... Claude Code on Mac mini
 - `cc-air/` ... Claude Code on MacBook Air
 - `lesa-mini/` ... Lesa on Mac mini
 
-**Guard:** The branch guard warns if you create a worktree outside `_worktrees/`. Suggests `ldm worktree add` instead.
+**Guard:** The branch guard warns if you create a worktree outside `.worktrees/`. Suggests `ldm worktree add` instead.
 
-**Auto-cleanup:** `wip-release` prunes merged worktrees from `_worktrees/` after every release.
+**Auto-cleanup:** `wip-release` prunes merged worktrees from `.worktrees/` after every release.

package/shared/rules/git-conventions.md

@@ -14,11 +14,11 @@ Always use a branch and PR.
 
 ## Co-authors on every commit
 
-List all contributors. Read co-author lines from `settings/config.json` in your workspace.
+List all contributors. Read co-author lines from `~/.ldm/config.json` coAuthors field.
 
 ## Branch prefixes
 
-Each agent uses a prefix from `settings/config.json` agents section. Prevents collisions.
+Each agent uses a prefix from `~/.ldm/config.json` agents section. Prevents collisions.
 
 ## Worktrees
 
@@ -30,4 +30,4 @@ For private/public repo pairs, all issues go on the public repo.
 
 ## On-demand reference
 
-Before doing repo work, read `~/wipcomputerinc/settings/docs/how-worktrees-work.md` for the full worktree workflow with commands.
+Before doing repo work, read `~/wipcomputerinc/library/documentation/how-worktrees-work.md` for the full worktree workflow with commands.

package/shared/rules/release-pipeline.md

@@ -39,4 +39,4 @@ Installed tools are for execution. Repo clones are for development. Use the inst
 
 ## On-demand reference
 
-Before releasing, read `~/wipcomputerinc/settings/docs/how-releases-work.md` for the full pipeline with commands.
+Before releasing, read `~/wipcomputerinc/library/documentation/how-releases-work.md` for the full pipeline with commands.

package/shared/rules/security.md

@@ -2,7 +2,7 @@
 
 ## Secret management
 
-Use your org's secret management tool (configured in settings/config.json). Never hardcode API keys, tokens, or credentials.
+Use your org's secret management tool (configured in `~/.ldm/config.json`). Never hardcode API keys, tokens, or credentials.
 
 ## Security audit before installing anything
 

package/shared/rules/workspace-boundaries.md

@@ -22,4 +22,4 @@ Installed tools are for execution. Repo clones are for development. Use the inst
 
 ## On-demand reference
 
-For the full directory map, read `~/wipcomputerinc/settings/docs/system-directories.md`.
+For the full directory map, read `~/wipcomputerinc/library/documentation/system-directories.md`.

package/shared/rules/writing-style.md

@@ -1,5 +1,5 @@
 # Writing Style
 
-Read writing conventions from your org's `settings/config.json` writingStyle section.
+Read writing conventions from `~/.ldm/config.json` writingStyle section.
 
 **Full paths in documentation.** Never truncate paths. Always show the complete path so there's no ambiguity.

package/shared/templates/claude-md-level1.md

@@ -5,9 +5,13 @@
 Never use em dashes. Use periods, colons, semicolons, or ellipsis (...) instead.
 Timezone: PST (Pacific), 24-hour clock. Parker is in Los Angeles.
 
+## Don't Hedge
+
+Never ask "should I stop?", "is this too much?", "what should we do now?", or "do you want me to continue?". If you have work to do, do it. If you're stuck, say what you're stuck on specifically. Don't express existential doubt about the task. Don't ask permission to keep working. Don't narrate your own uncertainty. Just work.
+
 ## Co-Authors on Every Commit
 
-Read co-author lines from `~/wipcomputerinc/settings/config.json` coAuthors field. All contributors listed on every commit. No exceptions.
+Read co-author lines from `~/.ldm/config.json` coAuthors field. All contributors listed on every commit. No exceptions.
 
 ## 1Password CLI: Always Use Service Account Token
 
@@ -30,8 +34,8 @@ Before reaching for any external service or workaround: search memory first. Use
 
 ## Dev Conventions
 
-For git workflow, releases, worktrees, and repo conventions: read `~/wipcomputerinc/settings/docs/` on demand when doing repo work. Key docs:
+For git workflow, releases, worktrees, and repo conventions: read `~/wipcomputerinc/library/documentation/` on demand when doing repo work. Key docs:
 - `how-worktrees-work.md` ... git worktrees, the convention, commands
 - `how-releases-work.md` ... the full release pipeline
 - `system-directories.md` ... what lives where
-- Also read `~/wipcomputerinc/settings/templates/dev-guide-private.md` for org-specific conventions
+- Also read `~/.ldm/shared/dev-guide-wipcomputerinc.md` for org-specific conventions