claudeos-core 2.1.1 → 2.3.0

package/pass-prompts/templates/node-vite/pass1.md

@@ -1,117 +1,117 @@
-Read claudeos-core/generated/project-analysis.json and
-perform a deep analysis of the following domains only: {{DOMAIN_GROUP}}
-
-For each domain, select one representative file per layer, read its code, and analyze it.
-Prioritize files with the richest patterns.
-
-Analysis items (per domain):
-
-1. Page/Routing Patterns
-   - Client-side routing (React Router, TanStack Router, custom)
-   - Route definition approach (file-based, config-based, lazy loading)
-   - Layout structure (nested layouts, outlet, wrapper components)
-   - Dynamic routes and route parameters
-   - Route guards and authentication redirects
-   - Error/404 handling
-
-2. Component Patterns
-   - Component structure (functional, forwardRef, memo)
-   - Props type definition (interface vs type, Generic usage)
-   - State management (useState, useReducer, external libraries)
-   - Styling approach and exact import paths (e.g., `import styles from './index.module.scss'`, `import { cn } from '@/lib/utils'`)
-   - Styling utility functions: record the EXACT import path used in source code
-   - UI library and exact package names (e.g., `@mui/material`, `antd`, `@shadcn/ui`)
-   - Component classification (UI, Feature, Layout, Page)
-   - Component entry file pattern: is the main file `index.tsx` or `ComponentName.tsx`? Record exactly.
-   - Directory structure pattern: record exact convention
-   - export pattern: default export vs named export in component files
-   - Reuse patterns (composition, compound components, render props)
-   - Accessibility (ARIA, semantic HTML, keyboard navigation)
-
-3. Data Fetching Patterns
-   - Client-side data fetching (TanStack Query, SWR, useEffect, axios)
-   - API client configuration (base URL, interceptors, error handling)
-   - Request/response typing
-   - Caching strategy (query keys, stale time, refetch)
-   - Error/loading state handling
-   - Optimistic updates
-   - Pagination/infinite scroll patterns
-
-4. State Management Patterns
-   - Global state (Zustand, Redux Toolkit, Jotai, Recoil, Context)
-   - Server state (TanStack Query, SWR)
-   - URL state (searchParams, useNavigate)
-   - Form state (React Hook Form, Formik)
-   - Local component state patterns
-
-5. Configuration/Environment Patterns
-   - Environment variable management (VITE_ prefix convention, .env separation)
-   - vite.config settings (proxy, aliases, plugins)
-   - Build optimization (chunk splitting, dynamic imports)
-   - Path aliases (@/, src/)
-
-6. Logging/Monitoring Patterns
-   - Client error tracking (Sentry, DataDog RUM)
-   - Performance monitoring
-   - Analytics tools (Google Analytics, PostHog, Mixpanel)
-
-7. Testing Patterns
-   - Test framework (Vitest, Jest, Playwright, Cypress)
-   - Component testing (React Testing Library, Storybook)
-   - E2E testing strategy
-   - Mocking strategy (MSW, vi.mock)
-   - Test naming conventions
-
-8. Domain-Specific Patterns
-   - Authentication/authorization (session, token, OAuth)
-   - Internationalization (i18next, react-intl)
-   - File upload patterns
-   - Real-time features (WebSocket, SSE)
-   - API versioning strategy
-
-9. Anti-patterns / Inconsistencies
-   - Patterns inconsistent with other domains
-   - Performance issues (unnecessary re-renders, bundle size)
-   - Type safety issues
-   - Accessibility issues
-   - Security issues (XSS, CSRF)
-
-Do not create or modify source files. Analysis only.
-Save results to claudeos-core/generated/pass1-{{PASS_NUM}}.json in the following format:
-
-{
-  "analyzedAt": "ISO timestamp",
-  "passNum": {{PASS_NUM}},
-  "domains": ["auth", "dashboard", "settings", "shared"],
-  "analysisPerDomain": {
-    "dashboard": {
-      "representativeFiles": {
-        "page": "src/pages/dashboard/index.tsx",
-        "component": "src/components/dashboard/StatsCard.tsx",
-        "hook": "src/hooks/useDashboardData.ts",
-        "api": "src/api/dashboard.ts"
-      },
-      "patterns": {
-        "page": { ... },
-        "component": {
-          "entryFilePattern": "index.tsx or ComponentName.tsx",
-          "exportPattern": "default export or named export",
-          "stylingImport": "exact import statement used for styling utility",
-          "uiLibraryImport": "exact import statement for UI components",
-          ...
-        },
-        "dataFetching": { ... },
-        "stateManagement": { ... },
-        "config": { ... },
-        "logging": { ... },
-        "testing": { ... }
-      },
-      "specialPatterns": [],
-      "antiPatterns": []
-    }
-  },
-  "crossDomainCommon": {
-    "description": "Patterns commonly used across domains in this group",
-    "patterns": []
-  }
-}
+Read claudeos-core/generated/project-analysis.json and
+perform a deep analysis of the following domains only: {{DOMAIN_GROUP}}
+
+For each domain, select one representative file per layer, read its code, and analyze it.
+Prioritize files with the richest patterns.
+
+Analysis items (per domain):
+
+1. Page/Routing Patterns
+   - Client-side routing (React Router, TanStack Router, custom)
+   - Route definition approach (file-based, config-based, lazy loading)
+   - Layout structure (nested layouts, outlet, wrapper components)
+   - Dynamic routes and route parameters
+   - Route guards and authentication redirects
+   - Error/404 handling
+
+2. Component Patterns
+   - Component structure (functional, forwardRef, memo)
+   - Props type definition (interface vs type, Generic usage)
+   - State management (useState, useReducer, external libraries)
+   - Styling approach and exact import paths (e.g., `import styles from './index.module.scss'`, `import { cn } from '@/lib/utils'`)
+   - Styling utility functions: record the EXACT import path used in source code
+   - UI library and exact package names (e.g., `@mui/material`, `antd`, `@shadcn/ui`)
+   - Component classification (UI, Feature, Layout, Page)
+   - Component entry file pattern: is the main file `index.tsx` or `ComponentName.tsx`? Record exactly.
+   - Directory structure pattern: record exact convention
+   - export pattern: default export vs named export in component files
+   - Reuse patterns (composition, compound components, render props)
+   - Accessibility (ARIA, semantic HTML, keyboard navigation)
+
+3. Data Fetching Patterns
+   - Client-side data fetching (TanStack Query, SWR, useEffect, axios)
+   - API client configuration (base URL, interceptors, error handling)
+   - Request/response typing
+   - Caching strategy (query keys, stale time, refetch)
+   - Error/loading state handling
+   - Optimistic updates
+   - Pagination/infinite scroll patterns
+
+4. State Management Patterns
+   - Global state (Zustand, Redux Toolkit, Jotai, Recoil, Context)
+   - Server state (TanStack Query, SWR)
+   - URL state (searchParams, useNavigate)
+   - Form state (React Hook Form, Formik)
+   - Local component state patterns
+
+5. Configuration/Environment Patterns
+   - Environment variable management (VITE_ prefix convention, .env separation)
+   - vite.config settings (proxy, aliases, plugins)
+   - Build optimization (chunk splitting, dynamic imports)
+   - Path aliases (@/, src/)
+
+6. Logging/Monitoring Patterns
+   - Client error tracking (Sentry, DataDog RUM)
+   - Performance monitoring
+   - Analytics tools (Google Analytics, PostHog, Mixpanel)
+
+7. Testing Patterns
+   - Test framework (Vitest, Jest, Playwright, Cypress)
+   - Component testing (React Testing Library, Storybook)
+   - E2E testing strategy
+   - Mocking strategy (MSW, vi.mock)
+   - Test naming conventions
+
+8. Domain-Specific Patterns
+   - Authentication/authorization (session, token, OAuth)
+   - Internationalization (i18next, react-intl)
+   - File upload patterns
+   - Real-time features (WebSocket, SSE)
+   - API versioning strategy
+
+9. Anti-patterns / Inconsistencies
+   - Patterns inconsistent with other domains
+   - Performance issues (unnecessary re-renders, bundle size)
+   - Type safety issues
+   - Accessibility issues
+   - Security issues (XSS, CSRF)
+
+Do not create or modify source files. Analysis only.
+Save results to claudeos-core/generated/pass1-{{PASS_NUM}}.json in the following format:
+
+{
+  "analyzedAt": "ISO timestamp",
+  "passNum": {{PASS_NUM}},
+  "domains": ["auth", "dashboard", "settings", "shared"],
+  "analysisPerDomain": {
+    "dashboard": {
+      "representativeFiles": {
+        "page": "src/pages/dashboard/index.tsx",
+        "component": "src/components/dashboard/StatsCard.tsx",
+        "hook": "src/hooks/useDashboardData.ts",
+        "api": "src/api/dashboard.ts"
+      },
+      "patterns": {
+        "page": { ... },
+        "component": {
+          "entryFilePattern": "index.tsx or ComponentName.tsx",
+          "exportPattern": "default export or named export",
+          "stylingImport": "exact import statement used for styling utility",
+          "uiLibraryImport": "exact import statement for UI components",
+          ...
+        },
+        "dataFetching": { ... },
+        "stateManagement": { ... },
+        "config": { ... },
+        "logging": { ... },
+        "testing": { ... }
+      },
+      "specialPatterns": [],
+      "antiPatterns": []
+    }
+  },
+  "crossDomainCommon": {
+    "description": "Patterns commonly used across domains in this group",
+    "patterns": []
+  }
+}

package/pass-prompts/templates/node-vite/pass2.md

@@ -1,78 +1,78 @@
-Read all pass1-*.json files from the claudeos-core/generated/ directory and
-merge all domain analysis results into a single unified report.
-
-Merge items:
-
-1. Universal Patterns (shared by 100% of all domains)
-   - Page/routing structure (React Router / TanStack Router / custom)
-   - Component writing conventions (functional, Props types, styling)
-   - Data fetching strategy (TanStack Query, SWR, axios patterns)
-   - State management approach
-   - Error/loading handling patterns
-   - Route guard/protection patterns
-
-2. Majority Patterns (shared by 50%+ of domains)
-   - Specify which domains share them
-
-3. Domain-Specific Patterns (unique to a single domain)
-   - Auth: which domain
-   - Real-time features: which domain
-   - File upload: which domain
-   - i18n: which domain
-
-4. Anti-pattern Summary
-   - Consolidate all inconsistencies found across domains
-   - Classify by severity (CRITICAL / HIGH / MEDIUM / LOW)
-
-5. Naming Conventions Summary
-   - File/directory naming (kebab-case, PascalCase)
-   - Component entry file pattern (index.tsx vs ComponentName.tsx — pick ONE that the project actually uses)
-   - Component export pattern (default export vs named export)
-   - Hook naming (use* prefix)
-   - API function patterns
-
-6. Shared Types/Components List
-   - Common UI components with EXACT import paths
-   - Shared hooks with exact import paths
-   - Utility functions with EXACT import paths
-   - Path aliases used in the project (e.g., `@/` -> `src/`)
-   - Environment variable types
-   - Constants/Enum management
-
-7. Security/Authentication Patterns
-   - Authentication approach (JWT, session, OAuth)
-   - Route protection strategy
-   - CSRF/XSS prevention
-   - Environment variable management (VITE_ convention)
-
-8. Database Patterns
-   - API endpoint conventions
-   - Request/response format
-   - Error response handling
-
-9. Testing Strategy Summary
-   - Test coverage level
-   - Test classification system (unit/component/E2E)
-   - Mocking strategy (MSW, vi.mock)
-   - Storybook usage
-   - Test naming conventions
-
-10. Logging/Monitoring Strategy
-    - Error tracking approach (Sentry, DataDog)
-    - Analytics tools
-    - Performance monitoring
-
-11. Performance Patterns
-    - Code splitting strategy (lazy, Suspense)
-    - Bundle optimization (chunk splitting, tree shaking)
-    - Image optimization
-    - Caching strategy
-
-12. Code Quality Tools
-    - Lint/Format tools (ESLint, Prettier, Biome)
-    - Pre-commit hooks (husky, lint-staged)
-    - TypeScript strict mode
-    - CI integration status
-
-Do not generate code. Merge only.
-Save results to claudeos-core/generated/pass2-merged.json.
+Read all pass1-*.json files from the claudeos-core/generated/ directory and
+merge all domain analysis results into a single unified report.
+
+Merge items:
+
+1. Universal Patterns (shared by 100% of all domains)
+   - Page/routing structure (React Router / TanStack Router / custom)
+   - Component writing conventions (functional, Props types, styling)
+   - Data fetching strategy (TanStack Query, SWR, axios patterns)
+   - State management approach
+   - Error/loading handling patterns
+   - Route guard/protection patterns
+
+2. Majority Patterns (shared by 50%+ of domains)
+   - Specify which domains share them
+
+3. Domain-Specific Patterns (unique to a single domain)
+   - Auth: which domain
+   - Real-time features: which domain
+   - File upload: which domain
+   - i18n: which domain
+
+4. Anti-pattern Summary
+   - Consolidate all inconsistencies found across domains
+   - Classify by severity (CRITICAL / HIGH / MEDIUM / LOW)
+
+5. Naming Conventions Summary
+   - File/directory naming (kebab-case, PascalCase)
+   - Component entry file pattern (index.tsx vs ComponentName.tsx — pick ONE that the project actually uses)
+   - Component export pattern (default export vs named export)
+   - Hook naming (use* prefix)
+   - API function patterns
+
+6. Shared Types/Components List
+   - Common UI components with EXACT import paths
+   - Shared hooks with exact import paths
+   - Utility functions with EXACT import paths
+   - Path aliases used in the project (e.g., `@/` -> `src/`)
+   - Environment variable types
+   - Constants/Enum management
+
+7. Security/Authentication Patterns
+   - Authentication approach (JWT, session, OAuth)
+   - Route protection strategy
+   - CSRF/XSS prevention
+   - Environment variable management (VITE_ convention)
+
+8. Database Patterns
+   - API endpoint conventions
+   - Request/response format
+   - Error response handling
+
+9. Testing Strategy Summary
+   - Test coverage level
+   - Test classification system (unit/component/E2E)
+   - Mocking strategy (MSW, vi.mock)
+   - Storybook usage
+   - Test naming conventions
+
+10. Logging/Monitoring Strategy
+    - Error tracking approach (Sentry, DataDog)
+    - Analytics tools
+    - Performance monitoring
+
+11. Performance Patterns
+    - Code splitting strategy (lazy, Suspense)
+    - Bundle optimization (chunk splitting, tree shaking)
+    - Image optimization
+    - Caching strategy
+
+12. Code Quality Tools
+    - Lint/Format tools (ESLint, Prettier, Biome)
+    - Pre-commit hooks (husky, lint-staged)
+    - TypeScript strict mode
+    - CI integration status
+
+Do not generate code. Merge only.
+Save results to claudeos-core/generated/pass2-merged.json.

package/pass-prompts/templates/node-vite/pass3.md

@@ -18,17 +18,29 @@ ALL code examples in rules and standards MUST use EXACT method names, class name
 and signatures from pass2-merged.json analysis data.
 Do NOT paraphrase, rename, or infer API names.
 
-CRITICAL — CLAUDE.md Reference Table Completeness:
-The reference table in CLAUDE.md MUST list ALL generated standard files.
-
 Generation targets:
 
 1. CLAUDE.md (project root)
-   - Role definition (based on detected stack — Vite + React SPA)
-   - Build & Run Commands (use ONLY the detected packageManager)
-   - Core architecture diagram (client-side SPA, routing, state management)
-   - Directory structure description
-   - Standard/Skills/Guide reference table
+
+   Follow the scaffold EXACTLY:
+   → `pass-prompts/templates/common/claude-md-scaffold.md`
+
+   The scaffold enforces an 8-section deterministic structure:
+   1. Role Definition → 2. Project Overview → 3. Build & Run Commands →
+   4. Core Architecture → 5. Directory Structure → 6. Standard / Rules / Skills Reference →
+   7. DO NOT Read → 8. Common Rules & Memory (L4)
+
+   All section titles, order, and formats are FIXED by the scaffold.
+   Content within each section adapts to this project based on pass2-merged.json.
+   The scaffold's validation checklist MUST pass.
+
+   Stack-specific hints for this project (Vite + React SPA):
+   - Project type for Section 1 PROJECT_CONTEXT: "SPA" 
+     (reflect the actual character, e.g., Back Office / Front Office / Full-stack)
+   - Architecture diagram (Section 4): client-side routing, state management, data flow
+   - Detect multi-entry configs (vite.config.*.ts) and reflect in Section 2 / 4 / 5
+   - Detect codegen tools (orval, openapi-generator) and reflect in Section 5 emphasis
+     (auto-generated directories → "Do Not Modify Manually")
 
 2. claudeos-core/standard/ (active domains only)
    - 00.core/01.project-overview.md — Stack, routing approach, deployment environment
@@ -64,14 +76,19 @@ Generation targets:
      - `00.core/*` rules: `paths: ["**/*"]`
      - `20.frontend/*` rules: `paths: ["**/*"]`
      - `30.security-db/*` rules: `paths: ["**/*"]`
-     - `40.infra/*` rules: `paths: ["**/*.json", "**/*.env*", "**/vite.config.*", "**/Dockerfile*", "**/*.yml", "**/*.yaml"]`
+     - `40.infra/01.environment-config-rules.md` paths: `["**/*.env*", "**/vite.config.*", "**/*.json"]` — env / build config
+     - `40.infra/02.logging-monitoring-rules.md` paths: `["**/*.ts", "**/*.tsx", "**/*.js", "**/*.jsx"]` — source code where logs live
+     - `40.infra/03.cicd-deployment-rules.md` paths: `["**/*.yml", "**/*.yaml", "**/Dockerfile*", "**/*.ts", "**/*.tsx"]` — CI config + source with API origin / codegen references
      - `50.sync/*` rules: `paths: ["**/claudeos-core/**", "**/.claude/**"]`
+     - `60.memory/*` rules: forward reference — Pass 4 will generate 4 files (01.decision-log, 02.failure-patterns, 03.compaction, 04.auto-rule-update), each with file-specific `paths`. Pass 3 must STILL list ```.claude/rules/60.memory/*``` as a row in CLAUDE.md Section 6 Rules table so developers/Claude see the category exists.
    - MUST generate `.claude/rules/00.core/00.standard-reference.md` — directory of all standard files.
 
-4. .claude/rules/50.sync/ (3 sync rules)
-   - 01.standard-sync.md — Remind AI to update corresponding rule when standard is modified
-   - 02.rules-sync.md — Remind AI to update corresponding standard when rules are modified
-   - 03.skills-sync.md — Remind AI to update MANIFEST.md when skills are modified
+4. .claude/rules/50.sync/ (2 sync rules)
+   - 01.doc-sync.md — Bidirectional standard ↔ rules sync reminder (both directions in ONE rule).
+     Do NOT generate a separate 02.rules-sync.md mirror file — redundant.
+     Express the mapping as a naming convention (standard/<N>.<dir>/<M>.<n>.md ↔
+     .claude/rules/<N>.<dir>/<M>.<n>-rules.md), NOT a hardcoded file-to-file table.
+   - 02.skills-sync.md — Remind AI to update MANIFEST.md when skills are modified
 
 5. claudeos-core/skills/ (active domains only)
    - 20.frontend-page/01.scaffold-page-feature.md (orchestrator)

package/pass-prompts/templates/python-django/pass3.md

@@ -28,20 +28,29 @@ Determine from pass2-merged.json which layer (View/ViewSet vs Service) calls
 the response wrapper. This MUST be identical across architecture.md, view-patterns.md,
 response-exception.md, and all rules files. Do NOT describe different response flows in different files.
 
-CRITICAL — CLAUDE.md Reference Table Completeness:
-The reference table in CLAUDE.md MUST list ALL generated standard files, not just core.
-Include all backend-api, security-db, infra, and verification standards.
-Alternatively, add a note directing readers to .claude/rules/00.core/00.standard-reference.md
-for the complete list.
-
 Generation targets:
 
 1. CLAUDE.md (project root)
-   - Role definition (based on detected stack)
-   - Build & Run Commands (pip/poetry, manage.py, gunicorn/uwsgi)
-   - Core architecture diagram
-   - Django app structure
-   - Standard/Skills/Guide reference table
+
+   Follow the scaffold EXACTLY:
+   → `pass-prompts/templates/common/claude-md-scaffold.md`
+
+   The scaffold enforces an 8-section deterministic structure:
+   1. Role Definition → 2. Project Overview → 3. Build & Run Commands →
+   4. Core Architecture → 5. Directory Structure → 6. Standard / Rules / Skills Reference →
+   7. DO NOT Read → 8. Common Rules & Memory (L4)
+
+   All section titles, order, and formats are FIXED by the scaffold.
+   Content within each section adapts to this project based on pass2-merged.json.
+   The scaffold's validation checklist MUST pass.
+
+   Stack-specific hints for this project (Python Django):
+   - Project type for Section 1 PROJECT_CONTEXT: "REST API Server" or "Web Application"
+     (when DRF is used, "DRF-based REST API Server"; when detected, e.g., "Async Task Queue + Cache Layer")
+   - Architecture diagram (Section 4): MTV structure, request flow, app structure
+   - Section 3 commands: pip/poetry, manage.py (migrate/runserver/collectstatic), gunicorn/uwsgi
+   - Django apps: list in Section 2 (count only or the main apps), details in Section 5 tree
+   - Detect Celery/Redis/channels and reflect in Section 2 or Section 4 Absent / Not Adopted
 
 2. claudeos-core/standard/ (active domains only)
    - 00.core/01.project-overview.md — Stack, app list, server info
@@ -80,8 +89,11 @@ Generation targets:
      - `00.core/*` rules: `paths: ["**/*"]` — always loaded (architecture, naming are universally needed)
      - `10.backend/*` rules: `paths: ["**/*"]` — always loaded (backend rules needed for any source editing)
      - `30.security-db/*` rules: `paths: ["**/*"]` — always loaded (cross-cutting concerns)
-     - `40.infra/*` rules: `paths: ["**/*"]` — always loaded (Django settings are .py files, so infra paths cannot be scoped separately)
+     - `40.infra/01.environment-config-rules.md` paths: `["**/.env*", "**/settings*.py", "**/settings/**/*.py", "**/*.toml", "**/*.cfg"]` — env / Django settings
+     - `40.infra/02.logging-monitoring-rules.md` paths: `["**/*.py"]` — source code where logs live
+     - `40.infra/03.cicd-deployment-rules.md` paths: `["**/*.yml", "**/*.yaml", "**/Dockerfile*", "**/*.py"]` — CI / deploy config + source
      - `50.sync/*` rules: `paths: ["**/claudeos-core/**", "**/.claude/**"]` — loaded only when editing claudeos-core files
+     - `60.memory/*` rules: forward reference — Pass 4 will generate 4 files (01.decision-log, 02.failure-patterns, 03.compaction, 04.auto-rule-update), each with file-specific `paths`. Pass 3 must STILL list ```.claude/rules/60.memory/*``` as a row in CLAUDE.md Section 6 Rules table so developers/Claude see the category exists.
    - MUST generate `.claude/rules/00.core/00.standard-reference.md` — a directory of all standard files. This is NOT a "read all" instruction. Claude should Read ONLY the standards relevant to the current task. Structure it as:
      ```
      ---
@@ -96,6 +108,7 @@ Generation targets:
      - claudeos-core/standard/00.core/01.project-overview.md
      - claudeos-core/standard/00.core/02.architecture.md
      - claudeos-core/standard/00.core/03.naming-conventions.md
+     - claudeos-core/standard/00.core/04.doc-writing-guide.md
      ## Backend API
      - claudeos-core/standard/10.backend-api/01.view-patterns.md
      - claudeos-core/standard/10.backend-api/02.serializer-patterns.md
@@ -113,18 +126,16 @@ Generation targets:
      - claudeos-core/standard/40.infra/03.cicd-deployment.md
      - claudeos-core/standard/50.verification/01.development-verification.md
      - claudeos-core/standard/50.verification/02.testing-strategy.md
-     ## DO NOT Read (context waste)
-     - claudeos-core/generated/ — Build metadata. Not for coding reference.
-     - claudeos-core/guide/ — Onboarding/usage guides for humans. Not for coding reference.
-     - claudeos-core/mcp-guide/ — MCP server integration docs. Not for coding reference.
      ```
-     List only the standard files that were actually generated above.
+     List only the standard files that were actually generated above. NOTE: `00.core/04.doc-writing-guide.md` is a FORWARD REFERENCE — Pass 4 will generate it; include it anyway. Do NOT add a "DO NOT Read" section here — that information lives in CLAUDE.md Section 7 (the single source of truth).
 
-4. .claude/rules/50.sync/ (3 sync rules — AI fallback reminders)
+4. .claude/rules/50.sync/ (2 sync rules — AI fallback reminders)
    - NOTE: These rules remind AI to run `npx claudeos-core refresh` after modifying standard/rules/skills files.
-   - 01.standard-sync.md — Remind AI to update corresponding rule when standard is modified
-   - 02.rules-sync.md — Remind AI to update corresponding standard when rules are modified
-   - 03.skills-sync.md — Remind AI to update MANIFEST.md when skills are modified
+   - 01.doc-sync.md — Bidirectional standard ↔ rules sync reminder (both directions in ONE rule).
+     Do NOT generate a separate 02.rules-sync.md mirror file — redundant.
+     Express the mapping as a naming convention (standard/<N>.<dir>/<M>.<n>.md ↔
+     .claude/rules/<N>.<dir>/<M>.<n>-rules.md), NOT a hardcoded file-to-file table.
+   - 02.skills-sync.md — Remind AI to update MANIFEST.md when skills are modified
 
 5. claudeos-core/skills/ (active domains only)
    - 10.backend-crud/01.scaffold-crud-feature.md (orchestrator)

package/pass-prompts/templates/python-fastapi/pass3.md

@@ -28,20 +28,30 @@ Determine from pass2-merged.json which layer (router/endpoint vs service/CRUD) c
 the response wrapper. This MUST be identical across architecture.md, router-endpoint-patterns.md,
 response-exception.md, and all rules files. Do NOT describe different response flows in different files.
 
-CRITICAL — CLAUDE.md Reference Table Completeness:
-The reference table in CLAUDE.md MUST list ALL generated standard files, not just core.
-Include all backend-api, security-db, infra, and verification standards.
-Alternatively, add a note directing readers to .claude/rules/00.core/00.standard-reference.md
-for the complete list.
-
 Generation targets:
 
 1. CLAUDE.md (project root)
-   - Role definition (based on detected stack)
-   - Build & Run Commands (pip/poetry, uvicorn, docker)
-   - Core architecture diagram
-   - Module structure
-   - Standard/Skills/Guide reference table
+
+   Follow the scaffold EXACTLY:
+   → `pass-prompts/templates/common/claude-md-scaffold.md`
+
+   The scaffold enforces an 8-section deterministic structure:
+   1. Role Definition → 2. Project Overview → 3. Build & Run Commands →
+   4. Core Architecture → 5. Directory Structure → 6. Standard / Rules / Skills Reference →
+   7. DO NOT Read → 8. Common Rules & Memory (L4)
+
+   All section titles, order, and formats are FIXED by the scaffold.
+   Content within each section adapts to this project based on pass2-merged.json.
+   The scaffold's validation checklist MUST pass.
+
+   Stack-specific hints for this project (Python FastAPI):
+   - Project type for Section 1 PROJECT_CONTEXT: "Asynchronous REST API Server"
+     (reflect pydantic-schema-based automatic OpenAPI documentation)
+   - Architecture diagram (Section 4): router → dependency → service → repository,
+     async request lifecycle, pydantic validation
+   - Section 3 commands: pip/poetry install, uvicorn dev, docker deployment
+   - Module structure: reflect in Section 5 tree (routers/, models/, schemas/, services/)
+   - Detect Celery/Redis/SQLAlchemy async and reflect in Section 2 or Section 4
 
 2. claudeos-core/standard/ (active domains only)
    - 00.core/01.project-overview.md — Stack, modules, server info
@@ -80,8 +90,11 @@ Generation targets:
      - `00.core/*` rules: `paths: ["**/*"]` — always loaded (architecture, naming are universally needed)
      - `10.backend/*` rules: `paths: ["**/*"]` — always loaded (backend rules needed for any source editing)
      - `30.security-db/*` rules: `paths: ["**/*"]` — always loaded (cross-cutting concerns)
-     - `40.infra/*` rules: `paths: ["**/*.toml", "**/*.env*", "**/config/**", "**/Dockerfile*", "**/*.yml", "**/*.yaml"]` — loaded only for config/infra files
+     - `40.infra/01.environment-config-rules.md` paths: `["**/.env*", "**/config/**", "**/*.toml", "**/*.cfg"]` — env / config files
+     - `40.infra/02.logging-monitoring-rules.md` paths: `["**/*.py"]` — source code where logs live
+     - `40.infra/03.cicd-deployment-rules.md` paths: `["**/*.yml", "**/*.yaml", "**/Dockerfile*", "**/*.py"]` — CI / deploy config + source
      - `50.sync/*` rules: `paths: ["**/claudeos-core/**", "**/.claude/**"]` — loaded only when editing claudeos-core files
+     - `60.memory/*` rules: forward reference — Pass 4 will generate 4 files (01.decision-log, 02.failure-patterns, 03.compaction, 04.auto-rule-update), each with file-specific `paths`. Pass 3 must STILL list ```.claude/rules/60.memory/*``` as a row in CLAUDE.md Section 6 Rules table so developers/Claude see the category exists.
    - MUST generate `.claude/rules/00.core/00.standard-reference.md` — a directory of all standard files. This is NOT a "read all" instruction. Claude should Read ONLY the standards relevant to the current task. Structure it as:
      ```
      ---
@@ -96,6 +109,7 @@ Generation targets:
      - claudeos-core/standard/00.core/01.project-overview.md
      - claudeos-core/standard/00.core/02.architecture.md
      - claudeos-core/standard/00.core/03.naming-conventions.md
+     - claudeos-core/standard/00.core/04.doc-writing-guide.md
      ## Backend API
      - claudeos-core/standard/10.backend-api/01.router-endpoint-patterns.md
      - claudeos-core/standard/10.backend-api/02.schema-pydantic-patterns.md
@@ -113,18 +127,16 @@ Generation targets:
      - claudeos-core/standard/40.infra/03.cicd-deployment.md
      - claudeos-core/standard/50.verification/01.development-verification.md
      - claudeos-core/standard/50.verification/02.testing-strategy.md
-     ## DO NOT Read (context waste)
-     - claudeos-core/generated/ — Build metadata. Not for coding reference.
-     - claudeos-core/guide/ — Onboarding/usage guides for humans. Not for coding reference.
-     - claudeos-core/mcp-guide/ — MCP server integration docs. Not for coding reference.
      ```
-     List only the standard files that were actually generated above.
+     List only the standard files that were actually generated above. NOTE: `00.core/04.doc-writing-guide.md` is a FORWARD REFERENCE — Pass 4 will generate it; include it anyway. Do NOT add a "DO NOT Read" section here — that information lives in CLAUDE.md Section 7 (the single source of truth).
 
-4. .claude/rules/50.sync/ (3 sync rules — AI fallback reminders)
+4. .claude/rules/50.sync/ (2 sync rules — AI fallback reminders)
    - NOTE: These rules remind AI to run `npx claudeos-core refresh` after modifying standard/rules/skills files.
-   - 01.standard-sync.md — Remind AI to update corresponding rule when standard is modified
-   - 02.rules-sync.md — Remind AI to update corresponding standard when rules are modified
-   - 03.skills-sync.md — Remind AI to update MANIFEST.md when skills are modified
+   - 01.doc-sync.md — Bidirectional standard ↔ rules sync reminder (both directions in ONE rule).
+     Do NOT generate a separate 02.rules-sync.md mirror file — redundant.
+     Express the mapping as a naming convention (standard/<N>.<dir>/<M>.<n>.md ↔
+     .claude/rules/<N>.<dir>/<M>.<n>-rules.md), NOT a hardcoded file-to-file table.
+   - 02.skills-sync.md — Remind AI to update MANIFEST.md when skills are modified
 
 5. claudeos-core/skills/ (active domains only)
    - 10.backend-crud/01.scaffold-crud-feature.md (orchestrator)